2 Unix SMB/CIFS implementation.
4 Winbind cache backend functions
6 Copyright (C) Andrew Tridgell 2001
7 Copyright (C) Gerald Carter 2003
8 Copyright (C) Volker Lendecke 2005
9 Copyright (C) Guenther Deschner 2005
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 2 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, write to the Free Software
23 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
30 #define DBGC_CLASS DBGC_WINBIND
32 /* Global online/offline state - False when online. winbindd starts up online
33 and sets this to true if the first query fails and there's an entry in
34 the cache tdb telling us to stay offline. */
36 static BOOL global_winbindd_offline_state;
38 struct winbind_cache {
44 uint32 sequence_number;
49 #define WINBINDD_MAX_CACHE_SIZE (50*1024*1024)
51 static struct winbind_cache *wcache;
53 void winbindd_check_cache_size(time_t t)
55 static time_t last_check_time;
58 if (last_check_time == (time_t)0)
61 if (t - last_check_time < 60 && t - last_check_time > 0)
64 if (wcache == NULL || wcache->tdb == NULL) {
65 DEBUG(0, ("Unable to check size of tdb cache - cache not open !\n"));
69 if (fstat(wcache->tdb->fd, &st) == -1) {
70 DEBUG(0, ("Unable to check size of tdb cache %s!\n", strerror(errno) ));
74 if (st.st_size > WINBINDD_MAX_CACHE_SIZE) {
75 DEBUG(10,("flushing cache due to size (%lu) > (%lu)\n",
76 (unsigned long)st.st_size,
77 (unsigned long)WINBINDD_MAX_CACHE_SIZE));
82 /* get the winbind_cache structure */
83 static struct winbind_cache *get_cache(struct winbindd_domain *domain)
85 struct winbind_cache *ret = wcache;
87 struct winbindd_domain *our_domain = domain;
90 /* we have to know what type of domain we are dealing with first */
92 if ( !domain->initialized )
93 set_dc_type_and_flags( domain );
96 OK. listen up becasue I'm only going to say this once.
97 We have the following scenarios to consider
98 (a) trusted AD domains on a Samba DC,
99 (b) trusted AD domains and we are joined to a non-kerberos domain
100 (c) trusted AD domains and we are joined to a kerberos (AD) domain
102 For (a) we can always contact the trusted domain using krb5
103 since we have the domain trust account password
105 For (b) we can only use RPC since we have no way of
106 getting a krb5 ticket in our own domain
108 For (c) we can always use krb5 since we have a kerberos trust
113 if (!domain->backend) {
114 extern struct winbindd_methods reconnect_methods;
116 extern struct winbindd_methods ads_methods;
118 /* find our domain first so we can figure out if we
119 are joined to a kerberized domain */
121 if ( !domain->primary )
122 our_domain = find_our_domain();
124 if ( (our_domain->active_directory || IS_DC) && domain->active_directory ) {
125 DEBUG(5,("get_cache: Setting ADS methods for domain %s\n", domain->name));
126 domain->backend = &ads_methods;
128 #endif /* HAVE_ADS */
129 DEBUG(5,("get_cache: Setting MS-RPC methods for domain %s\n", domain->name));
130 domain->backend = &reconnect_methods;
133 #endif /* HAVE_ADS */
139 ret = SMB_XMALLOC_P(struct winbind_cache);
143 wcache_flush_cache();
149 free a centry structure
151 static void centry_free(struct cache_entry *centry)
155 SAFE_FREE(centry->data);
160 pull a uint32 from a cache entry
162 static uint32 centry_uint32(struct cache_entry *centry)
165 if (centry->len - centry->ofs < 4) {
166 DEBUG(0,("centry corruption? needed 4 bytes, have %d\n",
167 centry->len - centry->ofs));
168 smb_panic("centry_uint32");
170 ret = IVAL(centry->data, centry->ofs);
176 pull a uint16 from a cache entry
178 static uint16 centry_uint16(struct cache_entry *centry)
181 if (centry->len - centry->ofs < 2) {
182 DEBUG(0,("centry corruption? needed 2 bytes, have %d\n",
183 centry->len - centry->ofs));
184 smb_panic("centry_uint16");
186 ret = CVAL(centry->data, centry->ofs);
192 pull a uint8 from a cache entry
