#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
+#define WINBINDD_CACHE_VERSION 1
+#define WINBINDD_CACHE_VERSION_KEYSTR "WINBINDD_CACHE_VERSION"
+
+extern struct winbindd_methods reconnect_methods;
+extern BOOL opt_nocache;
+#ifdef HAVE_ADS
+extern struct winbindd_methods ads_methods;
+#endif
+
+/*
+ * JRA. KEEP THIS LIST UP TO DATE IF YOU ADD CACHE ENTRIES.
+ * Here are the list of entry types that are *not* stored
+ * as form struct cache_entry in the cache.
+ */
+
+static const char *non_centry_keys[] = {
+ "SEQNUM/",
+ "DR/",
+ "DE/",
+ "WINBINDD_OFFLINE",
+ WINBINDD_CACHE_VERSION_KEYSTR,
+ NULL
+};
+
+/************************************************************************
+ Is this key a non-centry type ?
+************************************************************************/
+
+static BOOL is_non_centry_key(TDB_DATA kbuf)
+{
+ int i;
+
+ if (kbuf.dptr == NULL || kbuf.dsize == 0) {
+ return False;
+ }
+ for (i = 0; non_centry_keys[i] != NULL; i++) {
+ size_t namelen = strlen(non_centry_keys[i]);
+ if (kbuf.dsize <= namelen) {
+ continue;
+ }
+ if (strncmp(non_centry_keys[i], (const char *)kbuf.dptr, namelen) == 0) {
+ return True;
+ }
+ }
+ return False;
+}
+
/* Global online/offline state - False when online. winbindd starts up online
and sets this to true if the first query fails and there's an entry in
the cache tdb telling us to stay offline. */
uint32 len, ofs;
};
+void (*smb_panic_fn)(const char *const why) = smb_panic;
+
#define WINBINDD_MAX_CACHE_SIZE (50*1024*1024)
static struct winbind_cache *wcache;
return;
}
- if (fstat(wcache->tdb->fd, &st) == -1) {
+ if (fstat(tdb_fd(wcache->tdb), &st) == -1) {
DEBUG(0, ("Unable to check size of tdb cache %s!\n", strerror(errno) ));
return;
}
struct winbindd_domain *our_domain = domain;
#endif
- /* we have to know what type of domain we are dealing with first */
+ /* We have to know what type of domain we are dealing with first. */
- if ( !domain->initialized )
- set_dc_type_and_flags( domain );
+ if ( !domain->initialized ) {
+ init_dc_connection( domain );
+ }
/*
OK. listen up becasue I'm only going to say this once.
*/
if (!domain->backend) {
- extern struct winbindd_methods reconnect_methods;
#ifdef HAVE_ADS
- extern struct winbindd_methods ads_methods;
-
/* find our domain first so we can figure out if we
are joined to a kerberized domain */
free(centry);
}
+static BOOL centry_check_bytes(struct cache_entry *centry, size_t nbytes)
+{
+ if (centry->len - centry->ofs < nbytes) {
+ DEBUG(0,("centry corruption? needed %u bytes, have %d\n",
+ (unsigned int)nbytes,
+ centry->len - centry->ofs));
+ return False;
+ }
+ return True;
+}
+
/*
pull a uint32 from a cache entry
*/
static uint32 centry_uint32(struct cache_entry *centry)
{
uint32 ret;
- if (centry->len - centry->ofs < 4) {
- DEBUG(0,("centry corruption? needed 4 bytes, have %d\n",
- centry->len - centry->ofs));
- smb_panic("centry_uint32");
+
+ if (centry_check_bytes(centry, 4)) {
+ smb_panic_fn("centry_uint32");
+ return (uint32)-1;
}
ret = IVAL(centry->data, centry->ofs);
centry->ofs += 4;
static uint16 centry_uint16(struct cache_entry *centry)
{
uint16 ret;
- if (centry->len - centry->ofs < 2) {
- DEBUG(0,("centry corruption? needed 2 bytes, have %d\n",
- centry->len - centry->ofs));
- smb_panic("centry_uint16");
+ if (centry_check_bytes(centry, 2)) {
+ smb_panic_fn("centry_uint16");
+ return (uint16)-1;
}
ret = CVAL(centry->data, centry->ofs);
centry->ofs += 2;
static uint8 centry_uint8(struct cache_entry *centry)
{
uint8 ret;
- if (centry->len - centry->ofs < 1) {
- DEBUG(0,("centry corruption? needed 1 bytes, have %d\n",
- centry->len - centry->ofs));
- smb_panic("centry_uint32");
+ if (centry_check_bytes(centry, 1)) {
+ smb_panic_fn("centry_uint8");
+ return (uint8)-1;
}
ret = CVAL(centry->data, centry->ofs);
centry->ofs += 1;
static NTTIME centry_nttime(struct cache_entry *centry)
{
NTTIME ret;
- if (centry->len - centry->ofs < 8) {
- DEBUG(0,("centry corruption? needed 8 bytes, have %d\n",
- centry->len - centry->ofs));
- smb_panic("centry_nttime");
+ if (centry_check_bytes(centry, 8)) {
+ smb_panic_fn("centry_nttime");
+ return (NTTIME)-1;
}
- ret.low = IVAL(centry->data, centry->ofs);
+ ret = IVAL(centry->data, centry->ofs);
centry->ofs += 4;
- ret.high = IVAL(centry->data, centry->ofs);
+ ret += (uint64_t)IVAL(centry->data, centry->ofs) << 32;
centry->ofs += 4;
return ret;
}
/*
- pull a time_t from a cache entry
+ pull a time_t from a cache entry. time_t stored portably as a 64-bit time.
