2 Unix SMB/CIFS implementation.
4 Winbind cache backend functions
6 Copyright (C) Andrew Tridgell 2001
7 Copyright (C) Gerald Carter 2003
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 #define DBGC_CLASS DBGC_WINBIND
31 struct winbind_cache {
37 uint32 sequence_number;
42 #define WINBINDD_MAX_CACHE_SIZE (50*1024*1024)
44 static struct winbind_cache *wcache;
47 void wcache_flush_cache(void)
49 extern BOOL opt_nocache;
54 tdb_close(wcache->tdb);
60 wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"), 5000,
61 TDB_CLEAR_IF_FIRST, O_RDWR|O_CREAT, 0600);
64 DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
66 DEBUG(10,("wcache_flush_cache success\n"));
69 void winbindd_check_cache_size(time_t t)
71 static time_t last_check_time;
74 if (last_check_time == (time_t)0)
77 if (t - last_check_time < 60 && t - last_check_time > 0)
80 if (wcache == NULL || wcache->tdb == NULL) {
81 DEBUG(0, ("Unable to check size of tdb cache - cache not open !\n"));
85 if (fstat(wcache->tdb->fd, &st) == -1) {
86 DEBUG(0, ("Unable to check size of tdb cache %s!\n", strerror(errno) ));
90 if (st.st_size > WINBINDD_MAX_CACHE_SIZE) {
91 DEBUG(10,("flushing cache due to size (%lu) > (%lu)\n",
92 (unsigned long)st.st_size,
93 (unsigned long)WINBINDD_MAX_CACHE_SIZE));
98 /* get the winbind_cache structure */
99 static struct winbind_cache *get_cache(struct winbindd_domain *domain)
101 struct winbind_cache *ret = wcache;
103 if (!domain->backend) {
104 extern struct winbindd_methods msrpc_methods;
105 switch (lp_security()) {
108 extern struct winbindd_methods ads_methods;
109 /* always obey the lp_security parameter for our domain */
110 if (domain->primary) {
111 domain->backend = &ads_methods;
115 if ( domain->native_mode ) {
116 domain->backend = &ads_methods;
124 domain->backend = &msrpc_methods;
131 ret = smb_xmalloc(sizeof(*ret));
135 wcache_flush_cache();
141 free a centry structure
143 static void centry_free(struct cache_entry *centry)
147 SAFE_FREE(centry->data);
152 pull a uint32 from a cache entry
154 static uint32 centry_uint32(struct cache_entry *centry)
157 if (centry->len - centry->ofs < 4) {
158 DEBUG(0,("centry corruption? needed 4 bytes, have %d\n",
159 centry->len - centry->ofs));
160 smb_panic("centry_uint32");
162 ret = IVAL(centry->data, centry->ofs);
168 pull a uint8 from a cache entry
170 static uint8 centry_uint8(struct cache_entry *centry)
173 if (centry->len - centry->ofs < 1) {
174 DEBUG(0,("centry corruption? needed 1 bytes, have %d\n",
175 centry->len - centry->ofs));
176 smb_panic("centry_uint32");
178 ret = CVAL(centry->data, centry->ofs);
183 /* pull a string from a cache entry, using the supplied
186 static char *centry_string(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
191 len = centry_uint8(centry);
194 /* a deliberate NULL string */
198 if (centry->len - centry->ofs < len) {
199 DEBUG(0,("centry corruption? needed %d bytes, have %d\n",
200 len, centry->len - centry->ofs));
201 smb_panic("centry_string");
204 ret = talloc(mem_ctx, len+1);
206 smb_panic("centry_string out of memory\n");
208 memcpy(ret,centry->data + centry->ofs, len);
214 /* pull a string from a cache entry, using the supplied
217 static DOM_SID *centry_sid(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
222 sid = talloc(mem_ctx, sizeof(*sid));
226 sid_string = centry_string(centry, mem_ctx);
227 if (!string_to_sid(sid, sid_string)) {
233 /* the server is considered down if it can't give us a sequence number */
234 static BOOL wcache_server_down(struct winbindd_domain *domain)
241 ret = (domain->sequence_number == DOM_SEQUENCE_NONE);
244 DEBUG(10,("wcache_server_down: server for Domain %s down\n",
249 static NTSTATUS fetch_cache_seqnum( struct winbindd_domain *domain, time_t now )
256 DEBUG(10,("fetch_cache_seqnum: tdb == NULL\n"));
257 return NT_STATUS_UNSUCCESSFUL;
260 fstr_sprintf( key, "SEQNUM/%s", domain->name );