194 static uint8 centry_uint8(struct cache_entry *centry)
197 if (centry->len - centry->ofs < 1) {
198 DEBUG(0,("centry corruption? needed 1 bytes, have %d\n",
199 centry->len - centry->ofs));
200 smb_panic("centry_uint32");
202 ret = CVAL(centry->data, centry->ofs);
208 pull a NTTIME from a cache entry
210 static NTTIME centry_nttime(struct cache_entry *centry)
213 if (centry->len - centry->ofs < 8) {
214 DEBUG(0,("centry corruption? needed 8 bytes, have %d\n",
215 centry->len - centry->ofs));
216 smb_panic("centry_nttime");
218 ret.low = IVAL(centry->data, centry->ofs);
220 ret.high = IVAL(centry->data, centry->ofs);
226 pull a time_t from a cache entry
228 static time_t centry_time(struct cache_entry *centry)
231 if (centry->len - centry->ofs < sizeof(time_t)) {
232 DEBUG(0,("centry corruption? needed %u bytes, have %u\n",
233 (unsigned int)sizeof(time_t), (unsigned int)(centry->len - centry->ofs)));
234 smb_panic("centry_time");
236 ret = IVAL(centry->data, centry->ofs); /* FIXME: correct ? */
237 centry->ofs += sizeof(time_t);
241 /* pull a string from a cache entry, using the supplied
244 static char *centry_string(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
249 len = centry_uint8(centry);
252 /* a deliberate NULL string */
256 if (centry->len - centry->ofs < len) {
257 DEBUG(0,("centry corruption? needed %d bytes, have %d\n",
258 len, centry->len - centry->ofs));
259 smb_panic("centry_string");
262 ret = TALLOC(mem_ctx, len+1);
264 smb_panic("centry_string out of memory\n");
266 memcpy(ret,centry->data + centry->ofs, len);
272 /* pull a string from a cache entry, using the supplied
275 static BOOL centry_sid(struct cache_entry *centry, TALLOC_CTX *mem_ctx, DOM_SID *sid)
278 sid_string = centry_string(centry, mem_ctx);
279 if ((sid_string == NULL) || (!string_to_sid(sid, sid_string))) {
285 /* the server is considered down if it can't give us a sequence number */
286 static BOOL wcache_server_down(struct winbindd_domain *domain)
293 ret = (domain->sequence_number == DOM_SEQUENCE_NONE);
296 DEBUG(10,("wcache_server_down: server for Domain %s down\n",
301 static NTSTATUS fetch_cache_seqnum( struct winbindd_domain *domain, time_t now )
308 DEBUG(10,("fetch_cache_seqnum: tdb == NULL\n"));
309 return NT_STATUS_UNSUCCESSFUL;
312 fstr_sprintf( key, "SEQNUM/%s", domain->name );
314 data = tdb_fetch_bystring( wcache->tdb, key );
315 if ( !data.dptr || data.dsize!=8 ) {
316 DEBUG(10,("fetch_cache_seqnum: invalid data size key [%s]\n", key ));
317 return NT_STATUS_UNSUCCESSFUL;
320 domain->sequence_number = IVAL(data.dptr, 0);
321 domain->last_seq_check = IVAL(data.dptr, 4);
323 SAFE_FREE(data.dptr);
325 /* have we expired? */
327 time_diff = now - domain->last_seq_check;
328 if ( time_diff > lp_winbind_cache_time() ) {
329 DEBUG(10,("fetch_cache_seqnum: timeout [%s][%u @ %u]\n",
330 domain->name, domain->sequence_number,
331 (uint32)domain->last_seq_check));
332 return NT_STATUS_UNSUCCESSFUL;
335 DEBUG(10,("fetch_cache_seqnum: success [%s][%u @ %u]\n",
336 domain->name, domain->sequence_number,
337 (uint32)domain->last_seq_check));
342 static NTSTATUS store_cache_seqnum( struct winbindd_domain *domain )
349 DEBUG(10,("store_cache_seqnum: tdb == NULL\n"));
350 return NT_STATUS_UNSUCCESSFUL;
353 fstr_sprintf( key_str, "SEQNUM/%s", domain->name );
355 key.dsize = strlen(key_str)+1;
357 SIVAL(buf, 0, domain->sequence_number);
358 SIVAL(buf, 4, domain->last_seq_check);
362 if ( tdb_store( wcache->tdb, key, data, TDB_REPLACE) == -1 ) {
363 DEBUG(10,("store_cache_seqnum: tdb_store fail key [%s]\n", key_str ));
364 return NT_STATUS_UNSUCCESSFUL;
367 DEBUG(10,("store_cache_seqnum: success [%s][%u @ %u]\n",
368 domain->name, domain->sequence_number,
369 (uint32)domain->last_seq_check));
375 refresh the domain sequence number. If force is True
