2 Unix SMB/CIFS implementation.
7 Copyright (C) Simo Sorce 2006
8 Copyright (C) Rafal Szczesniak 2002
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.*/
26 #define TIMEOUT_LEN 12
27 #define IDMAP_CACHE_DATA_FMT "%12u/%s"
28 #define IDMAP_READ_CACHE_DATA_FMT_TEMPLATE "%%12u/%%%us"
30 struct idmap_cache_ctx {
34 static int idmap_cache_destructor(struct idmap_cache_ctx *cache)
38 if (cache && cache->tdb) {
39 ret = tdb_close(cache->tdb);
46 struct idmap_cache_ctx *idmap_cache_init(TALLOC_CTX *memctx)
48 struct idmap_cache_ctx *cache;
49 char* cache_fname = NULL;
51 cache = talloc(memctx, struct idmap_cache_ctx);
53 DEBUG(0, ("Out of memory!\n"));
57 cache_fname = lock_path("idmap_cache.tdb");
59 DEBUG(10, ("Opening cache file at %s\n", cache_fname));
61 cache->tdb = tdb_open_log(cache_fname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
64 DEBUG(5, ("Attempt to open %s has failed.\n", cache_fname));
68 talloc_set_destructor(cache, idmap_cache_destructor);
73 void idmap_cache_shutdown(struct idmap_cache_ctx *cache)
78 NTSTATUS idmap_cache_build_sidkey(TALLOC_CTX *ctx, char **sidkey, const struct id_map *id)
82 *sidkey = talloc_asprintf(ctx, "IDMAP/SID/%s",
83 sid_to_string(sidstr, id->sid));
85 DEBUG(1, ("failed to build sidkey, OOM?\n"));
86 return NT_STATUS_NO_MEMORY;
92 NTSTATUS idmap_cache_build_idkey(TALLOC_CTX *ctx, char **idkey, const struct id_map *id)
94 *idkey = talloc_asprintf(ctx, "IDMAP/%s/%lu",
95 (id->xid.type==ID_TYPE_UID)?"UID":"GID",
96 (unsigned long)id->xid.id);
98 DEBUG(1, ("failed to build idkey, OOM?\n"));
99 return NT_STATUS_NO_MEMORY;
105 NTSTATUS idmap_cache_set(struct idmap_cache_ctx *cache, const struct id_map *id)
108 time_t timeout = time(NULL) + lp_idmap_cache_time();
114 /* Don't cache lookups in the S-1-22-{1,2} domain */
115 if ( (id->xid.type == ID_TYPE_UID) &&
116 sid_check_is_in_unix_users(id->sid) )
120 if ( (id->xid.type == ID_TYPE_GID) &&
121 sid_check_is_in_unix_groups(id->sid) )
127 ret = idmap_cache_build_sidkey(cache, &sidkey, id);
128 if (!NT_STATUS_IS_OK(ret)) return ret;
130 /* use sidkey as the local memory ctx */
131 ret = idmap_cache_build_idkey(sidkey, &idkey, id);
132 if (!NT_STATUS_IS_OK(ret)) {
138 /* use sidkey as the local memory ctx */
139 valstr = talloc_asprintf(sidkey, IDMAP_CACHE_DATA_FMT, (int)timeout, idkey);
141 DEBUG(0, ("Out of memory!\n"));
142 ret = NT_STATUS_NO_MEMORY;
146 databuf = string_term_tdb_data(valstr);
147 DEBUG(10, ("Adding cache entry with key = %s; value = %s and timeout ="
148 " %s (%d seconds %s)\n", sidkey, valstr , ctime(&timeout),
149 (int)(timeout - time(NULL)),
150 timeout > time(NULL) ? "ahead" : "in the past"));
152 if (tdb_store_bystring(cache->tdb, sidkey, databuf, TDB_REPLACE) != 0) {
153 DEBUG(3, ("Failed to store cache entry!\n"));
154 ret = NT_STATUS_UNSUCCESSFUL;
160 /* use sidkey as the local memory ctx */
161 valstr = talloc_asprintf(sidkey, IDMAP_CACHE_DATA_FMT, (int)timeout, sidkey);
163 DEBUG(0, ("Out of memory!\n"));
164 ret = NT_STATUS_NO_MEMORY;
168 databuf = string_term_tdb_data(valstr);
169 DEBUG(10, ("Adding cache entry with key = %s; value = %s and timeout ="
170 " %s (%d seconds %s)\n", idkey, valstr, ctime(&timeout),
171 (int)(timeout - time(NULL)),
172 timeout > time(NULL) ? "ahead" : "in the past"));