262 data = tdb_fetch_bystring( wcache->tdb, key );
263 if ( !data.dptr || data.dsize!=8 ) {
264 DEBUG(10,("fetch_cache_seqnum: invalid data size key [%s]\n", key ));
265 return NT_STATUS_UNSUCCESSFUL;
268 domain->sequence_number = IVAL(data.dptr, 0);
269 domain->last_seq_check = IVAL(data.dptr, 4);
271 /* have we expired? */
273 time_diff = now - domain->last_seq_check;
274 if ( time_diff > lp_winbind_cache_time() ) {
275 DEBUG(10,("fetch_cache_seqnum: timeout [%s][%u @ %u]\n",
276 domain->name, domain->sequence_number,
277 (uint32)domain->last_seq_check));
278 return NT_STATUS_UNSUCCESSFUL;
281 DEBUG(10,("fetch_cache_seqnum: success [%s][%u @ %u]\n",
282 domain->name, domain->sequence_number,
283 (uint32)domain->last_seq_check));
288 static NTSTATUS store_cache_seqnum( struct winbindd_domain *domain )
295 DEBUG(10,("store_cache_seqnum: tdb == NULL\n"));
296 return NT_STATUS_UNSUCCESSFUL;
299 fstr_sprintf( key_str, "SEQNUM/%s", domain->name );
301 key.dsize = strlen(key_str)+1;
303 SIVAL(buf, 0, domain->sequence_number);
304 SIVAL(buf, 4, domain->last_seq_check);
308 if ( tdb_store( wcache->tdb, key, data, TDB_REPLACE) == -1 ) {
309 DEBUG(10,("store_cache_seqnum: tdb_store fail key [%s]\n", key_str ));
310 return NT_STATUS_UNSUCCESSFUL;
313 DEBUG(10,("store_cache_seqnum: success [%s][%u @ %u]\n",
314 domain->name, domain->sequence_number,
315 (uint32)domain->last_seq_check));
321 refresh the domain sequence number. If force is True
322 then always refresh it, no matter how recently we fetched it
325 static void refresh_sequence_number(struct winbindd_domain *domain, BOOL force)
329 time_t t = time(NULL);
330 unsigned cache_time = lp_winbind_cache_time();
334 /* trying to reconnect is expensive, don't do it too often */
335 if (domain->sequence_number == DOM_SEQUENCE_NONE) {
339 time_diff = t - domain->last_seq_check;
341 /* see if we have to refetch the domain sequence number */
342 if (!force && (time_diff < cache_time)) {
343 DEBUG(10, ("refresh_sequence_number: %s time ok\n", domain->name));
347 /* try to get the sequence number from the tdb cache first */
348 /* this will update the timestamp as well */
350 status = fetch_cache_seqnum( domain, t );
351 if ( NT_STATUS_IS_OK(status) )
354 status = domain->backend->sequence_number(domain, &domain->sequence_number);
356 if (!NT_STATUS_IS_OK(status)) {
357 domain->sequence_number = DOM_SEQUENCE_NONE;
360 domain->last_status = status;
361 domain->last_seq_check = time(NULL);
363 /* save the new sequence number ni the cache */
364 store_cache_seqnum( domain );
367 DEBUG(10, ("refresh_sequence_number: %s seq number is now %d\n",
368 domain->name, domain->sequence_number));
374 decide if a cache entry has expired
376 static BOOL centry_expired(struct winbindd_domain *domain, const char *keystr, struct cache_entry *centry)
378 /* if the server is OK and our cache entry came from when it was down then
379 the entry is invalid */
380 if (domain->sequence_number != DOM_SEQUENCE_NONE &&
381 centry->sequence_number == DOM_SEQUENCE_NONE) {
382 DEBUG(10,("centry_expired: Key %s for domain %s invalid sequence.\n",
383 keystr, domain->name ));
387 /* if the server is down or the cache entry is not older than the
388 current sequence number then it is OK */
389 if (wcache_server_down(domain) ||
390 centry->sequence_number == domain->sequence_number) {
391 DEBUG(10,("centry_expired: Key %s for domain %s is good.\n",
392 keystr, domain->name ));
396 DEBUG(10,("centry_expired: Key %s for domain %s expired\n",
397 keystr, domain->name ));
404 fetch an entry from the cache, with a varargs key. auto-fetch the sequence
405 number and return status
407 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
408 struct winbindd_domain *domain,
409 const char *format, ...) PRINTF_ATTRIBUTE(3,4);
410 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
411 struct winbindd_domain *domain,
412 const char *format, ...)