376 then always refresh it, no matter how recently we fetched it
379 static void refresh_sequence_number(struct winbindd_domain *domain, BOOL force)
383 time_t t = time(NULL);
384 unsigned cache_time = lp_winbind_cache_time();
388 #if 0 /* JERRY -- disable as the default cache time is now 5 minutes */
389 /* trying to reconnect is expensive, don't do it too often */
390 if (domain->sequence_number == DOM_SEQUENCE_NONE) {
395 time_diff = t - domain->last_seq_check;
397 /* see if we have to refetch the domain sequence number */
398 if (!force && (time_diff < cache_time)) {
399 DEBUG(10, ("refresh_sequence_number: %s time ok\n", domain->name));
403 /* try to get the sequence number from the tdb cache first */
404 /* this will update the timestamp as well */
406 status = fetch_cache_seqnum( domain, t );
407 if ( NT_STATUS_IS_OK(status) )
410 /* important! make sure that we know if this is a native
411 mode domain or not */
413 status = domain->backend->sequence_number(domain, &domain->sequence_number);
415 if (!NT_STATUS_IS_OK(status)) {
416 domain->sequence_number = DOM_SEQUENCE_NONE;
419 domain->last_status = status;
420 domain->last_seq_check = time(NULL);
422 /* save the new sequence number ni the cache */
423 store_cache_seqnum( domain );
426 DEBUG(10, ("refresh_sequence_number: %s seq number is now %d\n",
427 domain->name, domain->sequence_number));
433 decide if a cache entry has expired
435 static BOOL centry_expired(struct winbindd_domain *domain, const char *keystr, struct cache_entry *centry)
437 /* If we've been told to be offline - stay in that state... */
438 if (lp_winbind_offline_logon() && global_winbindd_offline_state) {
439 DEBUG(10,("centry_expired: Key %s for domain %s valid as winbindd is globally offline.\n",
440 keystr, domain->name ));
444 /* when the domain is offline and we havent checked in the last 30
445 * seconds if it has become online again, return the cached entry.
446 * This deals with transient offline states... */
448 if (!domain->online &&
449 !NT_STATUS_IS_OK(check_negative_conn_cache(domain->name, domain->dcname))) {
450 DEBUG(10,("centry_expired: Key %s for domain %s valid as domain is offline.\n",
451 keystr, domain->name ));
455 /* if the server is OK and our cache entry came from when it was down then
456 the entry is invalid */
457 if ((domain->sequence_number != DOM_SEQUENCE_NONE) &&
458 (centry->sequence_number == DOM_SEQUENCE_NONE)) {
459 DEBUG(10,("centry_expired: Key %s for domain %s invalid sequence.\n",
460 keystr, domain->name ));
464 /* if the server is down or the cache entry is not older than the
465 current sequence number then it is OK */
466 if (wcache_server_down(domain) ||
467 centry->sequence_number == domain->sequence_number) {
468 DEBUG(10,("centry_expired: Key %s for domain %s is good.\n",
469 keystr, domain->name ));
473 DEBUG(10,("centry_expired: Key %s for domain %s expired\n",
474 keystr, domain->name ));
480 static struct cache_entry *wcache_fetch_raw(char *kstr)
483 struct cache_entry *centry;
487 key.dsize = strlen(kstr);
488 data = tdb_fetch(wcache->tdb, key);
494 centry = SMB_XMALLOC_P(struct cache_entry);
495 centry->data = (unsigned char *)data.dptr;
496 centry->len = data.dsize;
499 if (centry->len < 8) {
500 /* huh? corrupt cache? */
501 DEBUG(10,("wcache_fetch_raw: Corrupt cache for key %s (len < 8) ?\n", kstr));
506 centry->status = NT_STATUS(centry_uint32(centry));
507 centry->sequence_number = centry_uint32(centry);
513 fetch an entry from the cache, with a varargs key. auto-fetch the sequence
514 number and return status
516 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
517 struct winbindd_domain *domain,
518 const char *format, ...) PRINTF_ATTRIBUTE(3,4);
519 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
520 struct winbindd_domain *domain,
521 const char *format, ...)