*/
static time_t centry_time(struct cache_entry *centry)
{
- time_t ret;
- if (centry->len - centry->ofs < sizeof(time_t)) {
- DEBUG(0,("centry corruption? needed %u bytes, have %u\n",
- (unsigned int)sizeof(time_t), (unsigned int)(centry->len - centry->ofs)));
- smb_panic("centry_time");
- }
- ret = IVAL(centry->data, centry->ofs); /* FIXME: correct ? */
- centry->ofs += sizeof(time_t);
- return ret;
+ return (time_t)centry_nttime(centry);
}
/* pull a string from a cache entry, using the supplied
return NULL;
}
- if (centry->len - centry->ofs < len) {
- DEBUG(0,("centry corruption? needed %d bytes, have %d\n",
- len, centry->len - centry->ofs));
- smb_panic("centry_string");
+ if (centry_check_bytes(centry, (size_t)len)) {
+ smb_panic_fn("centry_string");
+ return NULL;
}
- ret = TALLOC(mem_ctx, len+1);
+ ret = TALLOC_ARRAY(mem_ctx, char, len+1);
if (!ret) {
- smb_panic("centry_string out of memory\n");
+ smb_panic_fn("centry_string out of memory\n");
+ return NULL;
}
memcpy(ret,centry->data + centry->ofs, len);
ret[len] = 0;
return ret;
}
-/* pull a string from a cache entry, using the supplied
+/* pull a hash16 from a cache entry, using the supplied
+ talloc context
+*/
+static char *centry_hash16(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
+{
+ uint32 len;
+ char *ret;
+
+ len = centry_uint8(centry);
+
+ if (len != 16) {
+ DEBUG(0,("centry corruption? hash len (%u) != 16\n",
+ len ));
+ return NULL;
+ }
+
+ if (centry_check_bytes(centry, 16)) {
+ return NULL;
+ }
+
+ ret = TALLOC_ARRAY(mem_ctx, char, 16);
+ if (!ret) {
+ smb_panic_fn("centry_hash out of memory\n");
+ return NULL;
+ }
+ memcpy(ret,centry->data + centry->ofs, 16);
+ centry->ofs += 16;
+ return ret;
+}
+
+/* pull a sid from a cache entry, using the supplied
talloc context
*/
static BOOL centry_sid(struct cache_entry *centry, TALLOC_CTX *mem_ctx, DOM_SID *sid)
static NTSTATUS store_cache_seqnum( struct winbindd_domain *domain )
{
- TDB_DATA data, key;
+ TDB_DATA data;
fstring key_str;
- char buf[8];
+ uint8 buf[8];
if (!wcache->tdb) {
DEBUG(10,("store_cache_seqnum: tdb == NULL\n"));
}
fstr_sprintf( key_str, "SEQNUM/%s", domain->name );
- key.dptr = key_str;
- key.dsize = strlen(key_str)+1;
SIVAL(buf, 0, domain->sequence_number);
SIVAL(buf, 4, domain->last_seq_check);
data.dptr = buf;
data.dsize = 8;
- if ( tdb_store( wcache->tdb, key, data, TDB_REPLACE) == -1 ) {
+ if ( tdb_store_bystring( wcache->tdb, key_str, data, TDB_REPLACE) == -1 ) {
DEBUG(10,("store_cache_seqnum: tdb_store fail key [%s]\n", key_str ));
return NT_STATUS_UNSUCCESSFUL;
}
status = domain->backend->sequence_number(domain, &domain->sequence_number);
+ /* the above call could have set our domain->backend to NULL when
+ * coming from offline to online mode, make sure to reinitialize the
+ * backend - Guenther */
+ get_cache( domain );
+
if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10,("refresh_sequence_number: failed with %s\n", nt_errstr(status)));
domain->sequence_number = DOM_SEQUENCE_NONE;
}
return False;
}
- /* when the domain is offline and we havent checked in the last 30
- * seconds if it has become online again, return the cached entry.
+ /* when the domain is offline return the cached entry.
* This deals with transient offline states... */
- if (!domain->online &&
- !NT_STATUS_IS_OK(check_negative_conn_cache(domain->name, domain->dcname))) {
+ if (!domain->online) {
DEBUG(10,("centry_expired: Key %s for domain %s valid as domain is offline.\n",
keystr, domain->name ));
return False;
struct cache_entry *centry;
TDB_DATA key;
- key.dptr = kstr;
- key.dsize = strlen(kstr);
+ key = string_tdb_data(kstr);
data = tdb_fetch(wcache->tdb, key);
if (!data.dptr) {
/* a cache miss */
char *kstr;
struct cache_entry *centry;
- extern BOOL opt_nocache;
-
if (opt_nocache) {
return NULL;
}
return centry;
}
+static void wcache_delete(const char *format, ...) PRINTF_ATTRIBUTE(1,2);
+static void wcache_delete(const char *format, ...)
+{
+ va_list ap;
+ char *kstr;
+ TDB_DATA key;
+
+ va_start(ap, format);
+ smb_xvasprintf(&kstr, format, ap);
+ va_end(ap);
+
+ key = string_tdb_data(kstr);
+
+ tdb_delete(wcache->tdb, key);
+ free(kstr);
+}
+
/*
make sure we have at least len bytes available in a centry
*/
if (centry->len - centry->ofs >= len)
return;
centry->len *= 2;
- centry->data = SMB_REALLOC(centry->data, centry->len);
+ centry->data = SMB_REALLOC_ARRAY(centry->data, unsigned char,
+ centry->len);
if (!centry->data) {
DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len));
- smb_panic("out of memory in centry_expand");
+ smb_panic_fn("out of memory in centry_expand");
}
}
centry->ofs += len;
}
+/*
+ push a 16 byte hash into a centry - treat as 16 byte string.
+ */
+static void centry_put_hash16(struct cache_entry *centry, const uint8 val[16])
+{
+ centry_put_uint8(centry, 16);
+ centry_expand(centry, 16);
+ memcpy(centry->data + centry->ofs, val, 16);
+ centry->ofs += 16;
+}
+
static void centry_put_sid(struct cache_entry *centry, const DOM_SID *sid)
{
fstring sid_string;
static void centry_put_nttime(struct cache_entry *centry, NTTIME nt)
{
centry_expand(centry, 8);
- SIVAL(centry->data, centry->ofs, nt.low);
+ SIVAL(centry->data, centry->ofs, nt & 0xFFFFFFFF);
centry->ofs += 4;
- SIVAL(centry->data, centry->ofs, nt.high);
+ SIVAL(centry->data, centry->ofs, nt >> 32);
centry->ofs += 4;
}
/*
- push a time_t into a centry
+ push a time_t into a centry - use a 64 bit size.
+ NTTIME here is being used as a convenient 64-bit size.
