2 Unix SMB/CIFS implementation.
7 Copyright (C) Simo Sorce 2006
8 Copyright (C) Rafal Szczesniak 2002
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.*/
26 #define TIMEOUT_LEN 12
27 #define IDMAP_CACHE_DATA_FMT "%12u/%s"
28 #define IDMAP_READ_CACHE_DATA_FMT_TEMPLATE "%%12u/%%%us"
30 struct idmap_cache_ctx {
34 static int idmap_cache_destructor(struct idmap_cache_ctx *cache)
38 if (cache && cache->tdb) {
39 ret = tdb_close(cache->tdb);
46 struct idmap_cache_ctx *idmap_cache_init(TALLOC_CTX *memctx)
48 struct idmap_cache_ctx *cache;
49 char* cache_fname = NULL;
51 cache = talloc(memctx, struct idmap_cache_ctx);
53 DEBUG(0, ("Out of memory!\n"));
57 cache_fname = lock_path("idmap_cache.tdb");
59 DEBUG(10, ("Opening cache file at %s\n", cache_fname));
61 cache->tdb = tdb_open_log(cache_fname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
64 DEBUG(5, ("Attempt to open %s has failed.\n", cache_fname));
68 talloc_set_destructor(cache, idmap_cache_destructor);
73 void idmap_cache_shutdown(struct idmap_cache_ctx *cache)
78 NTSTATUS idmap_cache_build_sidkey(TALLOC_CTX *ctx, char **sidkey, const struct id_map *id)
80 *sidkey = talloc_asprintf(ctx, "IDMAP/SID/%s", sid_string_static(id->sid));
82 DEBUG(1, ("failed to build sidkey, OOM?\n"));
83 return NT_STATUS_NO_MEMORY;
89 NTSTATUS idmap_cache_build_idkey(TALLOC_CTX *ctx, char **idkey, const struct id_map *id)
91 *idkey = talloc_asprintf(ctx, "IDMAP/%s/%lu",
92 (id->xid.type==ID_TYPE_UID)?"UID":"GID",
93 (unsigned long)id->xid.id);
95 DEBUG(1, ("failed to build idkey, OOM?\n"));
96 return NT_STATUS_NO_MEMORY;
102 NTSTATUS idmap_cache_set(struct idmap_cache_ctx *cache, const struct id_map *id)
105 time_t timeout = time(NULL) + lp_idmap_cache_time();
111 /* Don't cache lookups in the S-1-22-{1,2} domain */
112 if ( (id->xid.type == ID_TYPE_UID) &&
113 sid_check_is_in_unix_users(id->sid) )
117 if ( (id->xid.type == ID_TYPE_GID) &&
118 sid_check_is_in_unix_groups(id->sid) )
124 ret = idmap_cache_build_sidkey(cache, &sidkey, id);
125 if (!NT_STATUS_IS_OK(ret)) return ret;
127 /* use sidkey as the local memory ctx */
128 ret = idmap_cache_build_idkey(sidkey, &idkey, id);
129 if (!NT_STATUS_IS_OK(ret)) {
135 /* use sidkey as the local memory ctx */
136 valstr = talloc_asprintf(sidkey, IDMAP_CACHE_DATA_FMT, (int)timeout, idkey);
138 DEBUG(0, ("Out of memory!\n"));
139 ret = NT_STATUS_NO_MEMORY;
143 databuf = string_term_tdb_data(valstr);
144 DEBUG(10, ("Adding cache entry with key = %s; value = %s and timeout ="
145 " %s (%d seconds %s)\n", sidkey, valstr , ctime(&timeout),
146 (int)(timeout - time(NULL)),
147 timeout > time(NULL) ? "ahead" : "in the past"));
149 if (tdb_store_bystring(cache->tdb, sidkey, databuf, TDB_REPLACE) != 0) {
150 DEBUG(3, ("Failed to store cache entry!\n"));
151 ret = NT_STATUS_UNSUCCESSFUL;
157 /* use sidkey as the local memory ctx */
158 valstr = talloc_asprintf(sidkey, IDMAP_CACHE_DATA_FMT, (int)timeout, sidkey);
160 DEBUG(0, ("Out of memory!\n"));
161 ret = NT_STATUS_NO_MEMORY;
165 databuf = string_term_tdb_data(valstr);
166 DEBUG(10, ("Adding cache entry with key = %s; value = %s and timeout ="
167 " %s (%d seconds %s)\n", idkey, valstr, ctime(&timeout),
168 (int)(timeout - time(NULL)),
169 timeout > time(NULL) ? "ahead" : "in the past"));