525 struct cache_entry *centry;
527 extern BOOL opt_nocache;
533 refresh_sequence_number(domain, False);
535 va_start(ap, format);
536 smb_xvasprintf(&kstr, format, ap);
539 centry = wcache_fetch_raw(kstr);
540 if (centry == NULL) {
545 if (centry_expired(domain, kstr, centry)) {
547 DEBUG(10,("wcache_fetch: entry %s expired for domain %s\n",
548 kstr, domain->name ));
555 DEBUG(10,("wcache_fetch: returning entry %s for domain %s\n",
556 kstr, domain->name ));
563 make sure we have at least len bytes available in a centry
565 static void centry_expand(struct cache_entry *centry, uint32 len)
567 if (centry->len - centry->ofs >= len)
570 centry->data = SMB_REALLOC(centry->data, centry->len);
572 DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len));
573 smb_panic("out of memory in centry_expand");
578 push a uint32 into a centry
580 static void centry_put_uint32(struct cache_entry *centry, uint32 v)
582 centry_expand(centry, 4);
583 SIVAL(centry->data, centry->ofs, v);
588 push a uint16 into a centry
590 static void centry_put_uint16(struct cache_entry *centry, uint16 v)
592 centry_expand(centry, 2);
593 SIVAL(centry->data, centry->ofs, v);
598 push a uint8 into a centry
600 static void centry_put_uint8(struct cache_entry *centry, uint8 v)
602 centry_expand(centry, 1);
603 SCVAL(centry->data, centry->ofs, v);
608 push a string into a centry
610 static void centry_put_string(struct cache_entry *centry, const char *s)
615 /* null strings are marked as len 0xFFFF */
616 centry_put_uint8(centry, 0xFF);
621 /* can't handle more than 254 char strings. Truncating is probably best */
623 DEBUG(10,("centry_put_string: truncating len (%d) to: 254\n", len));
626 centry_put_uint8(centry, len);
627 centry_expand(centry, len);
628 memcpy(centry->data + centry->ofs, s, len);
632 static void centry_put_sid(struct cache_entry *centry, const DOM_SID *sid)
635 centry_put_string(centry, sid_to_string(sid_string, sid));
639 push a NTTIME into a centry
641 static void centry_put_nttime(struct cache_entry *centry, NTTIME nt)
643 centry_expand(centry, 8);
644 SIVAL(centry->data, centry->ofs, nt.low);
646 SIVAL(centry->data, centry->ofs, nt.high);
651 push a time_t into a centry
653 static void centry_put_time(struct cache_entry *centry, time_t t)
655 centry_expand(centry, sizeof(time_t));
656 SIVAL(centry->data, centry->ofs, t); /* FIXME: is this correct ?? */
657 centry->ofs += sizeof(time_t);
661 start a centry for output. When finished, call centry_end()
663 struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status)
665 struct cache_entry *centry;
670 centry = SMB_XMALLOC_P(struct cache_entry);
672 centry->len = 8192; /* reasonable default */
673 centry->data = SMB_XMALLOC_ARRAY(uint8, centry->len);
675 centry->sequence_number = domain->sequence_number;
676 centry_put_uint32(centry, NT_STATUS_V(status));
677 centry_put_uint32(centry, centry->sequence_number);
682 finish a centry and write it to the tdb
684 static void centry_end(struct cache_entry *centry, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
685 static void centry_end(struct cache_entry *centry, const char *format, ...)