*/
static void centry_put_time(struct cache_entry *centry, time_t t)
{
- centry_expand(centry, sizeof(time_t));
- SIVAL(centry->data, centry->ofs, t); /* FIXME: is this correct ?? */
- centry->ofs += sizeof(time_t);
+ NTTIME nt = (NTTIME)t;
+ return centry_put_nttime(centry, nt);
}
/*
smb_xvasprintf(&kstr, format, ap);
va_end(ap);
- key.dptr = kstr;
- key.dsize = strlen(kstr);
- data.dptr = (char *)centry->data;
+ key = string_tdb_data(kstr);
+ data.dptr = centry->data;
data.dsize = centry->ofs;
tdb_store(wcache->tdb, key, data, TDB_REPLACE);
static void wcache_save_name_to_sid(struct winbindd_domain *domain,
NTSTATUS status, const char *domain_name,
const char *name, const DOM_SID *sid,
- enum SID_NAME_USE type)
+ enum lsa_SidType type)
{
struct cache_entry *centry;
fstring uname;
}
static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS status,
- const DOM_SID *sid, const char *domain_name, const char *name, enum SID_NAME_USE type)
+ const DOM_SID *sid, const char *domain_name, const char *name, enum lsa_SidType type)
{
struct cache_entry *centry;
fstring sid_string;
+ if (is_null_sid(sid)) {
+ return;
+ }
+
centry = centry_start(domain, status);
if (!centry)
return;
struct cache_entry *centry;
fstring sid_string;
+ if (is_null_sid(&info->user_sid)) {
+ return;
+ }
+
centry = centry_start(domain, status);
if (!centry)
return;
centry_put_string(centry, info->full_name);
centry_put_string(centry, info->homedir);
centry_put_string(centry, info->shell);
+ centry_put_uint32(centry, info->primary_gid);
centry_put_sid(centry, &info->user_sid);
centry_put_sid(centry, &info->group_sid);
centry_end(centry, "U/%s", sid_to_string(sid_string, &info->user_sid));
}
static void wcache_save_password_policy(struct winbindd_domain *domain, NTSTATUS status, SAM_UNK_INFO_1 *policy)
-{
+ {
struct cache_entry *centry;
centry = centry_start(domain, status);
fstr_sprintf(key_str, "CRED/%s", sid_string_static(sid));
- data = tdb_fetch(cache->tdb, make_tdb_data(key_str, strlen(key_str)));
+ data = tdb_fetch(cache->tdb, string_tdb_data(key_str));
if (!data.dptr) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
return NT_STATUS_OK;
}
-/* Lookup creds for a SID */
+/* Lookup creds for a SID - copes with old (unsalted) creds as well
+ as new salted ones. */
+
NTSTATUS wcache_get_creds(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
const DOM_SID *sid,
- const uint8 **cached_nt_pass)
+ const uint8 **cached_nt_pass,
+ const uint8 **cached_salt)
{
struct winbind_cache *cache = get_cache(domain);
struct cache_entry *centry = NULL;
return NT_STATUS_INVALID_SID;
}
+ /* Try and get a salted cred first. If we can't
+ fall back to an unsalted cred. */
+
centry = wcache_fetch(cache, domain, "CRED/%s", sid_string_static(sid));
-
if (!centry) {
DEBUG(10,("wcache_get_creds: entry for [CRED/%s] not found\n",
- sid_string_static(sid)));
+ sid_string_static(sid)));
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
t = centry_time(centry);
- *cached_nt_pass = (const uint8 *)centry_string(centry, mem_ctx);
+
+ /* In the salted case this isn't actually the nt_hash itself,
+ but the MD5 of the salt + nt_hash. Let the caller
+ sort this out. It can tell as we only return the cached_salt
+ if we are returning a salted cred. */
+
+ *cached_nt_pass = (const uint8 *)centry_hash16(centry, mem_ctx);
+ if (*cached_nt_pass == NULL) {
+ const char *sidstr = sid_string_static(sid);
+
+ /* Bad (old) cred cache. Delete and pretend we
+ don't have it. */
+ DEBUG(0,("wcache_get_creds: bad entry for [CRED/%s] - deleting\n",
+ sidstr));
+ wcache_delete("CRED/%s", sidstr);
+ centry_free(centry);
+ return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ }
+
+ /* We only have 17 bytes more data in the salted cred case. */
+ if (centry->len - centry->ofs == 17) {
+ *cached_salt = (const uint8 *)centry_hash16(centry, mem_ctx);
+ } else {
+ *cached_salt = NULL;
+ }
#if DEBUG_PASSWORD
- dump_data(100, (const char *)cached_nt_pass, NT_HASH_LEN);
+ dump_data(100, *cached_nt_pass, NT_HASH_LEN);
+ if (*cached_salt) {
+ dump_data(100, *cached_salt, NT_HASH_LEN);
+ }
#endif
status = centry->status;
return status;
}
+/* Store creds for a SID - only writes out new salted ones. */
+
NTSTATUS wcache_save_creds(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
const DOM_SID *sid,
struct cache_entry *centry;
fstring sid_string;
uint32 rid;
+ uint8 cred_salt[NT_HASH_LEN];
+ uint8 salted_hash[NT_HASH_LEN];
if (is_null_sid(sid)) {
return NT_STATUS_INVALID_SID;
}
#if DEBUG_PASSWORD
- dump_data(100, (const char *)nt_pass, NT_HASH_LEN);
+ dump_data(100, nt_pass, NT_HASH_LEN);
#endif
centry_put_time(centry, time(NULL));
- centry_put_string(centry, (const char *)nt_pass);
+
+ /* Create a salt and then salt the hash. */
+ generate_random_buffer(cred_salt, NT_HASH_LEN);
+ E_md5hash(cred_salt, nt_pass, salted_hash);
+
+ centry_put_hash16(centry, salted_hash);
+ centry_put_hash16(centry, cred_salt);
centry_end(centry, "CRED/%s", sid_to_string(sid_string, sid));
DEBUG(10,("wcache_save_creds: %s\n", sid_string));
goto do_cached;
(*info) = TALLOC_ARRAY(mem_ctx, WINBIND_USERINFO, *num_entries);
- if (! (*info))
- smb_panic("query_user_list out of memory");
+ if (! (*info)) {
+ smb_panic_fn("query_user_list out of memory");
+ centry_free(centry);
+ return NT_STATUS_NO_MEMORY;
+ }
for (i=0; i<(*num_entries); i++) {
(*info)[i].acct_name = centry_string(centry, mem_ctx);
(*info)[i].full_name = centry_string(centry, mem_ctx);
centry_put_string(centry, (*info)[i].shell);
centry_put_sid(centry, &(*info)[i].user_sid);
centry_put_sid(centry, &(*info)[i].group_sid);
- if (domain->backend->consistent) {
+ if (domain->backend && domain->backend->consistent) {
/* when the backend is consistent we can pre-prime some mappings */
wcache_save_name_to_sid(domain, NT_STATUS_OK,
domain->name,
goto do_cached;
(*info) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_entries);
- if (! (*info))
- smb_panic("enum_dom_groups out of memory");
+ if (! (*info)) {
+ smb_panic_fn("enum_dom_groups out of memory");
+ centry_free(centry);
+ return NT_STATUS_NO_MEMORY;
+ }
for (i=0; i<(*num_entries); i++) {
fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
goto do_cached;
(*info) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_entries);