417 struct cache_entry *centry;
420 refresh_sequence_number(domain, False);
422 va_start(ap, format);
423 smb_xvasprintf(&kstr, format, ap);
427 key.dsize = strlen(kstr);
428 data = tdb_fetch(wcache->tdb, key);
435 centry = smb_xmalloc(sizeof(*centry));
436 centry->data = (unsigned char *)data.dptr;
437 centry->len = data.dsize;
440 if (centry->len < 8) {
441 /* huh? corrupt cache? */
442 DEBUG(10,("wcache_fetch: Corrupt cache for key %s domain %s (len < 8) ?\n",
443 kstr, domain->name ));
449 centry->status = NT_STATUS(centry_uint32(centry));
450 centry->sequence_number = centry_uint32(centry);
452 if (centry_expired(domain, kstr, centry)) {
453 extern BOOL opt_dual_daemon;
455 DEBUG(10,("wcache_fetch: entry %s expired for domain %s\n",
456 kstr, domain->name ));
458 if (opt_dual_daemon) {
459 extern BOOL background_process;
460 background_process = True;
461 DEBUG(10,("wcache_fetch: background processing expired entry %s for domain %s\n",
462 kstr, domain->name ));
470 DEBUG(10,("wcache_fetch: returning entry %s for domain %s\n",
471 kstr, domain->name ));
478 make sure we have at least len bytes available in a centry
480 static void centry_expand(struct cache_entry *centry, uint32 len)
483 if (centry->len - centry->ofs >= len)
486 p = realloc(centry->data, centry->len);
488 DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len));
489 smb_panic("out of memory in centry_expand");
495 push a uint32 into a centry
497 static void centry_put_uint32(struct cache_entry *centry, uint32 v)
499 centry_expand(centry, 4);
500 SIVAL(centry->data, centry->ofs, v);
505 push a uint8 into a centry
507 static void centry_put_uint8(struct cache_entry *centry, uint8 v)
509 centry_expand(centry, 1);
510 SCVAL(centry->data, centry->ofs, v);
515 push a string into a centry
517 static void centry_put_string(struct cache_entry *centry, const char *s)
522 /* null strings are marked as len 0xFFFF */
523 centry_put_uint8(centry, 0xFF);
528 /* can't handle more than 254 char strings. Truncating is probably best */
531 centry_put_uint8(centry, len);
532 centry_expand(centry, len);
533 memcpy(centry->data + centry->ofs, s, len);
537 static void centry_put_sid(struct cache_entry *centry, const DOM_SID *sid)
540 centry_put_string(centry, sid_to_string(sid_string, sid));
544 start a centry for output. When finished, call centry_end()
546 struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status)
548 struct cache_entry *centry;
553 centry = smb_xmalloc(sizeof(*centry));
555 centry->len = 8192; /* reasonable default */
556 centry->data = smb_xmalloc(centry->len);
558 centry->sequence_number = domain->sequence_number;
559 centry_put_uint32(centry, NT_STATUS_V(status));
560 centry_put_uint32(centry, centry->sequence_number);
565 finish a centry and write it to the tdb
567 static void centry_end(struct cache_entry *centry, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
568 static void centry_end(struct cache_entry *centry, const char *format, ...)