171 if (tdb_store_bystring(cache->tdb, idkey, databuf, TDB_REPLACE) != 0) {
172 DEBUG(3, ("Failed to store cache entry!\n"));
173 ret = NT_STATUS_UNSUCCESSFUL;
184 NTSTATUS idmap_cache_set_negative_sid(struct idmap_cache_ctx *cache, const struct id_map *id)
187 time_t timeout = time(NULL) + lp_idmap_negative_cache_time();
192 ret = idmap_cache_build_sidkey(cache, &sidkey, id);
193 if (!NT_STATUS_IS_OK(ret)) return ret;
195 /* use sidkey as the local memory ctx */
196 valstr = talloc_asprintf(sidkey, IDMAP_CACHE_DATA_FMT, (int)timeout, "IDMAP/NEGATIVE");
198 DEBUG(0, ("Out of memory!\n"));
199 ret = NT_STATUS_NO_MEMORY;
203 databuf = string_term_tdb_data(valstr);
204 DEBUG(10, ("Adding cache entry with key = %s; value = %s and timeout ="
205 " %s (%d seconds %s)\n", sidkey, valstr, ctime(&timeout),
206 (int)(timeout - time(NULL)),
207 timeout > time(NULL) ? "ahead" : "in the past"));
209 if (tdb_store_bystring(cache->tdb, sidkey, databuf, TDB_REPLACE) != 0) {
210 DEBUG(3, ("Failed to store cache entry!\n"));
211 ret = NT_STATUS_UNSUCCESSFUL;
220 NTSTATUS idmap_cache_set_negative_id(struct idmap_cache_ctx *cache, const struct id_map *id)
223 time_t timeout = time(NULL) + lp_idmap_negative_cache_time();
228 ret = idmap_cache_build_idkey(cache, &idkey, id);
229 if (!NT_STATUS_IS_OK(ret)) return ret;
231 /* use idkey as the local memory ctx */
232 valstr = talloc_asprintf(idkey, IDMAP_CACHE_DATA_FMT, (int)timeout, "IDMAP/NEGATIVE");
234 DEBUG(0, ("Out of memory!\n"));
235 ret = NT_STATUS_NO_MEMORY;
239 databuf = string_term_tdb_data(valstr);
240 DEBUG(10, ("Adding cache entry with key = %s; value = %s and timeout ="
241 " %s (%d seconds %s)\n", idkey, valstr, ctime(&timeout),
242 (int)(timeout - time(NULL)),
243 timeout > time(NULL) ? "ahead" : "in the past"));
245 if (tdb_store_bystring(cache->tdb, idkey, databuf, TDB_REPLACE) != 0) {
246 DEBUG(3, ("Failed to store cache entry!\n"));
247 ret = NT_STATUS_UNSUCCESSFUL;
256 NTSTATUS idmap_cache_fill_map(struct id_map *id, const char *value)
260 /* see if it is a sid */
261 if ( ! strncmp("IDMAP/SID/", value, 10)) {
263 if ( ! string_to_sid(id->sid, &value[10])) {
267 id->status = ID_MAPPED;
272 /* not a SID see if it is an UID or a GID */
273 if ( ! strncmp("IDMAP/UID/", value, 10)) {
276 id->xid.type = ID_TYPE_UID;
278 } else if ( ! strncmp("IDMAP/GID/", value, 10)) {
281 id->xid.type = ID_TYPE_GID;
285 /* a completely bogus value bail out */
289 id->xid.id = strtol(&value[10], &rem, 0);
294 id->status = ID_MAPPED;
299 DEBUG(1, ("invalid value: %s\n", value));
300 id->status = ID_UNKNOWN;
301 return NT_STATUS_INTERNAL_DB_CORRUPTION;
304 BOOL idmap_cache_is_negative(const char *val)
306 if ( ! strcmp("IDMAP/NEGATIVE", val)) {
312 /* search the cahce for the SID an return a mapping if found *
314 * 4 cases are possible
317 * in this case id->status = ID_MAPPED and NT_STATUS_OK is returned
319 * in this case id->status = ID_UNKNOWN and NT_STATUS_NONE_MAPPED is returned
320 * 3 negative cache found
321 * in this case id->status = ID_UNMAPPED and NT_STATUS_OK is returned
322 * 4 map found but timer expired
323 * in this case id->status = ID_EXPIRED and NT_STATUS_SYNCHRONIZATION_REQUIRED
324 * is returned. In this case revalidation of the cache is needed.