- if (! (*info))
- smb_panic("enum_dom_groups out of memory");
+ if (! (*info)) {
+ smb_panic_fn("enum_dom_groups out of memory");
+ centry_free(centry);
+ return NT_STATUS_NO_MEMORY;
+ }
for (i=0; i<(*num_entries); i++) {
fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
const char *domain_name,
const char *name,
DOM_SID *sid,
- enum SID_NAME_USE *type)
+ enum lsa_SidType *type)
{
struct winbind_cache *cache = get_cache(domain);
struct cache_entry *centry = NULL;
centry = wcache_fetch(cache, domain, "NS/%s/%s", domain_name, uname);
if (!centry)
goto do_query;
- *type = (enum SID_NAME_USE)centry_uint32(centry);
+ *type = (enum lsa_SidType)centry_uint32(centry);
status = centry->status;
if (NT_STATUS_IS_OK(status)) {
centry_sid(centry, mem_ctx, sid);
status = domain->backend->name_to_sid(domain, mem_ctx, domain_name, name, sid, type);
/* and save it */
- if (domain->online || !is_null_sid(sid)) {
+ refresh_sequence_number(domain, False);
+
+ if (domain->online && !is_null_sid(sid)) {
wcache_save_name_to_sid(domain, status, domain_name, name, sid, *type);
}
const DOM_SID *sid,
char **domain_name,
char **name,
- enum SID_NAME_USE *type)
+ enum lsa_SidType *type)
{
struct winbind_cache *cache = get_cache(domain);
struct cache_entry *centry = NULL;
if (!centry)
goto do_query;
if (NT_STATUS_IS_OK(centry->status)) {
- *type = (enum SID_NAME_USE)centry_uint32(centry);
+ *type = (enum lsa_SidType)centry_uint32(centry);
*domain_name = centry_string(centry, mem_ctx);
*name = centry_string(centry, mem_ctx);
}
return status;
}
+static NTSTATUS rids_to_names(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ const DOM_SID *domain_sid,
+ uint32 *rids,
+ size_t num_rids,
+ char **domain_name,
+ char ***names,
+ enum lsa_SidType **types)
+{
+ struct winbind_cache *cache = get_cache(domain);
+ size_t i;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ BOOL have_mapped;
+ BOOL have_unmapped;
+
+ *domain_name = NULL;
+ *names = NULL;
+ *types = NULL;
+
+ if (!cache->tdb) {
+ goto do_query;
+ }
+
+ if (num_rids == 0) {
+ return NT_STATUS_OK;
+ }
+
+ *names = TALLOC_ARRAY(mem_ctx, char *, num_rids);
+ *types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_rids);
+
+ if ((*names == NULL) || (*types == NULL)) {
+ result = NT_STATUS_NO_MEMORY;
+ goto error;
+ }
+
+ have_mapped = have_unmapped = False;
+
+ for (i=0; i<num_rids; i++) {
+ DOM_SID sid;
+ struct cache_entry *centry;
+
+ if (!sid_compose(&sid, domain_sid, rids[i])) {
+ result = NT_STATUS_INTERNAL_ERROR;
+ goto error;
+ }
+
+ centry = wcache_fetch(cache, domain, "SN/%s",
+ sid_string_static(&sid));
+ if (!centry) {
+ goto do_query;
+ }
+
+ (*types)[i] = SID_NAME_UNKNOWN;
+ (*names)[i] = talloc_strdup(*names, "");
+
+ if (NT_STATUS_IS_OK(centry->status)) {
+ char *dom;
+ have_mapped = True;
+ (*types)[i] = (enum lsa_SidType)centry_uint32(centry);
+ dom = centry_string(centry, mem_ctx);
+ if (*domain_name == NULL) {
+ *domain_name = dom;
+ } else {
+ talloc_free(dom);
+ }
+ (*names)[i] = centry_string(centry, *names);
+ } else {
+ have_unmapped = True;
+ }
+
+ centry_free(centry);
+ }
+
+ if (!have_mapped) {
+ return NT_STATUS_NONE_MAPPED;
+ }
+ if (!have_unmapped) {
+ return NT_STATUS_OK;
+ }
+ return STATUS_SOME_UNMAPPED;
+
+ do_query:
+
+ TALLOC_FREE(*names);
+ TALLOC_FREE(*types);
+
+ result = domain->backend->rids_to_names(domain, mem_ctx, domain_sid,
+ rids, num_rids, domain_name,
+ names, types);
+
+ if (!NT_STATUS_IS_OK(result) &&
+ !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
+ return result;
+ }
+
+ refresh_sequence_number(domain, False);
+
+ for (i=0; i<num_rids; i++) {
+ DOM_SID sid;
+ NTSTATUS status;
+
+ if (!sid_compose(&sid, domain_sid, rids[i])) {
+ result = NT_STATUS_INTERNAL_ERROR;
+ goto error;
+ }
+
+ status = (*types)[i] == SID_NAME_UNKNOWN ?
+ NT_STATUS_NONE_MAPPED : NT_STATUS_OK;
+
+ wcache_save_sid_to_name(domain, status, &sid, *domain_name,
+ (*names)[i], (*types)[i]);
+ }
+
+ return result;
+
+ error:
+
+ TALLOC_FREE(*names);
+ TALLOC_FREE(*types);
+ return result;
+}
+
/* Lookup user information from a rid */
static NTSTATUS query_user(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
info->full_name = centry_string(centry, mem_ctx);
info->homedir = centry_string(centry, mem_ctx);
info->shell = centry_string(centry, mem_ctx);
+ info->primary_gid = centry_uint32(centry);
centry_sid(centry, mem_ctx, &info->user_sid);
centry_sid(centry, mem_ctx, &info->group_sid);
status = centry->status;
if (!NT_STATUS_IS_OK(domain->last_status))
return domain->last_status;
- DEBUG(10,("sid_to_name: [Cached] - doing backend query for info for domain %s\n",
+ DEBUG(10,("query_user: [Cached] - doing backend query for info for domain %s\n",
domain->name ));
status = domain->backend->query_user(domain, mem_ctx, user_sid, info);
goto do_cached;
(*user_gids) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_groups);
- if (! (*user_gids))
- smb_panic("lookup_usergroups out of memory");
+ if (! (*user_gids)) {
+ smb_panic_fn("lookup_usergroups out of memory");
+ centry_free(centry);
+ return NT_STATUS_NO_MEMORY;
+ }
for (i=0; i<(*num_groups); i++) {
centry_sid(centry, mem_ctx, &(*user_gids)[i]);
}
(*name_types) = TALLOC_ARRAY(mem_ctx, uint32, *num_names);
if (! (*sid_mem) || ! (*names) || ! (*name_types)) {
- smb_panic("lookup_groupmem out of memory");
+ smb_panic_fn("lookup_groupmem out of memory");
+ centry_free(centry);
+ return NT_STATUS_NO_MEMORY;
}
for (i=0; i<(*num_names); i++) {
(*dom_sids) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_domains);
if (! (*dom_sids) || ! (*names) || ! (*alt_names)) {
- smb_panic("trusted_domains out of memory");
+ smb_panic_fn("trusted_domains out of memory");
+ centry_free(centry);
+ return NT_STATUS_NO_MEMORY;
}
for (i=0; i<(*num_domains); i++) {
static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
void *state)
{
- if (strncmp(kbuf.dptr, "UL/", 3) == 0 ||
- strncmp(kbuf.dptr, "GL/", 3) == 0)
+ if (strncmp((const char *)kbuf.dptr, "UL/", 3) == 0 ||
+ strncmp((const char *)kbuf.dptr, "GL/", 3) == 0)
tdb_delete(the_tdb, kbuf);
return 0;
return True;
}
+/************************************************************************
+ This is called by the parent to initialize the cache file.