574 va_start(ap, format);
575 smb_xvasprintf(&kstr, format, ap);
579 key.dsize = strlen(kstr);
580 data.dptr = (char *)centry->data;
581 data.dsize = centry->ofs;
583 tdb_store(wcache->tdb, key, data, TDB_REPLACE);
587 static void wcache_save_name_to_sid(struct winbindd_domain *domain,
589 const char *name, const DOM_SID *sid,
590 enum SID_NAME_USE type)
592 struct cache_entry *centry;
596 centry = centry_start(domain, status);
599 centry_put_sid(centry, sid);
600 fstrcpy(uname, name);
602 centry_end(centry, "NS/%s", sid_to_string(sid_string, sid));
603 DEBUG(10,("wcache_save_name_to_sid: %s -> %s\n", uname, sid_string));
607 static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS status,
608 const DOM_SID *sid, const char *name, enum SID_NAME_USE type)
610 struct cache_entry *centry;
613 centry = centry_start(domain, status);
616 if (NT_STATUS_IS_OK(status)) {
617 centry_put_uint32(centry, type);
618 centry_put_string(centry, name);
620 centry_end(centry, "SN/%s", sid_to_string(sid_string, sid));
621 DEBUG(10,("wcache_save_sid_to_name: %s -> %s\n", sid_string, name));
626 static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WINBIND_USERINFO *info)
628 struct cache_entry *centry;
631 centry = centry_start(domain, status);
634 centry_put_string(centry, info->acct_name);
635 centry_put_string(centry, info->full_name);
636 centry_put_sid(centry, info->user_sid);
637 centry_put_sid(centry, info->group_sid);
638 centry_end(centry, "U/%s", sid_to_string(sid_string, info->user_sid));
639 DEBUG(10,("wcache_save_user: %s (acct_name %s)\n", sid_string, info->acct_name));
644 /* Query display info. This is the basic user list fn */
645 static NTSTATUS query_user_list(struct winbindd_domain *domain,
648 WINBIND_USERINFO **info)
650 struct winbind_cache *cache = get_cache(domain);
651 struct cache_entry *centry = NULL;
653 unsigned int i, retry;
658 centry = wcache_fetch(cache, domain, "UL/%s", domain->name);
662 *num_entries = centry_uint32(centry);
664 if (*num_entries == 0)
667 (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
669 smb_panic("query_user_list out of memory");
670 for (i=0; i<(*num_entries); i++) {
671 (*info)[i].acct_name = centry_string(centry, mem_ctx);
672 (*info)[i].full_name = centry_string(centry, mem_ctx);
673 (*info)[i].user_sid = centry_sid(centry, mem_ctx);
674 (*info)[i].group_sid = centry_sid(centry, mem_ctx);
678 status = centry->status;
680 DEBUG(10,("query_user_list: [Cached] - cached list for domain %s status %s\n",
681 domain->name, get_friendly_nt_error_msg(status) ));
690 /* Return status value returned by seq number check */
692 if (!NT_STATUS_IS_OK(domain->last_status))
693 return domain->last_status;
695 /* Put the query_user_list() in a retry loop. There appears to be
696 * some bug either with Windows 2000 or Samba's handling of large
697 * rpc replies. This manifests itself as sudden disconnection
698 * at a random point in the enumeration of a large (60k) user list.
