2 Unix SMB/CIFS implementation.
4 Winbind cache backend functions
6 Copyright (C) Andrew Tridgell 2001
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 struct winbind_cache {
26 struct winbindd_methods *backend;
32 uint32 sequence_number;
37 #define WINBINDD_MAX_CACHE_SIZE (50*1024*1024)
39 static struct winbind_cache *wcache;
42 void wcache_flush_cache(void)
44 extern BOOL opt_nocache;
48 tdb_close(wcache->tdb);
51 if (opt_nocache) return;
53 wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"), 5000,
54 TDB_CLEAR_IF_FIRST, O_RDWR|O_CREAT, 0600);
57 DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
61 void winbindd_check_cache_size(time_t t)
63 static time_t last_check_time;
66 if (last_check_time == (time_t)0)
69 if (t - last_check_time < 60 && t - last_check_time > 0)
72 if (wcache == NULL || wcache->tdb == NULL) {
73 DEBUG(0, ("Unable to check size of tdb cache - cache not open !\n"));
77 if (fstat(wcache->tdb->fd, &st) == -1) {
78 DEBUG(0, ("Unable to check size of tdb cache %s!\n", strerror(errno) ));
82 if (st.st_size > WINBINDD_MAX_CACHE_SIZE) {
83 DEBUG(10,("flushing cache due to size (%lu) > (%lu)\n",
84 (unsigned long)st.st_size,
85 (unsigned long)WINBINDD_MAX_CACHE_SIZE));
90 /* get the winbind_cache structure */
91 static struct winbind_cache *get_cache(struct winbindd_domain *domain)
93 extern struct winbindd_methods msrpc_methods;
94 struct winbind_cache *ret = wcache;
98 ret = smb_xmalloc(sizeof(*ret));
100 switch (lp_security()) {
103 extern struct winbindd_methods ads_methods;
104 ret->backend = &ads_methods;
109 ret->backend = &msrpc_methods;
113 wcache_flush_cache();
119 free a centry structure
121 static void centry_free(struct cache_entry *centry)
124 SAFE_FREE(centry->data);
130 pull a uint32 from a cache entry
132 static uint32 centry_uint32(struct cache_entry *centry)
135 if (centry->len - centry->ofs < 4) {
136 DEBUG(0,("centry corruption? needed 4 bytes, have %d\n",
137 centry->len - centry->ofs));
138 smb_panic("centry_uint32");
140 ret = IVAL(centry->data, centry->ofs);
146 pull a uint8 from a cache entry
148 static uint8 centry_uint8(struct cache_entry *centry)
151 if (centry->len - centry->ofs < 1) {
152 DEBUG(0,("centry corruption? needed 1 bytes, have %d\n",
153 centry->len - centry->ofs));
154 smb_panic("centry_uint32");
156 ret = CVAL(centry->data, centry->ofs);
161 /* pull a string from a cache entry, using the supplied
164 static char *centry_string(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
169 len = centry_uint8(centry);
172 /* a deliberate NULL string */
176 if (centry->len - centry->ofs < len) {
177 DEBUG(0,("centry corruption? needed %d bytes, have %d\n",
178 len, centry->len - centry->ofs));
179 smb_panic("centry_string");
182 ret = talloc(mem_ctx, len+1);
184 smb_panic("centry_string out of memory\n");
186 memcpy(ret,centry->data + centry->ofs, len);
192 /* the server is considered down if it can't give us a sequence number */
193 static BOOL wcache_server_down(struct winbindd_domain *domain)
195 if (!wcache->tdb) return False;
196 return (domain->sequence_number == DOM_SEQUENCE_NONE);
201 refresh the domain sequence number. If force is True
202 then always refresh it, no matter how recently we fetched it
204 static void refresh_sequence_number(struct winbindd_domain *domain, BOOL force)
208 unsigned cache_time = lp_winbind_cache_time();
210 /* trying to reconnect is expensive, don't do it too often */
211 if (domain->sequence_number == DOM_SEQUENCE_NONE) {
215 time_diff = time(NULL) - domain->last_seq_check;
217 /* see if we have to refetch the domain sequence number */
218 if (!force && (time_diff < cache_time)) {
222 status = wcache->backend->sequence_number(domain, &domain->sequence_number);
224 if (!NT_STATUS_IS_OK(status)) {
225 domain->sequence_number = DOM_SEQUENCE_NONE;
228 domain->last_seq_check = time(NULL);
232 decide if a cache entry has expired
234 static BOOL centry_expired(struct winbindd_domain *domain, struct cache_entry *centry)
236 /* if the server is OK and our cache entry came from when it was down then
237 the entry is invalid */
238 if (domain->sequence_number != DOM_SEQUENCE_NONE &&
239 centry->sequence_number == DOM_SEQUENCE_NONE) {
243 /* if the server is down or the cache entry is not older than the
244 current sequence number then it is OK */
245 if (wcache_server_down(domain) ||
246 centry->sequence_number == domain->sequence_number) {
255 fetch an entry from the cache, with a varargs key. auto-fetch the sequence
256 number and return status
258 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
259 struct winbindd_domain *domain,
260 const char *format, ...)