+ We don't need sophisticated locking here as we know we're the
+ only opener.
+************************************************************************/
+
+BOOL initialize_winbindd_cache(void)
+{
+ BOOL cache_bad = True;
+ uint32 vers;
+
+ if (!init_wcache()) {
+ DEBUG(0,("initialize_winbindd_cache: init_wcache failed.\n"));
+ return False;
+ }
+
+ /* Check version number. */
+ if (tdb_fetch_uint32(wcache->tdb, WINBINDD_CACHE_VERSION_KEYSTR, &vers) &&
+ vers == WINBINDD_CACHE_VERSION) {
+ cache_bad = False;
+ }
+
+ if (cache_bad) {
+ DEBUG(0,("initialize_winbindd_cache: clearing cache "
+ "and re-creating with version number %d\n",
+ WINBINDD_CACHE_VERSION ));
+
+ tdb_close(wcache->tdb);
+ wcache->tdb = NULL;
+
+ if (unlink(lock_path("winbindd_cache.tdb")) == -1) {
+ DEBUG(0,("initialize_winbindd_cache: unlink %s failed %s ",
+ lock_path("winbindd_cache.tdb"),
+ strerror(errno) ));
+ return False;
+ }
+ if (!init_wcache()) {
+ DEBUG(0,("initialize_winbindd_cache: re-initialization "
+ "init_wcache failed.\n"));
+ return False;
+ }
+
+ /* Write the version. */
+ if (!tdb_store_uint32(wcache->tdb, WINBINDD_CACHE_VERSION_KEYSTR, WINBINDD_CACHE_VERSION)) {
+ DEBUG(0,("initialize_winbindd_cache: version number store failed %s\n",
+ tdb_errorstr(wcache->tdb) ));
+ return False;
+ }
+ }
+
+ tdb_close(wcache->tdb);
+ wcache->tdb = NULL;
+ return True;
+}
+
void cache_store_response(pid_t pid, struct winbindd_response *response)
{
fstring key_str;
fstr_sprintf(key_str, "DR/%d", pid);
if (tdb_store(wcache->tdb, string_tdb_data(key_str),
- make_tdb_data((void *)response, sizeof(*response)),
+ make_tdb_data((uint8 *)response, sizeof(*response)),
TDB_REPLACE) == -1)
return;
return False;
}
- dump_data(11, data.dptr, data.dsize);
+ dump_data(11, (uint8 *)data.dptr, data.dsize);
response->extra_data.data = data.dptr;
return True;
BOOL lookup_cached_sid(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
const char **domain_name, const char **name,
- enum SID_NAME_USE *type)
+ enum lsa_SidType *type)
{
struct winbindd_domain *domain;
struct winbind_cache *cache;
}
if (NT_STATUS_IS_OK(centry->status)) {
- *type = (enum SID_NAME_USE)centry_uint32(centry);
+ *type = (enum lsa_SidType)centry_uint32(centry);
*domain_name = centry_string(centry, mem_ctx);
*name = centry_string(centry, mem_ctx);
}
const char *domain_name,
const char *name,
DOM_SID *sid,
- enum SID_NAME_USE *type)
+ enum lsa_SidType *type)
{
struct winbindd_domain *domain;
struct winbind_cache *cache;
}
if (NT_STATUS_IS_OK(centry->status)) {
- *type = (enum SID_NAME_USE)centry_uint32(centry);
+ *type = (enum lsa_SidType)centry_uint32(centry);
centry_sid(centry, mem_ctx, sid);
}
void cache_name2sid(struct winbindd_domain *domain,
const char *domain_name, const char *name,
- enum SID_NAME_USE type, const DOM_SID *sid)
+ enum lsa_SidType type, const DOM_SID *sid)
{
+ refresh_sequence_number(domain, False);
wcache_save_name_to_sid(domain, NT_STATUS_OK, domain_name, name,
sid, type);
}
-/* delete all centries that don't have NT_STATUS_OK set */
+/*
+ * The original idea that this cache only contains centries has
+ * been blurred - now other stuff gets put in here. Ensure we
+ * ignore these things on cleanup.