174 if (tdb_store_bystring(cache->tdb, idkey, databuf, TDB_REPLACE) != 0) {
175 DEBUG(3, ("Failed to store cache entry!\n"));
176 ret = NT_STATUS_UNSUCCESSFUL;
187 NTSTATUS idmap_cache_set_negative_sid(struct idmap_cache_ctx *cache, const struct id_map *id)
190 time_t timeout = time(NULL) + lp_idmap_negative_cache_time();
195 ret = idmap_cache_build_sidkey(cache, &sidkey, id);
196 if (!NT_STATUS_IS_OK(ret)) return ret;
198 /* use sidkey as the local memory ctx */
199 valstr = talloc_asprintf(sidkey, IDMAP_CACHE_DATA_FMT, (int)timeout, "IDMAP/NEGATIVE");
201 DEBUG(0, ("Out of memory!\n"));
202 ret = NT_STATUS_NO_MEMORY;
206 databuf = string_term_tdb_data(valstr);
207 DEBUG(10, ("Adding cache entry with key = %s; value = %s and timeout ="
208 " %s (%d seconds %s)\n", sidkey, valstr, ctime(&timeout),
209 (int)(timeout - time(NULL)),
210 timeout > time(NULL) ? "ahead" : "in the past"));
212 if (tdb_store_bystring(cache->tdb, sidkey, databuf, TDB_REPLACE) != 0) {
213 DEBUG(3, ("Failed to store cache entry!\n"));
214 ret = NT_STATUS_UNSUCCESSFUL;
223 NTSTATUS idmap_cache_set_negative_id(struct idmap_cache_ctx *cache, const struct id_map *id)
226 time_t timeout = time(NULL) + lp_idmap_negative_cache_time();
231 ret = idmap_cache_build_idkey(cache, &idkey, id);
232 if (!NT_STATUS_IS_OK(ret)) return ret;
234 /* use idkey as the local memory ctx */
235 valstr = talloc_asprintf(idkey, IDMAP_CACHE_DATA_FMT, (int)timeout, "IDMAP/NEGATIVE");
237 DEBUG(0, ("Out of memory!\n"));
238 ret = NT_STATUS_NO_MEMORY;
242 databuf = string_term_tdb_data(valstr);
243 DEBUG(10, ("Adding cache entry with key = %s; value = %s and timeout ="
244 " %s (%d seconds %s)\n", idkey, valstr, ctime(&timeout),
245 (int)(timeout - time(NULL)),
246 timeout > time(NULL) ? "ahead" : "in the past"));
248 if (tdb_store_bystring(cache->tdb, idkey, databuf, TDB_REPLACE) != 0) {
249 DEBUG(3, ("Failed to store cache entry!\n"));
250 ret = NT_STATUS_UNSUCCESSFUL;
259 NTSTATUS idmap_cache_fill_map(struct id_map *id, const char *value)
263 /* see if it is a sid */
264 if ( ! strncmp("IDMAP/SID/", value, 10)) {
266 if ( ! string_to_sid(id->sid, &value[10])) {
270 id->status = ID_MAPPED;
275 /* not a SID see if it is an UID or a GID */
276 if ( ! strncmp("IDMAP/UID/", value, 10)) {
279 id->xid.type = ID_TYPE_UID;
281 } else if ( ! strncmp("IDMAP/GID/", value, 10)) {
284 id->xid.type = ID_TYPE_GID;
288 /* a completely bogus value bail out */
292 id->xid.id = strtol(&value[10], &rem, 0);
297 id->status = ID_MAPPED;
302 DEBUG(1, ("invalid value: %s\n", value));
303 id->status = ID_UNKNOWN;
304 return NT_STATUS_INTERNAL_DB_CORRUPTION;
307 bool idmap_cache_is_negative(const char *val)
309 if ( ! strcmp("IDMAP/NEGATIVE", val)) {
315 /* search the cahce for the SID an return a mapping if found *
317 * 4 cases are possible
320 * in this case id->status = ID_MAPPED and NT_STATUS_OK is returned
322 * in this case id->status = ID_UNKNOWN and NT_STATUS_NONE_MAPPED is returned
323 * 3 negative cache found
324 * in this case id->status = ID_UNMAPPED and NT_STATUS_OK is returned
325 * 4 map found but timer expired
326 * in this case id->status = ID_EXPIRED and NT_STATUS_SYNCHRONIZATION_REQUIRED
327 * is returned. In this case revalidation of the cache is needed.