699 * The retry loop simply tries the operation again. )-: It's not
700 * pretty but an acceptable workaround until we work out what the
701 * real problem is. */
706 DEBUG(10,("query_user_list: [Cached] - doing backend query for list for domain %s\n",
709 status = domain->backend->query_user_list(domain, mem_ctx, num_entries, info);
710 if (!NT_STATUS_IS_OK(status))
711 DEBUG(3, ("query_user_list: returned 0x%08x, retrying\n", NT_STATUS_V(status)));
712 if (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL)) {
713 DEBUG(3, ("query_user_list: flushing connection cache\n"));
717 } while (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) &&
721 refresh_sequence_number(domain, False);
722 centry = centry_start(domain, status);
725 centry_put_uint32(centry, *num_entries);
726 for (i=0; i<(*num_entries); i++) {
727 centry_put_string(centry, (*info)[i].acct_name);
728 centry_put_string(centry, (*info)[i].full_name);
729 centry_put_sid(centry, (*info)[i].user_sid);
730 centry_put_sid(centry, (*info)[i].group_sid);
731 if (domain->backend->consistent) {
732 /* when the backend is consistent we can pre-prime some mappings */
733 wcache_save_name_to_sid(domain, NT_STATUS_OK,
734 (*info)[i].acct_name,
737 wcache_save_sid_to_name(domain, NT_STATUS_OK,
739 (*info)[i].acct_name,
741 wcache_save_user(domain, NT_STATUS_OK, &(*info)[i]);
744 centry_end(centry, "UL/%s", domain->name);
751 /* list all domain groups */
752 static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
755 struct acct_info **info)
757 struct winbind_cache *cache = get_cache(domain);
758 struct cache_entry *centry = NULL;
765 centry = wcache_fetch(cache, domain, "GL/%s/domain", domain->name);
769 *num_entries = centry_uint32(centry);
771 if (*num_entries == 0)
774 (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
776 smb_panic("enum_dom_groups out of memory");
777 for (i=0; i<(*num_entries); i++) {
778 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
779 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
780 (*info)[i].rid = centry_uint32(centry);
784 status = centry->status;
786 DEBUG(10,("enum_dom_groups: [Cached] - cached list for domain %s status %s\n",
787 domain->name, get_friendly_nt_error_msg(status) ));
796 /* Return status value returned by seq number check */
798 if (!NT_STATUS_IS_OK(domain->last_status))
799 return domain->last_status;
801 DEBUG(10,("enum_dom_groups: [Cached] - doing backend query for list for domain %s\n",
804 status = domain->backend->enum_dom_groups(domain, mem_ctx, num_entries, info);
807 refresh_sequence_number(domain, False);
808 centry = centry_start(domain, status);
811 centry_put_uint32(centry, *num_entries);
812 for (i=0; i<(*num_entries); i++) {
813 centry_put_string(centry, (*info)[i].acct_name);
814 centry_put_string(centry, (*info)[i].acct_desc);
815 centry_put_uint32(centry, (*info)[i].rid);
817 centry_end(centry, "GL/%s/domain", domain->name);
824 /* list all domain groups */
825 static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
828 struct acct_info **info)
830 struct winbind_cache *cache = get_cache(domain);
831 struct cache_entry *centry = NULL;
838 centry = wcache_fetch(cache, domain, "GL/%s/local", domain->name);
842 *num_entries = centry_uint32(centry);
844 if (*num_entries == 0)
847 (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
849 smb_panic("enum_dom_groups out of memory");
850 for (i=0; i<(*num_entries); i++) {
851 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
852 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
853 (*info)[i].rid = centry_uint32(centry);
858 /* If we are returning cached data and the domain controller
859 is down then we don't know whether the data is up to date
860 or not. Return NT_STATUS_MORE_PROCESSING_REQUIRED to
863 if (wcache_server_down(domain)) {
864 DEBUG(10, ("enum_local_groups: returning cached user list and server was down\n"));