265 struct cache_entry *centry;
268 refresh_sequence_number(domain, False);
270 va_start(ap, format);
271 smb_xvasprintf(&kstr, format, ap);
275 key.dsize = strlen(kstr);
276 data = tdb_fetch(wcache->tdb, key);
283 centry = smb_xmalloc(sizeof(*centry));
284 centry->data = data.dptr;
285 centry->len = data.dsize;
288 if (centry->len < 8) {
289 /* huh? corrupt cache? */
294 centry->status = NT_STATUS(centry_uint32(centry));
295 centry->sequence_number = centry_uint32(centry);
297 if (centry_expired(domain, centry)) {
298 extern BOOL opt_dual_daemon;
300 if (opt_dual_daemon) {
301 extern BOOL backgroud_process;
302 backgroud_process = True;
313 make sure we have at least len bytes available in a centry
315 static void centry_expand(struct cache_entry *centry, uint32 len)
318 if (centry->len - centry->ofs >= len) return;
320 p = realloc(centry->data, centry->len);
322 DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len));
323 smb_panic("out of memory in centry_expand");
329 push a uint32 into a centry
331 static void centry_put_uint32(struct cache_entry *centry, uint32 v)
333 centry_expand(centry, 4);
334 SIVAL(centry->data, centry->ofs, v);
339 push a uint8 into a centry
341 static void centry_put_uint8(struct cache_entry *centry, uint8 v)
343 centry_expand(centry, 1);
344 SCVAL(centry->data, centry->ofs, v);
349 push a string into a centry
351 static void centry_put_string(struct cache_entry *centry, const char *s)
356 /* null strings are marked as len 0xFFFF */
357 centry_put_uint8(centry, 0xFF);
362 /* can't handle more than 254 char strings. Truncating is probably best */
363 if (len > 254) len = 254;
364 centry_put_uint8(centry, len);
365 centry_expand(centry, len);
366 memcpy(centry->data + centry->ofs, s, len);
371 start a centry for output. When finished, call centry_end()
373 struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status)
375 struct cache_entry *centry;
377 if (!wcache->tdb) return NULL;
379 centry = smb_xmalloc(sizeof(*centry));
381 centry->len = 8192; /* reasonable default */
382 centry->data = smb_xmalloc(centry->len);
384 centry->sequence_number = domain->sequence_number;
385 centry_put_uint32(centry, NT_STATUS_V(status));
386 centry_put_uint32(centry, centry->sequence_number);
391 finish a centry and write it to the tdb
393 static void centry_end(struct cache_entry *centry, const char *format, ...)
