2 Unix SMB/CIFS implementation.
5 Copyright (C) Volker Lendecke 2008
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.*/
21 #include "idmap_cache.h"
22 #include "../libcli/security/security.h"
23 #include "../librpc/gen_ndr/idmap.h"
26 * Find a sid2xid mapping
27 * @param[in] sid the sid to map
28 * @param[out] id where to put the result
29 * @param[out] expired is the cache entry expired?
30 * @retval Was anything in the cache at all?
32 * If id->id == -1 this was a negative mapping.
35 bool idmap_cache_find_sid2unixid(const struct dom_sid *sid, struct unixid *id,
46 key = talloc_asprintf(talloc_tos(), "IDMAP/SID2XID/%s",
47 sid_to_fstring(sidstr, sid));
51 ret = gencache_get(key, &value, &timeout);
56 DEBUG(10, ("Parsing value for key [%s]: value=[%s]\n", key, value));
58 tmp_id.id = strtol(value, &endptr, 10);
59 DEBUG(10, ("Parsing value for key [%s]: id=[%llu], endptr=[%s]\n",
60 key, (unsigned long long)tmp_id.id, endptr));
62 ret = (*endptr == ':');
66 tmp_id.type = ID_TYPE_UID;
70 tmp_id.type = ID_TYPE_GID;
74 tmp_id.type = ID_TYPE_BOTH;
78 DEBUG(0, ("FAILED to parse value for key [%s] "
79 "(id=[%llu], endptr=[%s]): "
80 "no type character after colon\n",
81 key, (unsigned long long)tmp_id.id, endptr));
85 DEBUG(0, ("FAILED to parse value for key [%s] "
86 "(id=[%llu], endptr=[%s]): "
87 "illegal type character '%c'\n",
88 key, (unsigned long long)tmp_id.id, endptr,
93 if (endptr[2] != '\0') {
94 DEBUG(0, ("FAILED to parse value for key [%s] "
95 "(id=[%llu], endptr=[%s]): "
96 "more than 1 type character after colon\n",
97 key, (unsigned long long)tmp_id.id, endptr));
103 *expired = (timeout <= time(NULL));
105 DEBUG(0, ("FAILED to parse value for key [%s] (value=[%s]): "
106 "colon missing after id=[%llu]\n",
107 key, value, (unsigned long long)tmp_id.id));
117 * Find a sid2uid mapping
118 * @param[in] sid the sid to map
119 * @param[out] puid where to put the result
120 * @param[out] expired is the cache entry expired?
121 * @retval Was anything in the cache at all?
123 * If *puid == -1 this was a negative mapping.
126 bool idmap_cache_find_sid2uid(const struct dom_sid *sid, uid_t *puid,
131 ret = idmap_cache_find_sid2unixid(sid, &id, expired);
136 if (id.type == ID_TYPE_BOTH || id.type == ID_TYPE_UID) {
145 * Find a sid2gid mapping
146 * @param[in] sid the sid to map
147 * @param[out] pgid where to put the result
148 * @param[out] expired is the cache entry expired?
149 * @retval Was anything in the cache at all?
151 * If *pgid == -1 this was a negative mapping.
154 bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid,
159 ret = idmap_cache_find_sid2unixid(sid, &id, expired);
164 if (id.type == ID_TYPE_BOTH || id.type == ID_TYPE_GID) {
173 * Find a uid2sid mapping
174 * @param[in] uid the uid to map
175 * @param[out] sid where to put the result
176 * @param[out] expired is the cache entry expired?
177 * @retval Was anything in the cache at all?
179 * If "is_null_sid(sid)", this was a negative mapping.
182 bool idmap_cache_find_uid2sid(uid_t uid, struct dom_sid *sid, bool *expired)
189 key = talloc_asprintf(talloc_tos(), "IDMAP/UID2SID/%d", (int)uid);
193 ret = gencache_get(key, &value, &timeout);
199 if (value[0] != '-') {
200 ret = string_to_sid(sid, value);
204 *expired = (timeout <= time(NULL));
210 * Find a gid2sid mapping
211 * @param[in] gid the gid to map
212 * @param[out] sid where to put the result
213 * @param[out] expired is the cache entry expired?
214 * @retval Was anything in the cache at all?
216 * If "is_null_sid(sid)", this was a negative mapping.
219 bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired)
226 key = talloc_asprintf(talloc_tos(), "IDMAP/GID2SID/%d", (int)gid);
230 ret = gencache_get(key, &value, &timeout);
236 if (value[0] != '-') {
237 ret = string_to_sid(sid, value);
241 *expired = (timeout <= time(NULL));
247 * Store a mapping in the idmap cache
248 * @param[in] sid the sid to map
249 * @param[in] gid the gid to map
251 * If both parameters are valid values, then a positive mapping in both
252 * directions is stored. If "is_null_sid(sid)" is true, then this will be a
253 * negative mapping of gid, we want to cache that for this gid we could not
254 * find anything. Likewise if "gid==-1", then we want to cache that we did not
255 * find a mapping for the sid passed here.