865 status = NT_STATUS_MORE_PROCESSING_REQUIRED;
867 status = centry->status;
869 DEBUG(10,("enum_local_groups: [Cached] - cached list for domain %s status %s\n",
870 domain->name, get_friendly_nt_error_msg(status) ));
879 /* Return status value returned by seq number check */
881 if (!NT_STATUS_IS_OK(domain->last_status))
882 return domain->last_status;
884 DEBUG(10,("enum_local_groups: [Cached] - doing backend query for list for domain %s\n",
887 status = domain->backend->enum_local_groups(domain, mem_ctx, num_entries, info);
890 refresh_sequence_number(domain, False);
891 centry = centry_start(domain, status);
894 centry_put_uint32(centry, *num_entries);
895 for (i=0; i<(*num_entries); i++) {
896 centry_put_string(centry, (*info)[i].acct_name);
897 centry_put_string(centry, (*info)[i].acct_desc);
898 centry_put_uint32(centry, (*info)[i].rid);
900 centry_end(centry, "GL/%s/local", domain->name);
907 /* convert a single name to a sid in a domain */
908 static NTSTATUS name_to_sid(struct winbindd_domain *domain,
912 enum SID_NAME_USE *type)
914 struct winbind_cache *cache = get_cache(domain);
915 struct cache_entry *centry = NULL;
923 fstrcpy(uname, name);
925 centry = wcache_fetch(cache, domain, "NS/%s/%s", domain->name, uname);
928 *type = (enum SID_NAME_USE)centry_uint32(centry);
929 sid2 = centry_sid(centry, mem_ctx);
936 status = centry->status;
938 DEBUG(10,("name_to_sid: [Cached] - cached name for domain %s status %s\n",
939 domain->name, get_friendly_nt_error_msg(status) ));
947 /* If the seq number check indicated that there is a problem
948 * with this DC, then return that status... except for
949 * access_denied. This is special because the dc may be in
950 * "restrict anonymous = 1" mode, in which case it will deny
951 * most unauthenticated operations, but *will* allow the LSA
952 * name-to-sid that we try as a fallback. */
954 if (!(NT_STATUS_IS_OK(domain->last_status)
955 || NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)))
956 return domain->last_status;
958 DEBUG(10,("name_to_sid: [Cached] - doing backend query for name for domain %s\n",
961 status = domain->backend->name_to_sid(domain, mem_ctx, name, sid, type);
964 wcache_save_name_to_sid(domain, status, name, sid, *type);
966 /* We can't save the sid to name mapping as we don't know the
967 correct case of the name without looking it up */
972 /* convert a sid to a user or group name. The sid is guaranteed to be in the domain
974 static NTSTATUS sid_to_name(struct winbindd_domain *domain,
978 enum SID_NAME_USE *type)
980 struct winbind_cache *cache = get_cache(domain);
981 struct cache_entry *centry = NULL;
988 centry = wcache_fetch(cache, domain, "SN/%s", sid_to_string(sid_string, sid));
991 if (NT_STATUS_IS_OK(centry->status)) {
992 *type = (enum SID_NAME_USE)centry_uint32(centry);
993 *name = centry_string(centry, mem_ctx);
995 status = centry->status;
997 DEBUG(10,("sid_to_name: [Cached] - cached name for domain %s status %s\n",
998 domain->name, get_friendly_nt_error_msg(status) ));
1000 centry_free(centry);
1006 /* If the seq number check indicated that there is a problem
1007 * with this DC, then return that status... except for
1008 * access_denied. This is special because the dc may be in
1009 * "restrict anonymous = 1" mode, in which case it will deny
1010 * most unauthenticated operations, but *will* allow the LSA
1011 * sid-to-name that we try as a fallback. */
1013 if (!(NT_STATUS_IS_OK(domain->last_status)
1014 || NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)))
1015 return domain->last_status;
1017 DEBUG(10,("sid_to_name: [Cached] - doing backend query for name for domain %s\n",
1020 status = domain->backend->sid_to_name(domain, mem_ctx, sid, name, type);
1023 refresh_sequence_number(domain, False);
1024 wcache_save_sid_to_name(domain, status, sid, *name, *type);