+ */
+
static int traverse_fn_cleanup(TDB_CONTEXT *the_tdb, TDB_DATA kbuf,
TDB_DATA dbuf, void *state)
{
struct cache_entry *centry;
- centry = wcache_fetch_raw(kbuf.dptr);
+ if (is_non_centry_key(kbuf)) {
+ return 0;
+ }
+
+ centry = wcache_fetch_raw((char *)kbuf.dptr);
if (!centry) {
return 0;
}
if (!NT_STATUS_IS_OK(centry->status)) {
- DEBUG(10,("deleting centry %s\n", kbuf.dptr));
+ DEBUG(10,("deleting centry %s\n", (const char *)kbuf.dptr));
tdb_delete(the_tdb, kbuf);
}
/* flush the cache */
void wcache_flush_cache(void)
{
- extern BOOL opt_nocache;
-
if (!wcache)
return;
if (wcache->tdb) {
{
int *cred_count = (int*)state;
- if (strncmp(kbuf.dptr, "CRED/", 5) == 0) {
+ if (strncmp((const char *)kbuf.dptr, "CRED/", 5) == 0) {
(*cred_count)++;
}
return 0;
{
struct cred_list *cred;
- if (strncmp(kbuf.dptr, "CRED/", 5) == 0) {
+ if (strncmp((const char *)kbuf.dptr, "CRED/", 5) == 0) {
cred = SMB_MALLOC_P(struct cred_list);
if (cred == NULL) {
/* save a copy of the key */
- fstrcpy(cred->name, kbuf.dptr);
+ fstrcpy(cred->name, (const char *)kbuf.dptr);
DLIST_ADD(wcache_cred_list, cred);
}
TDB_DATA data;
time_t t;
- data = tdb_fetch(cache->tdb, make_tdb_data(cred->name, strlen(cred->name)));
+ data = tdb_fetch(cache->tdb, string_tdb_data(cred->name));
if (!data.dptr) {
DEBUG(10,("wcache_remove_oldest_cached_creds: entry for [%s] not found\n",
cred->name));
BOOL set_global_winbindd_state_offline(void)
{
TDB_DATA data;
- int err;
DEBUG(10,("set_global_winbindd_state_offline: offline requested.\n"));
return True;
}
- wcache->tdb->ecode = 0;
-
data = tdb_fetch_bystring( wcache->tdb, "WINBINDD_OFFLINE" );
- /* As this is a key with no data we don't need to free, we
- check for existence by looking at tdb_err. */
-
- err = tdb_error(wcache->tdb);
-
- if (err == TDB_ERR_NOEXIST) {
+ if (!data.dptr || data.dsize != 4) {
DEBUG(10,("set_global_winbindd_state_offline: offline state not set.\n"));
+ SAFE_FREE(data.dptr);
return False;
} else {
DEBUG(10,("set_global_winbindd_state_offline: offline state set.\n"));
global_winbindd_offline_state = True;
+ SAFE_FREE(data.dptr);
return True;
}
}
tdb_delete_bystring(wcache->tdb, "WINBINDD_OFFLINE");
}
-BOOL get_global_winbindd_state_online(void)
+BOOL get_global_winbindd_state_offline(void)
{
return global_winbindd_offline_state;
}
+/***********************************************************************
+ Validate functions for all possible cache tdb keys.
+***********************************************************************/
+
+static BOOL bad_cache_entry;
+
+static struct cache_entry *create_centry_validate(const char *kstr, TDB_DATA data)
+{
+ struct cache_entry *centry;
+
+ centry = SMB_XMALLOC_P(struct cache_entry);
+ centry->data = (unsigned char *)memdup(data.dptr, data.dsize);
+ if (!centry->data) {
+ SAFE_FREE(centry);
+ return NULL;
+ }
+ centry->len = data.dsize;
+ centry->ofs = 0;
+
+ if (centry->len < 8) {
+ /* huh? corrupt cache? */
+ DEBUG(0,("validate_create_centry: Corrupt cache for key %s (len < 8) ?\n", kstr));
+ centry_free(centry);
+ bad_cache_entry = True;
+ return NULL;
+ }
+
+ centry->status = NT_STATUS(centry_uint32(centry));
+ centry->sequence_number = centry_uint32(centry);
+ return centry;
+}
+
+static int validate_seqnum(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf)
+{
+ if (dbuf.dsize != 8) {
+ DEBUG(0,("validate_seqnum: Corrupt cache for key %s (len %u != 8) ?\n",
+ keystr, (unsigned int)dbuf.dsize ));
+ bad_cache_entry = True;
+ return 1;
+ }
+ return 0;
+}
+
+static int validate_ns(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf)
+{
+ struct cache_entry *centry = create_centry_validate(keystr, dbuf);
+ if (!centry) {
+ return 1;
+ }
+
+ (void)centry_uint32(centry);
+ if (NT_STATUS_IS_OK(centry->status)) {
+ DOM_SID sid;
+ (void)centry_sid(centry, mem_ctx, &sid);
+ }
+
+ centry_free(centry);
+
+ if (bad_cache_entry) {
+ return 1;
+ }
+ DEBUG(10,("validate_ns: %s ok\n", keystr));
+ return 0;
+}
+
+static int validate_sn(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf)
+{
+ struct cache_entry *centry = create_centry_validate(keystr, dbuf);
+ if (!centry) {
+ return 1;
+ }
+
+ if (NT_STATUS_IS_OK(centry->status)) {
+ (void)centry_uint32(centry);
+ (void)centry_string(centry, mem_ctx);
+ (void)centry_string(centry, mem_ctx);
+ }
+
+ centry_free(centry);
+
+ if (bad_cache_entry) {
+ return 1;
+ }
+ DEBUG(10,("validate_sn: %s ok\n", keystr));
+ return 0;
+}
+
+static int validate_u(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf)
+{
+ struct cache_entry *centry = create_centry_validate(keystr, dbuf);
+ DOM_SID sid;
+
+ if (!centry) {
+ return 1;
+ }
+
+ (void)centry_string(centry, mem_ctx);
+ (void)centry_string(centry, mem_ctx);
+ (void)centry_string(centry, mem_ctx);
+ (void)centry_string(centry, mem_ctx);
+ (void)centry_uint32(centry);
+ (void)centry_sid(centry, mem_ctx, &sid);
+ (void)centry_sid(centry, mem_ctx, &sid);
+
+ centry_free(centry);
+
+ if (bad_cache_entry) {
+ return 1;
+ }
+ DEBUG(10,("validate_u: %s ok\n", keystr));
+ return 0;
+}
+
+static int validate_loc_pol(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf)
+{
+ struct cache_entry *centry = create_centry_validate(keystr, dbuf);
+
+ if (!centry) {
+ return 1;
+ }
+
+ (void)centry_nttime(centry);
+ (void)centry_nttime(centry);
+ (void)centry_uint16(centry);
+
+ centry_free(centry);
+
+ if (bad_cache_entry) {
+ return 1;
+ }
+ DEBUG(10,("validate_loc_pol: %s ok\n", keystr));
+ return 0;
+}
+
+static int validate_pwd_pol(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf)
+{
+ struct cache_entry *centry = create_centry_validate(keystr, dbuf);
+
+ if (!centry) {
+ return 1;
+ }
+
+ (void)centry_uint16(centry);
+ (void)centry_uint16(centry);
+ (void)centry_uint32(centry);
+ (void)centry_nttime(centry);
+ (void)centry_nttime(centry);
+
+ centry_free(centry);
+
+ if (bad_cache_entry) {
+ return 1;
+ }
+ DEBUG(10,("validate_pwd_pol: %s ok\n", keystr));