327 NTSTATUS idmap_cache_map_sid(struct idmap_cache_ctx *cache, struct id_map *id)
334 struct winbindd_domain *our_domain = find_our_domain();
335 time_t now = time(NULL);
337 /* make sure it is marked as not mapped by default */
338 id->status = ID_UNKNOWN;
340 ret = idmap_cache_build_sidkey(cache, &sidkey, id);
341 if (!NT_STATUS_IS_OK(ret)) return ret;
343 databuf = tdb_fetch_bystring(cache->tdb, sidkey);
345 if (databuf.dptr == NULL) {
346 DEBUG(10, ("Cache entry with key = %s couldn't be found\n", sidkey));
347 ret = NT_STATUS_NONE_MAPPED;
351 t = strtol((const char *)databuf.dptr, &endptr, 10);
353 if ((endptr == NULL) || (*endptr != '/')) {
354 DEBUG(2, ("Invalid gencache data format: %s\n", (const char *)databuf.dptr));
355 /* remove the entry */
356 tdb_delete_bystring(cache->tdb, sidkey);
357 ret = NT_STATUS_NONE_MAPPED;
361 /* check it is not negative */
362 if (strcmp("IDMAP/NEGATIVE", endptr+1) != 0) {
364 DEBUG(10, ("Returning %s cache entry: key = %s, value = %s, "
365 "timeout = %s", t > now ? "valid" :
366 "expired", sidkey, endptr+1, ctime(&t)));
368 /* this call if successful will also mark the entry as mapped */
369 ret = idmap_cache_fill_map(id, endptr+1);
370 if ( ! NT_STATUS_IS_OK(ret)) {
371 /* if not valid form delete the entry */
372 tdb_delete_bystring(cache->tdb, sidkey);
373 ret = NT_STATUS_NONE_MAPPED;
377 /* here ret == NT_STATUS_OK and id->status = ID_MAPPED */
380 /* If we've been told to be offline - stay in
382 if ( IS_DOMAIN_OFFLINE(our_domain) ) {
383 DEBUG(10,("idmap_cache_map_sid: idmap is offline\n"));
387 /* We're expired, set an error code
389 ret = NT_STATUS_SYNCHRONIZATION_REQUIRED;
395 /* Was a negative cache hit */
397 /* Ignore the negative cache when offline */
399 if ( IS_DOMAIN_OFFLINE(our_domain) ) {
400 DEBUG(10,("idmap_cache_map_sid: idmap is offline\n"));
405 /* Check for valid or expired cache hits */
407 /* We're expired. Return not mapped */
408 ret = NT_STATUS_NONE_MAPPED;
410 /* this is not mapped as it was a negative cache hit */
411 id->status = ID_UNMAPPED;
416 SAFE_FREE(databuf.dptr);
421 /* search the cahce for the ID an return a mapping if found *
423 * 4 cases are possible
426 * in this case id->status = ID_MAPPED and NT_STATUS_OK is returned
428 * in this case id->status = ID_UNKNOWN and NT_STATUS_NONE_MAPPED is returned
429 * 3 negative cache found
430 * in this case id->status = ID_UNMAPPED and NT_STATUS_OK is returned
431 * 4 map found but timer expired
432 * in this case id->status = ID_EXPIRED and NT_STATUS_SYNCHRONIZATION_REQUIRED
433 * is returned. In this case revalidation of the cache is needed.
436 NTSTATUS idmap_cache_map_id(struct idmap_cache_ctx *cache, struct id_map *id)
443 struct winbindd_domain *our_domain = find_our_domain();
444 time_t now = time(NULL);
446 /* make sure it is marked as unknown by default */
447 id->status = ID_UNKNOWN;
449 ret = idmap_cache_build_idkey(cache, &idkey, id);
450 if (!NT_STATUS_IS_OK(ret)) return ret;
452 databuf = tdb_fetch_bystring(cache->tdb, idkey);
454 if (databuf.dptr == NULL) {
455 DEBUG(10, ("Cache entry with key = %s couldn't be found\n", idkey));
456 ret = NT_STATUS_NONE_MAPPED;
460 t = strtol((const char *)databuf.dptr, &endptr, 10);
462 if ((endptr == NULL) || (*endptr != '/')) {
463 DEBUG(2, ("Invalid gencache data format: %s\n", (const char *)databuf.dptr));
464 /* remove the entry */
465 tdb_delete_bystring(cache->tdb, idkey);
466 ret = NT_STATUS_NONE_MAPPED;
470 /* check it is not negative */
471 if (strcmp("IDMAP/NEGATIVE", endptr+1) != 0) {
473 DEBUG(10, ("Returning %s cache entry: key = %s, value = %s, "
474 "timeout = %s", t > now ? "valid" :
475 "expired", idkey, endptr+1, ctime(&t)));
477 /* this call if successful will also mark the entry as mapped */
478 ret = idmap_cache_fill_map(id, endptr+1);
479 if ( ! NT_STATUS_IS_OK(ret)) {
480 /* if not valid form delete the entry */
481 tdb_delete_bystring(cache->tdb, idkey);
482 ret = NT_STATUS_NONE_MAPPED;
486 /* here ret == NT_STATUS_OK and id->mapped = ID_MAPPED */
489 /* If we've been told to be offline - stay in
491 if ( IS_DOMAIN_OFFLINE(our_domain) ) {
492 DEBUG(10,("idmap_cache_map_sid: idmap is offline\n"));
496 /* We're expired, set an error code
498 ret = NT_STATUS_SYNCHRONIZATION_REQUIRED;
504 /* Was a negative cache hit */
506 /* Ignore the negative cache when offline */
508 if ( IS_DOMAIN_OFFLINE(our_domain) ) {
509 DEBUG(10,("idmap_cache_map_sid: idmap is offline\n"));
510 ret = NT_STATUS_NONE_MAPPED;
515 /* Process the negative cache hit */
518 /* We're expired. Return not mapped */
519 ret = NT_STATUS_NONE_MAPPED;
521 /* this is not mapped is it was a negative cache hit */
522 id->status = ID_UNMAPPED;
527 SAFE_FREE(databuf.dptr);
git.samba.org / sfrench / samba-autobuild / .git / blob