1025 wcache_save_name_to_sid(domain, status, *name, sid, *type);
1031 /* Lookup user information from a rid */
1032 static NTSTATUS query_user(struct winbindd_domain *domain,
1033 TALLOC_CTX *mem_ctx,
1035 WINBIND_USERINFO *info)
1037 struct winbind_cache *cache = get_cache(domain);
1038 struct cache_entry *centry = NULL;
1044 centry = wcache_fetch(cache, domain, "U/%s", sid_string_static(user_sid));
1046 /* If we have an access denied cache entry and a cached info3 in the
1047 samlogon cache then do a query. This will force the rpc back end
1048 to return the info3 data. */
1050 if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
1051 netsamlogon_cache_have(user_sid)) {
1052 DEBUG(10, ("query_user: cached access denied and have cached info3\n"));
1053 domain->last_status = NT_STATUS_OK;
1054 centry_free(centry);
1061 info->acct_name = centry_string(centry, mem_ctx);
1062 info->full_name = centry_string(centry, mem_ctx);
1063 info->user_sid = centry_sid(centry, mem_ctx);
1064 info->group_sid = centry_sid(centry, mem_ctx);
1065 status = centry->status;
1067 DEBUG(10,("query_user: [Cached] - cached info for domain %s status %s\n",
1068 domain->name, get_friendly_nt_error_msg(status) ));
1070 centry_free(centry);
1076 /* Return status value returned by seq number check */
1078 if (!NT_STATUS_IS_OK(domain->last_status))
1079 return domain->last_status;
1081 DEBUG(10,("sid_to_name: [Cached] - doing backend query for info for domain %s\n",
1084 status = domain->backend->query_user(domain, mem_ctx, user_sid, info);
1087 refresh_sequence_number(domain, False);
1088 wcache_save_user(domain, status, info);
1094 /* Lookup groups a user is a member of. */
1095 static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
1096 TALLOC_CTX *mem_ctx,
1098 uint32 *num_groups, DOM_SID ***user_gids)
1100 struct winbind_cache *cache = get_cache(domain);
1101 struct cache_entry *centry = NULL;
1109 centry = wcache_fetch(cache, domain, "UG/%s", sid_to_string(sid_string, user_sid));
1111 /* If we have an access denied cache entry and a cached info3 in the
1112 samlogon cache then do a query. This will force the rpc back end
1113 to return the info3 data. */
1115 if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
1116 netsamlogon_cache_have(user_sid)) {
1117 DEBUG(10, ("query_user: cached access denied and have cached info3\n"));
1118 domain->last_status = NT_STATUS_OK;
1119 centry_free(centry);
1126 *num_groups = centry_uint32(centry);
1128 if (*num_groups == 0)
1131 (*user_gids) = talloc(mem_ctx, sizeof(**user_gids) * (*num_groups));
1133 smb_panic("lookup_usergroups out of memory");
1134 for (i=0; i<(*num_groups); i++) {
1135 (*user_gids)[i] = centry_sid(centry, mem_ctx);
1139 status = centry->status;
1141 DEBUG(10,("lookup_usergroups: [Cached] - cached info for domain %s status %s\n",
1142 domain->name, get_friendly_nt_error_msg(status) ));
1144 centry_free(centry);
1149 (*user_gids) = NULL;
1151 /* Return status value returned by seq number check */
1153 if (!NT_STATUS_IS_OK(domain->last_status))
1154 return domain->last_status;
1156 DEBUG(10,("lookup_usergroups: [Cached] - doing backend query for info for domain %s\n",
1159 status = domain->backend->lookup_usergroups(domain, mem_ctx, user_sid, num_groups, user_gids);
1162 refresh_sequence_number(domain, False);
1163 centry = centry_start(domain, status);
1166 centry_put_uint32(centry, *num_groups);
1167 for (i=0; i<(*num_groups); i++) {
1168 centry_put_sid(centry, (*user_gids)[i]);
1170 centry_end(centry, "UG/%s", sid_to_string(sid_string, user_sid));
1171 centry_free(centry);
1178 static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
1179 TALLOC_CTX *mem_ctx,
1180 DOM_SID *group_sid, uint32 *num_names,
1181 DOM_SID ***sid_mem, char ***names,
1182 uint32 **name_types)
1184 struct winbind_cache *cache = get_cache(domain);
1185 struct cache_entry *centry = NULL;