399 va_start(ap, format);
400 smb_xvasprintf(&kstr, format, ap);
404 key.dsize = strlen(kstr);
405 data.dptr = centry->data;
406 data.dsize = centry->ofs;
408 tdb_store(wcache->tdb, key, data, TDB_REPLACE);
412 /* form a sid from the domain plus rid */
413 static DOM_SID *form_sid(struct winbindd_domain *domain, uint32 rid)
416 sid_copy(&sid, &domain->sid);
417 sid_append_rid(&sid, rid);
421 static void wcache_save_name_to_sid(struct winbindd_domain *domain, NTSTATUS status,
422 const char *name, DOM_SID *sid, enum SID_NAME_USE type)
424 struct cache_entry *centry;
428 centry = centry_start(domain, status);
431 centry_expand(centry, len);
432 centry_put_uint32(centry, type);
433 sid_linearize(centry->data + centry->ofs, len, sid);
435 fstrcpy(uname, name);
437 centry_end(centry, "NS/%s/%s", domain->name, uname);
441 static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS status,
442 DOM_SID *sid, const char *name, enum SID_NAME_USE type, uint32 rid)
444 struct cache_entry *centry;
446 centry = centry_start(domain, status);
448 if (NT_STATUS_IS_OK(status)) {
449 centry_put_uint32(centry, type);
450 centry_put_string(centry, name);
452 centry_end(centry, "SN/%s/%d", domain->name, rid);
457 static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WINBIND_USERINFO *info)
459 struct cache_entry *centry;
461 centry = centry_start(domain, status);
463 centry_put_string(centry, info->acct_name);
464 centry_put_string(centry, info->full_name);
465 centry_put_uint32(centry, info->user_rid);
466 centry_put_uint32(centry, info->group_rid);
467 centry_end(centry, "U/%s/%x", domain->name, info->user_rid);
472 /* Query display info. This is the basic user list fn */
473 static NTSTATUS query_user_list(struct winbindd_domain *domain,
476 WINBIND_USERINFO **info)
478 struct winbind_cache *cache = get_cache(domain);
479 struct cache_entry *centry = NULL;
483 if (!cache->tdb) goto do_query;
485 centry = wcache_fetch(cache, domain, "UL/%s", domain->name);
486 if (!centry) goto do_query;
488 *num_entries = centry_uint32(centry);
490 if (*num_entries == 0) goto do_cached;
492 (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
493 if (! (*info)) smb_panic("query_user_list out of memory");
494 for (i=0; i<(*num_entries); i++) {
495 (*info)[i].acct_name = centry_string(centry, mem_ctx);
496 (*info)[i].full_name = centry_string(centry, mem_ctx);
497 (*info)[i].user_rid = centry_uint32(centry);
498 (*info)[i].group_rid = centry_uint32(centry);
502 status = centry->status;
510 if (wcache_server_down(domain)) {
511 return NT_STATUS_SERVER_DISABLED;
514 status = cache->backend->query_user_list(domain, mem_ctx, num_entries, info);
517 refresh_sequence_number(domain, True);
518 centry = centry_start(domain, status);
519 if (!centry) goto skip_save;
520 centry_put_uint32(centry, *num_entries);
521 for (i=0; i<(*num_entries); i++) {
522 centry_put_string(centry, (*info)[i].acct_name);
523 centry_put_string(centry, (*info)[i].full_name);
524 centry_put_uint32(centry, (*info)[i].user_rid);
525 centry_put_uint32(centry, (*info)[i].group_rid);
526 if (cache->backend->consistent) {
527 /* when the backend is consistent we can pre-prime some mappings */
528 wcache_save_name_to_sid(domain, NT_STATUS_OK,
529 (*info)[i].acct_name,
530 form_sid(domain, (*info)[i].user_rid),
532 wcache_save_sid_to_name(domain, NT_STATUS_OK,
533 form_sid(domain, (*info)[i].user_rid),
534 (*info)[i].acct_name,
535 SID_NAME_USER, (*info)[i].user_rid);
536 wcache_save_user(domain, NT_STATUS_OK, &(*info)[i]);
539 centry_end(centry, "UL/%s", domain->name);
546 /* list all domain groups */
547 static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
550 struct acct_info **info)
552 struct winbind_cache *cache = get_cache(domain);