330 NTSTATUS idmap_cache_map_sid(struct idmap_cache_ctx *cache, struct id_map *id)
337 struct winbindd_domain *our_domain = find_our_domain();
338 time_t now = time(NULL);
340 /* make sure it is marked as not mapped by default */
341 id->status = ID_UNKNOWN;
343 ret = idmap_cache_build_sidkey(cache, &sidkey, id);
344 if (!NT_STATUS_IS_OK(ret)) return ret;
346 databuf = tdb_fetch_bystring(cache->tdb, sidkey);
348 if (databuf.dptr == NULL) {
349 DEBUG(10, ("Cache entry with key = %s couldn't be found\n", sidkey));
350 ret = NT_STATUS_NONE_MAPPED;
354 t = strtol((const char *)databuf.dptr, &endptr, 10);
356 if ((endptr == NULL) || (*endptr != '/')) {
357 DEBUG(2, ("Invalid gencache data format: %s\n", (const char *)databuf.dptr));
358 /* remove the entry */
359 tdb_delete_bystring(cache->tdb, sidkey);
360 ret = NT_STATUS_NONE_MAPPED;
364 /* check it is not negative */
365 if (strcmp("IDMAP/NEGATIVE", endptr+1) != 0) {
367 DEBUG(10, ("Returning %s cache entry: key = %s, value = %s, "
368 "timeout = %s", t > now ? "valid" :
369 "expired", sidkey, endptr+1, ctime(&t)));
371 /* this call if successful will also mark the entry as mapped */
372 ret = idmap_cache_fill_map(id, endptr+1);
373 if ( ! NT_STATUS_IS_OK(ret)) {
374 /* if not valid form delete the entry */
375 tdb_delete_bystring(cache->tdb, sidkey);
376 ret = NT_STATUS_NONE_MAPPED;
380 /* here ret == NT_STATUS_OK and id->status = ID_MAPPED */
383 /* If we've been told to be offline - stay in
385 if ( IS_DOMAIN_OFFLINE(our_domain) ) {
386 DEBUG(10,("idmap_cache_map_sid: idmap is offline\n"));
390 /* We're expired, set an error code
392 ret = NT_STATUS_SYNCHRONIZATION_REQUIRED;
398 /* Was a negative cache hit */
400 /* Ignore the negative cache when offline */
402 if ( IS_DOMAIN_OFFLINE(our_domain) ) {
403 DEBUG(10,("idmap_cache_map_sid: idmap is offline\n"));
408 /* Check for valid or expired cache hits */
410 /* We're expired. Return not mapped */
411 ret = NT_STATUS_NONE_MAPPED;
413 /* this is not mapped as it was a negative cache hit */
414 id->status = ID_UNMAPPED;
419 SAFE_FREE(databuf.dptr);
424 /* search the cahce for the ID an return a mapping if found *
426 * 4 cases are possible
429 * in this case id->status = ID_MAPPED and NT_STATUS_OK is returned
431 * in this case id->status = ID_UNKNOWN and NT_STATUS_NONE_MAPPED is returned
432 * 3 negative cache found
433 * in this case id->status = ID_UNMAPPED and NT_STATUS_OK is returned
434 * 4 map found but timer expired
435 * in this case id->status = ID_EXPIRED and NT_STATUS_SYNCHRONIZATION_REQUIRED
436 * is returned. In this case revalidation of the cache is needed.
439 NTSTATUS idmap_cache_map_id(struct idmap_cache_ctx *cache, struct id_map *id)
446 struct winbindd_domain *our_domain = find_our_domain();
447 time_t now = time(NULL);
449 /* make sure it is marked as unknown by default */
450 id->status = ID_UNKNOWN;
452 ret = idmap_cache_build_idkey(cache, &idkey, id);
453 if (!NT_STATUS_IS_OK(ret)) return ret;
455 databuf = tdb_fetch_bystring(cache->tdb, idkey);
457 if (databuf.dptr == NULL) {
458 DEBUG(10, ("Cache entry with key = %s couldn't be found\n", idkey));
459 ret = NT_STATUS_NONE_MAPPED;
463 t = strtol((const char *)databuf.dptr, &endptr, 10);
465 if ((endptr == NULL) || (*endptr != '/')) {
466 DEBUG(2, ("Invalid gencache data format: %s\n", (const char *)databuf.dptr));
467 /* remove the entry */
468 tdb_delete_bystring(cache->tdb, idkey);
469 ret = NT_STATUS_NONE_MAPPED;
473 /* check it is not negative */
474 if (strcmp("IDMAP/NEGATIVE", endptr+1) != 0) {
476 DEBUG(10, ("Returning %s cache entry: key = %s, value = %s, "
477 "timeout = %s", t > now ? "valid" :
478 "expired", idkey, endptr+1, ctime(&t)));
480 /* this call if successful will also mark the entry as mapped */
481 ret = idmap_cache_fill_map(id, endptr+1);
482 if ( ! NT_STATUS_IS_OK(ret)) {
483 /* if not valid form delete the entry */
484 tdb_delete_bystring(cache->tdb, idkey);
485 ret = NT_STATUS_NONE_MAPPED;
489 /* here ret == NT_STATUS_OK and id->mapped = ID_MAPPED */
492 /* If we've been told to be offline - stay in
494 if ( IS_DOMAIN_OFFLINE(our_domain) ) {
495 DEBUG(10,("idmap_cache_map_sid: idmap is offline\n"));
499 /* We're expired, set an error code
501 ret = NT_STATUS_SYNCHRONIZATION_REQUIRED;
507 /* Was a negative cache hit */
509 /* Ignore the negative cache when offline */
511 if ( IS_DOMAIN_OFFLINE(our_domain) ) {
512 DEBUG(10,("idmap_cache_map_sid: idmap is offline\n"));
513 ret = NT_STATUS_NONE_MAPPED;
518 /* Process the negative cache hit */
521 /* We're expired. Return not mapped */
522 ret = NT_STATUS_NONE_MAPPED;
524 /* this is not mapped is it was a negative cache hit */
525 id->status = ID_UNMAPPED;
530 SAFE_FREE(databuf.dptr);