1193 centry = wcache_fetch(cache, domain, "GM/%s", sid_to_string(sid_string, group_sid));
1197 *num_names = centry_uint32(centry);
1199 if (*num_names == 0)
1202 (*sid_mem) = talloc(mem_ctx, sizeof(**sid_mem) * (*num_names));
1203 (*names) = talloc(mem_ctx, sizeof(**names) * (*num_names));
1204 (*name_types) = talloc(mem_ctx, sizeof(**name_types) * (*num_names));
1206 if (! (*sid_mem) || ! (*names) || ! (*name_types)) {
1207 smb_panic("lookup_groupmem out of memory");
1210 for (i=0; i<(*num_names); i++) {
1211 (*sid_mem)[i] = centry_sid(centry, mem_ctx);
1212 (*names)[i] = centry_string(centry, mem_ctx);
1213 (*name_types)[i] = centry_uint32(centry);
1217 status = centry->status;
1219 DEBUG(10,("lookup_groupmem: [Cached] - cached info for domain %s status %s\n",
1220 domain->name, get_friendly_nt_error_msg(status) ));
1222 centry_free(centry);
1229 (*name_types) = NULL;
1231 /* Return status value returned by seq number check */
1233 if (!NT_STATUS_IS_OK(domain->last_status))
1234 return domain->last_status;
1236 DEBUG(10,("lookup_groupmem: [Cached] - doing backend query for info for domain %s\n",
1239 status = domain->backend->lookup_groupmem(domain, mem_ctx, group_sid, num_names,
1240 sid_mem, names, name_types);
1243 refresh_sequence_number(domain, False);
1244 centry = centry_start(domain, status);
1247 centry_put_uint32(centry, *num_names);
1248 for (i=0; i<(*num_names); i++) {
1249 centry_put_sid(centry, (*sid_mem)[i]);
1250 centry_put_string(centry, (*names)[i]);
1251 centry_put_uint32(centry, (*name_types)[i]);
1253 centry_end(centry, "GM/%s", sid_to_string(sid_string, group_sid));
1254 centry_free(centry);
1260 /* find the sequence number for a domain */
1261 static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
1263 refresh_sequence_number(domain, False);
1265 *seq = domain->sequence_number;
1267 return NT_STATUS_OK;
1270 /* enumerate trusted domains */
1271 static NTSTATUS trusted_domains(struct winbindd_domain *domain,
1272 TALLOC_CTX *mem_ctx,
1273 uint32 *num_domains,
1280 DEBUG(10,("trusted_domains: [Cached] - doing backend query for info for domain %s\n",
1283 /* we don't cache this call */
1284 return domain->backend->trusted_domains(domain, mem_ctx, num_domains,
1285 names, alt_names, dom_sids);
1288 /* find the domain sid */
1289 static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid)
1293 DEBUG(10,("domain_sid: [Cached] - doing backend query for info for domain %s\n",
1296 /* we don't cache this call */
1297 return domain->backend->domain_sid(domain, sid);
1300 /* find the alternate names for the domain, if any */
1301 static NTSTATUS alternate_name(struct winbindd_domain *domain)
1305 DEBUG(10,("alternate_name: [Cached] - doing backend query for info for domain %s\n",
1308 /* we don't cache this call */
1309 return domain->backend->alternate_name(domain);
1312 /* Invalidate cached user and group lists coherently */
1314 static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
1317 if (strncmp(kbuf.dptr, "UL/", 3) == 0 ||
1318 strncmp(kbuf.dptr, "GL/", 3) == 0)
1319 tdb_delete(the_tdb, kbuf);
1324 /* Invalidate the getpwnam and getgroups entries for a winbindd domain */
1326 void wcache_invalidate_samlogon(struct winbindd_domain *domain,
1327 NET_USER_INFO_3 *info3)
1329 struct winbind_cache *cache;
1334 cache = get_cache(domain);
1335 netsamlogon_clear_cached_user(cache->tdb, info3);
1338 void wcache_invalidate_cache(void)
1340 struct winbindd_domain *domain;
1342 for (domain = domain_list(); domain; domain = domain->next) {
1343 struct winbind_cache *cache = get_cache(domain);
1345 DEBUG(10, ("wcache_invalidate_cache: invalidating cache "
1346 "entries for %s\n", domain->name));
1348 tdb_traverse(cache->tdb, traverse_fn, NULL);
1352 /* the ADS backend methods are exposed via this structure */
1353 struct winbindd_methods cache_methods = {