553 struct cache_entry *centry = NULL;
557 if (!cache->tdb) goto do_query;
559 centry = wcache_fetch(cache, domain, "GL/%s", domain->name);
560 if (!centry) goto do_query;
562 *num_entries = centry_uint32(centry);
564 if (*num_entries == 0) goto do_cached;
566 (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
567 if (! (*info)) smb_panic("enum_dom_groups out of memory");
568 for (i=0; i<(*num_entries); i++) {
569 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
570 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
571 (*info)[i].rid = centry_uint32(centry);
575 status = centry->status;
583 if (wcache_server_down(domain)) {
584 return NT_STATUS_SERVER_DISABLED;
587 status = cache->backend->enum_dom_groups(domain, mem_ctx, num_entries, info);
590 refresh_sequence_number(domain, True);
591 centry = centry_start(domain, status);
592 if (!centry) goto skip_save;
593 centry_put_uint32(centry, *num_entries);
594 for (i=0; i<(*num_entries); i++) {
595 centry_put_string(centry, (*info)[i].acct_name);
596 centry_put_string(centry, (*info)[i].acct_desc);
597 centry_put_uint32(centry, (*info)[i].rid);
599 centry_end(centry, "GL/%s", domain->name);
607 /* convert a single name to a sid in a domain */
608 static NTSTATUS name_to_sid(struct winbindd_domain *domain,
611 enum SID_NAME_USE *type)
613 struct winbind_cache *cache = get_cache(domain);
614 struct cache_entry *centry = NULL;
618 if (!cache->tdb) goto do_query;
620 fstrcpy(uname, name);
622 centry = wcache_fetch(cache, domain, "NS/%s/%s", domain->name, uname);
623 if (!centry) goto do_query;
624 *type = centry_uint32(centry);
625 sid_parse(centry->data + centry->ofs, centry->len - centry->ofs, sid);
627 status = centry->status;
634 if (wcache_server_down(domain)) {
635 return NT_STATUS_SERVER_DISABLED;
637 status = cache->backend->name_to_sid(domain, name, sid, type);
640 wcache_save_name_to_sid(domain, status, name, sid, *type);
642 /* We can't save the sid to name mapping as we don't know the
643 correct case of the name without looking it up */
648 /* convert a sid to a user or group name. The sid is guaranteed to be in the domain
650 static NTSTATUS sid_to_name(struct winbindd_domain *domain,
654 enum SID_NAME_USE *type)
656 struct winbind_cache *cache = get_cache(domain);
657 struct cache_entry *centry = NULL;
661 sid_peek_rid(sid, &rid);
663 if (!cache->tdb) goto do_query;
665 centry = wcache_fetch(cache, domain, "SN/%s/%d", domain->name, rid);
666 if (!centry) goto do_query;
667 if (NT_STATUS_IS_OK(centry->status)) {
668 *type = centry_uint32(centry);
669 *name = centry_string(centry, mem_ctx);
671 status = centry->status;
678 if (wcache_server_down(domain)) {
679 return NT_STATUS_SERVER_DISABLED;
681 status = cache->backend->sid_to_name(domain, mem_ctx, sid, name, type);
684 refresh_sequence_number(domain, True);
685 wcache_save_sid_to_name(domain, status, sid, *name, *type, rid);
686 wcache_save_name_to_sid(domain, status, *name, sid, *type);
692 /* Lookup user information from a rid */
693 static NTSTATUS query_user(struct winbindd_domain *domain,
696 WINBIND_USERINFO *info)
698 struct winbind_cache *cache = get_cache(domain);
699 struct cache_entry *centry = NULL;
702 if (!cache->tdb) goto do_query;
704 centry = wcache_fetch(cache, domain, "U/%s/%x", domain->name, user_rid);
705 if (!centry) goto do_query;
707 info->acct_name = centry_string(centry, mem_ctx);
708 info->full_name = centry_string(centry, mem_ctx);
709 info->user_rid = centry_uint32(centry);
710 info->group_rid = centry_uint32(centry);
711 status = centry->status;
718 if (wcache_server_down(domain)) {
719 return NT_STATUS_SERVER_DISABLED;
722 status = cache->backend->query_user(domain, mem_ctx, user_rid, info);