+ return 0;
+}
+
+static int validate_cred(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf)
+{
+ struct cache_entry *centry = create_centry_validate(keystr, dbuf);
+
+ if (!centry) {
+ return 1;
+ }
+
+ (void)centry_time(centry);
+ (void)centry_hash16(centry, mem_ctx);
+
+ /* We only have 17 bytes more data in the salted cred case. */
+ if (centry->len - centry->ofs == 17) {
+ (void)centry_hash16(centry, mem_ctx);
+ }
+
+ centry_free(centry);
+
+ if (bad_cache_entry) {
+ return 1;
+ }
+ DEBUG(10,("validate_cred: %s ok\n", keystr));
+ return 0;
+}
+
+static int validate_ul(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf)
+{
+ struct cache_entry *centry = create_centry_validate(keystr, dbuf);
+ int32 num_entries, i;
+
+ if (!centry) {
+ return 1;
+ }
+
+ num_entries = (int32)centry_uint32(centry);
+
+ for (i=0; i< num_entries; i++) {
+ DOM_SID sid;
+ (void)centry_string(centry, mem_ctx);
+ (void)centry_string(centry, mem_ctx);
+ (void)centry_string(centry, mem_ctx);
+ (void)centry_string(centry, mem_ctx);
+ (void)centry_sid(centry, mem_ctx, &sid);
+ (void)centry_sid(centry, mem_ctx, &sid);
+ }
+
+ centry_free(centry);
+
+ if (bad_cache_entry) {
+ return 1;
+ }
+ DEBUG(10,("validate_ul: %s ok\n", keystr));
+ return 0;
+}
+
+static int validate_gl(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf)
+{
+ struct cache_entry *centry = create_centry_validate(keystr, dbuf);
+ int32 num_entries, i;
+
+ if (!centry) {
+ return 1;
+ }
+
+ num_entries = centry_uint32(centry);
+
+ for (i=0; i< num_entries; i++) {
+ (void)centry_string(centry, mem_ctx);
+ (void)centry_string(centry, mem_ctx);
+ (void)centry_uint32(centry);
+ }
+
+ centry_free(centry);
+
+ if (bad_cache_entry) {
+ return 1;
+ }
+ DEBUG(10,("validate_gl: %s ok\n", keystr));
+ return 0;
+}
+
+static int validate_ug(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf)
+{
+ struct cache_entry *centry = create_centry_validate(keystr, dbuf);
+ int32 num_groups, i;
+
+ if (!centry) {
+ return 1;
+ }
+
+ num_groups = centry_uint32(centry);
+
+ for (i=0; i< num_groups; i++) {
+ DOM_SID sid;
+ centry_sid(centry, mem_ctx, &sid);
+ }
+
+ centry_free(centry);
+
+ if (bad_cache_entry) {
+ return 1;
+ }
+ DEBUG(10,("validate_ug: %s ok\n", keystr));
+ return 0;
+}
+
+static int validate_ua(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf)
+{
+ struct cache_entry *centry = create_centry_validate(keystr, dbuf);
+ int32 num_aliases, i;
+
+ if (!centry) {
+ return 1;
+ }
+
+ num_aliases = centry_uint32(centry);
+
+ for (i=0; i < num_aliases; i++) {
+ (void)centry_uint32(centry);
+ }
+
+ centry_free(centry);
+
+ if (bad_cache_entry) {
+ return 1;
+ }
+ DEBUG(10,("validate_ua: %s ok\n", keystr));
+ return 0;
+}
+
+static int validate_gm(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf)
+{
+ struct cache_entry *centry = create_centry_validate(keystr, dbuf);
+ int32 num_names, i;
+
+ if (!centry) {
+ return 1;
+ }
+
+ num_names = centry_uint32(centry);
+
+ for (i=0; i< num_names; i++) {
+ DOM_SID sid;
+ centry_sid(centry, mem_ctx, &sid);
+ (void)centry_string(centry, mem_ctx);
+ (void)centry_uint32(centry);
+ }
+
+ centry_free(centry);
+
+ if (bad_cache_entry) {
+ return 1;
+ }
+ DEBUG(10,("validate_gm: %s ok\n", keystr));
+ return 0;
+}
+
+static int validate_dr(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf)
+{
+ /* Can't say anything about this other than must be nonzero. */
+ if (dbuf.dsize == 0) {
+ DEBUG(0,("validate_dr: Corrupt cache for key %s (len == 0) ?\n",
+ keystr));
+ bad_cache_entry = True;
+ return 1;
+ }
+
+ DEBUG(10,("validate_dr: %s ok\n", keystr));
+ return 0;
+}
+
+static int validate_de(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf)
+{
+ /* Can't say anything about this other than must be nonzero. */
+ if (dbuf.dsize == 0) {
+ DEBUG(0,("validate_de: Corrupt cache for key %s (len == 0) ?\n",
+ keystr));
+ bad_cache_entry = True;
+ return 1;
+ }
+
+ DEBUG(10,("validate_de: %s ok\n", keystr));
+ return 0;
+}
+
+static int validate_trustdoms(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf)
+{
+ struct cache_entry *centry = create_centry_validate(keystr, dbuf);
+ int32 num_domains, i;
+
+ if (!centry) {
+ return 1;
+ }
+
+ num_domains = centry_uint32(centry);
+
+ for (i=0; i< num_domains; i++) {
+ DOM_SID sid;
+ (void)centry_string(centry, mem_ctx);
+ (void)centry_string(centry, mem_ctx);
+ (void)centry_sid(centry, mem_ctx, &sid);
+ }
+
+ centry_free(centry);
+
+ if (bad_cache_entry) {
+ return 1;
+ }
+ DEBUG(10,("validate_trustdoms: %s ok\n", keystr));
+ return 0;
+}
+
+static int validate_offline(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf)
+{
+ if (dbuf.dsize != 4) {
+ DEBUG(0,("validate_offline: Corrupt cache for key %s (len %u != 4) ?\n",
+ keystr, (unsigned int)dbuf.dsize ));
+ bad_cache_entry = True;
+ return 1;
+ }
+ DEBUG(10,("validate_offline: %s ok\n", keystr));
+ return 0;
+}
+
+/***********************************************************************
+ A list of all possible cache tdb keys with associated validation
+ functions.
+***********************************************************************/
+
+struct key_val_struct {
+ const char *keyname;
+ int (*validate_data_fn)(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf);
+} key_val[] = {
+ {"SEQNUM/", validate_seqnum},
+ {"NS/", validate_ns},
+ {"SN/", validate_sn},
+ {"U/", validate_u},
+ {"LOC_POL/", validate_loc_pol},
+ {"PWD_POL/", validate_pwd_pol},
+ {"CRED/", validate_cred},
+ {"UL/", validate_ul},
+ {"GL/", validate_gl},
+ {"UG/", validate_ug},
+ {"UA", validate_ua},
+ {"GM/", validate_gm},
+ {"DR/", validate_dr},
+ {"DE/", validate_de},
+ {"TRUSTDOMS/", validate_trustdoms},
+ {"WINBINDD_OFFLINE", validate_offline},
+ {NULL, NULL}
+};
+
+/***********************************************************************
+ Function to look at every entry in the tdb and validate it as far as
+ possible.