258 void idmap_cache_set_sid2unixid(const struct dom_sid *sid, struct unixid *unix_id)
260 time_t now = time(NULL);
262 fstring sidstr, key, value;
264 if (!is_null_sid(sid)) {
265 fstr_sprintf(key, "IDMAP/SID2XID/%s",
266 sid_to_fstring(sidstr, sid));
267 switch (unix_id->type) {
269 fstr_sprintf(value, "%d:U", (int)unix_id->id);
272 fstr_sprintf(value, "%d:G", (int)unix_id->id);
275 fstr_sprintf(value, "%d:B", (int)unix_id->id);
280 timeout = (unix_id->id == -1)
281 ? lp_idmap_negative_cache_time()
282 : lp_idmap_cache_time();
283 gencache_set(key, value, now + timeout);
285 if (unix_id->id != -1) {
286 if (is_null_sid(sid)) {
287 /* negative gid mapping */
289 timeout = lp_idmap_negative_cache_time();
292 sid_to_fstring(value, sid);
293 timeout = lp_idmap_cache_time();
295 switch (unix_id->type) {
297 fstr_sprintf(key, "IDMAP/UID2SID/%d", (int)unix_id->id);
298 gencache_set(key, value, now + timeout);
299 fstr_sprintf(key, "IDMAP/GID2SID/%d", (int)unix_id->id);
300 gencache_set(key, value, now + timeout);
304 fstr_sprintf(key, "IDMAP/UID2SID/%d", (int)unix_id->id);
308 fstr_sprintf(key, "IDMAP/GID2SID/%d", (int)unix_id->id);
314 gencache_set(key, value, now + timeout);
319 * Store a mapping in the idmap cache
320 * @param[in] sid the sid to map
321 * @param[in] uid the uid to map
323 * If both parameters are valid values, then a positive mapping in both
324 * directions is stored. If "is_null_sid(sid)" is true, then this will be a
325 * negative mapping of uid, we want to cache that for this uid we could not
326 * find anything. Likewise if "uid==-1", then we want to cache that we did not
327 * find a mapping for the sid passed here.
330 void idmap_cache_set_sid2uid(const struct dom_sid *sid, uid_t uid)
333 id.type = ID_TYPE_UID;
339 /* If we were asked to invalidate this SID -> UID
340 * mapping, it was because we found out that this was
341 * not a UID at all. Do not overwrite a valid GID or
343 if (idmap_cache_find_sid2gid(sid, &tmp_gid, &expired)) {
350 idmap_cache_set_sid2unixid(sid, &id);
355 * Store a mapping in the idmap cache
356 * @param[in] sid the sid to map
357 * @param[in] gid the gid to map
359 * If both parameters are valid values, then a positive mapping in both
360 * directions is stored. If "is_null_sid(sid)" is true, then this will be a
361 * negative mapping of gid, we want to cache that for this gid we could not
362 * find anything. Likewise if "gid==-1", then we want to cache that we did not
363 * find a mapping for the sid passed here.
366 void idmap_cache_set_sid2gid(const struct dom_sid *sid, gid_t gid)
369 id.type = ID_TYPE_GID;
375 /* If we were asked to invalidate this SID -> GID
376 * mapping, it was because we found out that this was
377 * not a GID at all. Do not overwrite a valid UID or
379 if (idmap_cache_find_sid2uid(sid, &tmp_uid, &expired)) {
386 idmap_cache_set_sid2unixid(sid, &id);
390 static char* key_xid2sid_str(TALLOC_CTX* mem_ctx, char t, const char* id) {
391 return talloc_asprintf(mem_ctx, "IDMAP/%cID2SID/%s", t, id);
394 static char* key_xid2sid(TALLOC_CTX* mem_ctx, char t, int id) {
396 snprintf(str, sizeof(str), "%d", id);
397 return key_xid2sid_str(mem_ctx, t, str);
400 static char* key_sid2xid_str(TALLOC_CTX* mem_ctx, const char* id) {
401 return talloc_asprintf(mem_ctx, "IDMAP/SID2XID/%s", id);
404 static bool idmap_cache_del_xid(char t, int xid)
406 TALLOC_CTX* mem_ctx = talloc_stackframe();
407 const char* key = key_xid2sid(mem_ctx, t, xid);
408 char* sid_str = NULL;
412 if (!gencache_get(key, &sid_str, &timeout)) {
413 DEBUG(3, ("no entry: %s\n", key));
418 if (sid_str[0] != '-') {
419 const char* sid_key = key_sid2xid_str(mem_ctx, sid_str);
420 if (!gencache_del(sid_key)) {
421 DEBUG(2, ("failed to delete: %s\n", sid_key));
424 DEBUG(5, ("delete: %s\n", sid_key));
429 if (!gencache_del(key)) {
430 DEBUG(1, ("failed to delete: %s\n", key));
433 DEBUG(5, ("delete: %s\n", key));
437 talloc_free(mem_ctx);
441 bool idmap_cache_del_uid(uid_t uid) {
442 return idmap_cache_del_xid('U', uid);
445 bool idmap_cache_del_gid(gid_t gid) {
446 return idmap_cache_del_xid('G', gid);
449 bool idmap_cache_del_sid(const struct dom_sid *sid)
451 TALLOC_CTX* mem_ctx = talloc_stackframe();
457 if (!idmap_cache_find_sid2unixid(sid, &id, &expired)) {
465 idmap_cache_del_xid('U', id.id);
466 idmap_cache_del_xid('G', id.id);
469 idmap_cache_del_xid('U', id.id);
472 idmap_cache_del_xid('G', id.id);
479 sid_key = key_sid2xid_str(mem_ctx, dom_sid_string(mem_ctx, sid));
480 if (sid_key == NULL) {
483 /* If the mapping was symmetric, then this should fail */
484 gencache_del(sid_key);
486 talloc_free(mem_ctx);