725 refresh_sequence_number(domain, True);
726 wcache_save_user(domain, status, info);
732 /* Lookup groups a user is a member of. */
733 static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
736 uint32 *num_groups, uint32 **user_gids)
738 struct winbind_cache *cache = get_cache(domain);
739 struct cache_entry *centry = NULL;
743 if (!cache->tdb) goto do_query;
745 centry = wcache_fetch(cache, domain, "UG/%s/%x", domain->name, user_rid);
746 if (!centry) goto do_query;
748 *num_groups = centry_uint32(centry);
750 if (*num_groups == 0) goto do_cached;
752 (*user_gids) = talloc(mem_ctx, sizeof(**user_gids) * (*num_groups));
753 if (! (*user_gids)) smb_panic("lookup_usergroups out of memory");
754 for (i=0; i<(*num_groups); i++) {
755 (*user_gids)[i] = centry_uint32(centry);
759 status = centry->status;
767 if (wcache_server_down(domain)) {
768 return NT_STATUS_SERVER_DISABLED;
770 status = cache->backend->lookup_usergroups(domain, mem_ctx, user_rid, num_groups, user_gids);
773 refresh_sequence_number(domain, True);
774 centry = centry_start(domain, status);
775 if (!centry) goto skip_save;
776 centry_put_uint32(centry, *num_groups);
777 for (i=0; i<(*num_groups); i++) {
778 centry_put_uint32(centry, (*user_gids)[i]);
780 centry_end(centry, "UG/%s/%x", domain->name, user_rid);
788 static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
790 uint32 group_rid, uint32 *num_names,
791 uint32 **rid_mem, char ***names,
794 struct winbind_cache *cache = get_cache(domain);
795 struct cache_entry *centry = NULL;
799 if (!cache->tdb) goto do_query;
801 centry = wcache_fetch(cache, domain, "GM/%s/%x", domain->name, group_rid);
802 if (!centry) goto do_query;
804 *num_names = centry_uint32(centry);
806 if (*num_names == 0) goto do_cached;
808 (*rid_mem) = talloc(mem_ctx, sizeof(**rid_mem) * (*num_names));
809 (*names) = talloc(mem_ctx, sizeof(**names) * (*num_names));
810 (*name_types) = talloc(mem_ctx, sizeof(**name_types) * (*num_names));
812 if (! (*rid_mem) || ! (*names) || ! (*name_types)) {
813 smb_panic("lookup_groupmem out of memory");
816 for (i=0; i<(*num_names); i++) {
817 (*rid_mem)[i] = centry_uint32(centry);
818 (*names)[i] = centry_string(centry, mem_ctx);
819 (*name_types)[i] = centry_uint32(centry);
823 status = centry->status;
831 (*name_types) = NULL;
834 if (wcache_server_down(domain)) {
835 return NT_STATUS_SERVER_DISABLED;
837 status = cache->backend->lookup_groupmem(domain, mem_ctx, group_rid, num_names,
838 rid_mem, names, name_types);
841 refresh_sequence_number(domain, True);
842 centry = centry_start(domain, status);
843 if (!centry) goto skip_save;
844 centry_put_uint32(centry, *num_names);
845 for (i=0; i<(*num_names); i++) {
846 centry_put_uint32(centry, (*rid_mem)[i]);
847 centry_put_string(centry, (*names)[i]);
848 centry_put_uint32(centry, (*name_types)[i]);
850 centry_end(centry, "GM/%s/%x", domain->name, group_rid);
857 /* find the sequence number for a domain */
858 static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
860 refresh_sequence_number(domain, False);
862 *seq = domain->sequence_number;
867 /* enumerate trusted domains */
868 static NTSTATUS trusted_domains(struct winbindd_domain *domain,
874 struct winbind_cache *cache = get_cache(domain);
876 /* we don't cache this call */
877 return cache->backend->trusted_domains(domain, mem_ctx, num_domains,
881 /* find the domain sid */
882 static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid)
884 struct winbind_cache *cache = get_cache(domain);
886 /* we don't cache this call */
887 return cache->backend->domain_sid(domain, sid);
890 /* the ADS backend methods are exposed via this structure */
891 struct winbindd_methods cache_methods = {
git.samba.org / ira / wip.git / blob