+***********************************************************************/
+
+static int cache_traverse_validate_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, void *state)
+{
+ int i;
+
+ /* Paranoia check. */
+ if (kbuf.dsize > 1024) {
+ DEBUG(0,("cache_traverse_validate_fn: key length too large (%u) > 1024\n\n",
+ (unsigned int)kbuf.dsize ));
+ return 1;
+ }
+
+ for (i = 0; key_val[i].keyname; i++) {
+ size_t namelen = strlen(key_val[i].keyname);
+ if (kbuf.dsize >= namelen && (
+ strncmp(key_val[i].keyname, (const char *)kbuf.dptr, namelen)) == 0) {
+ TALLOC_CTX *mem_ctx;
+ char *keystr;
+ int ret;
+
+ keystr = SMB_MALLOC(kbuf.dsize+1);
+ if (!keystr) {
+ return 1;
+ }
+ memcpy(keystr, kbuf.dptr, kbuf.dsize);
+ keystr[kbuf.dsize] = '\0';
+
+ mem_ctx = talloc_init("validate_ctx");
+ if (!mem_ctx) {
+ SAFE_FREE(keystr);
+ return 1;
+ }
+
+ ret = key_val[i].validate_data_fn(mem_ctx, keystr, dbuf);
+
+ SAFE_FREE(keystr);
+ talloc_destroy(mem_ctx);
+ return ret;
+ }
+ }
+
+ DEBUG(0,("cache_traverse_validate_fn: unknown cache entry\nkey :\n"));
+ dump_data(0, (uint8 *)kbuf.dptr, kbuf.dsize);
+ DEBUG(0,("data :\n"));
+ dump_data(0, (uint8 *)dbuf.dptr, dbuf.dsize);
+ return 1; /* terminate. */
+}
+
+static void validate_panic(const char *const why)
+{
+ DEBUG(0,("validating cache: would panic %s\n", why ));
+ bad_cache_entry = True;
+}
+
+/* Handle any signals generated when validating a possibly
+ bad cache tdb. */
+
+static jmp_buf jmpbuf;
+
+#ifdef SIGSEGV
+static void sig_segv(int sig)
+{
+ longjmp(jmpbuf, SIGSEGV);
+}
+#endif
+
+#ifdef SIGBUS
+static void sig_bus(int sig)
+{
+ longjmp(jmpbuf, SIGBUS);
+}
+#endif
+
+#ifdef SIGABRT
+static void sig_abrt(int sig)
+{
+ longjmp(jmpbuf, SIGABRT);
+}
+#endif
+
+/***********************************************************************
+ Try and validate every entry in the winbindd cache. If we fail here,
+ delete the cache tdb and return non-zero - the caller (main winbindd
+ function) will restart us as we don't know if we crashed or not.
+***********************************************************************/
+
+int winbindd_validate_cache(void)
+{
+ BOOL ret = -1;
+ int fd = -1;
+ int num_entries = 0;
+ TDB_CONTEXT *tdb = NULL;
+ const char *cache_path = lock_path("winbindd_cache.tdb");
+
+#ifdef SIGSEGV
+ void (*old_segv_handler)(int) = CatchSignal(SIGSEGV,SIGNAL_CAST sig_segv);
+#endif
+#ifdef SIGBUS
+ void (*old_bus_handler)(int) = CatchSignal(SIGBUS,SIGNAL_CAST sig_bus);
+#endif
+#ifdef SIGABRT
+ void (*old_abrt_handler)(int) = CatchSignal(SIGABRT,SIGNAL_CAST sig_abrt);
+#endif
+
+ switch((ret = setjmp(jmpbuf))) {
+ case 0:
+ ret = -1;
+ break;
+ case SIGSEGV:
+ case SIGBUS:
+ case SIGABRT:
+ default:
+ goto out;
+ }
+
+ /* Doh ! Volker is very smart :-). Use TDB_NOMMAP to prevent
+ * any wild pointer references when reading a corrupt tdb file. */
+
+ tdb = tdb_open_log(cache_path,
+ WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
+ lp_winbind_offline_logon() ? TDB_NOMMAP : (TDB_NOMMAP | TDB_CLEAR_IF_FIRST),
+ O_RDWR|O_CREAT, 0600);
+ if (!tdb) {
+ goto out;
+ }
+
+ fd = tdb_fd(tdb);
+
+ /* Check the cache freelist is good. */
+ if (tdb_validate_freelist(tdb, &num_entries) == -1) {
+ DEBUG(0,("winbindd_validate_cache: bad freelist in cache %s\n",
+ cache_path));
+ goto out;
+ }
+
+ DEBUG(10,("winbindd_validate_cache: cache %s freelist has %d entries\n",
+ cache_path, num_entries));
+
+ smb_panic_fn = validate_panic;
+
+ /* Now traverse the cache to validate it. */
+ num_entries = tdb_traverse(tdb, cache_traverse_validate_fn, NULL);
+ if (num_entries == -1 || bad_cache_entry) {
+ DEBUG(0,("winbindd_validate_cache: cache %s traverse failed\n",
+ cache_path));
+ goto out;
+ }
+
+ DEBUG(10,("winbindd_validate_cache: cache %s is good "
+ "with %d entries\n", cache_path, num_entries));
+ ret = 0; /* Cache is good. */
+
+ out:
+
+ bad_cache_entry = False;
+ smb_panic_fn = smb_panic;
+
+ /* Ensure if we segv on exit we use the original
+ handlers to avoid a loop. */
+
+#ifdef SIGSEGV
+ CatchSignal(SIGSEGV,SIGNAL_CAST old_segv_handler);
+#endif
+#ifdef SIGBUS
+ CatchSignal(SIGBUS,SIGNAL_CAST old_bus_handler);
+#endif
+#ifdef SIGABRT
+ CatchSignal(SIGABRT,SIGNAL_CAST old_abrt_handler);
+#endif
+
+ if (tdb) {
+ if (ret == 0) {
+ tdb_close(tdb);
+ } else if (fd != -1) {
+ close(fd);
+ }
+ }
+
+ if (ret) {
+ unlink(cache_path);
+ }
+
+ return ret;
+}
+
/* the cache backend methods are exposed via this structure */
struct winbindd_methods cache_methods = {
True,
enum_local_groups,
name_to_sid,
sid_to_name,
+ rids_to_names,
query_user,
lookup_usergroups,
lookup_useraliases,