691 va_start(ap, format);
692 smb_xvasprintf(&kstr, format, ap);
696 key.dsize = strlen(kstr);
697 data.dptr = (char *)centry->data;
698 data.dsize = centry->ofs;
700 tdb_store(wcache->tdb, key, data, TDB_REPLACE);
704 static void wcache_save_name_to_sid(struct winbindd_domain *domain,
705 NTSTATUS status, const char *domain_name,
706 const char *name, const DOM_SID *sid,
707 enum SID_NAME_USE type)
709 struct cache_entry *centry;
712 centry = centry_start(domain, status);
715 centry_put_uint32(centry, type);
716 centry_put_sid(centry, sid);
717 fstrcpy(uname, name);
719 centry_end(centry, "NS/%s/%s", domain_name, uname);
720 DEBUG(10,("wcache_save_name_to_sid: %s\\%s -> %s\n", domain_name, uname,
721 sid_string_static(sid)));
725 static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS status,
726 const DOM_SID *sid, const char *domain_name, const char *name, enum SID_NAME_USE type)
728 struct cache_entry *centry;
731 centry = centry_start(domain, status);
734 if (NT_STATUS_IS_OK(status)) {
735 centry_put_uint32(centry, type);
736 centry_put_string(centry, domain_name);
737 centry_put_string(centry, name);
739 centry_end(centry, "SN/%s", sid_to_string(sid_string, sid));
740 DEBUG(10,("wcache_save_sid_to_name: %s -> %s\n", sid_string, name));
745 static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WINBIND_USERINFO *info)
747 struct cache_entry *centry;
750 centry = centry_start(domain, status);
753 centry_put_string(centry, info->acct_name);
754 centry_put_string(centry, info->full_name);
755 centry_put_string(centry, info->homedir);
756 centry_put_string(centry, info->shell);
757 centry_put_sid(centry, &info->user_sid);
758 centry_put_sid(centry, &info->group_sid);
759 centry_end(centry, "U/%s", sid_to_string(sid_string, &info->user_sid));
760 DEBUG(10,("wcache_save_user: %s (acct_name %s)\n", sid_string, info->acct_name));
764 static void wcache_save_lockout_policy(struct winbindd_domain *domain, NTSTATUS status, SAM_UNK_INFO_12 *lockout_policy)
766 struct cache_entry *centry;
768 centry = centry_start(domain, status);
772 centry_put_nttime(centry, lockout_policy->duration);
773 centry_put_nttime(centry, lockout_policy->reset_count);
774 centry_put_uint16(centry, lockout_policy->bad_attempt_lockout);
776 centry_end(centry, "LOC_POL/%s", domain->name);
778 DEBUG(10,("wcache_save_lockout_policy: %s\n", domain->name));
783 static void wcache_save_password_policy(struct winbindd_domain *domain, NTSTATUS status, SAM_UNK_INFO_1 *policy)
785 struct cache_entry *centry;
787 centry = centry_start(domain, status);
791 centry_put_uint16(centry, policy->min_length_password);
792 centry_put_uint16(centry, policy->password_history);
793 centry_put_uint32(centry, policy->password_properties);
794 centry_put_nttime(centry, policy->expire);
795 centry_put_nttime(centry, policy->min_passwordage);
797 centry_end(centry, "PWD_POL/%s", domain->name);
799 DEBUG(10,("wcache_save_password_policy: %s\n", domain->name));
804 NTSTATUS wcache_cached_creds_exist(struct winbindd_domain *domain, const DOM_SID *sid)
806 struct winbind_cache *cache = get_cache(domain);
812 return NT_STATUS_INTERNAL_DB_ERROR;
815 if (is_null_sid(sid)) {
816 return NT_STATUS_INVALID_SID;
819 if (!(sid_peek_rid(sid, &rid)) || (rid == 0)) {
820 return NT_STATUS_INVALID_SID;
823 fstr_sprintf(key_str, "CRED/%s", sid_string_static(sid));
825 data = tdb_fetch(cache->tdb, make_tdb_data(key_str, strlen(key_str)));
827 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
830 SAFE_FREE(data.dptr);
834 /* Lookup creds for a SID */
835 NTSTATUS wcache_get_creds(struct winbindd_domain *domain,
838 const uint8 **cached_nt_pass)
840 struct winbind_cache *cache = get_cache(domain);
841 struct cache_entry *centry = NULL;
847 return NT_STATUS_INTERNAL_DB_ERROR;
850 if (is_null_sid(sid)) {
851 return NT_STATUS_INVALID_SID;
854 if (!(sid_peek_rid(sid, &rid)) || (rid == 0)) {
855 return NT_STATUS_INVALID_SID;
858 centry = wcache_fetch(cache, domain, "CRED/%s", sid_string_static(sid));
861 DEBUG(10,("wcache_get_creds: entry for [CRED/%s] not found\n",
862 sid_string_static(sid)));
863 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
866 t = centry_time(centry);
867 *cached_nt_pass = (const uint8 *)centry_string(centry, mem_ctx);
870 dump_data(100, (const char *)cached_nt_pass, NT_HASH_LEN);
872 status = centry->status;
874 DEBUG(10,("wcache_get_creds: [Cached] - cached creds for user %s status: %s\n",
875 sid_string_static(sid), nt_errstr(status) ));
881 NTSTATUS wcache_save_creds(struct winbindd_domain *domain,
884 const uint8 nt_pass[NT_HASH_LEN])
886 struct cache_entry *centry;
890 if (is_null_sid(sid)) {
891 return NT_STATUS_INVALID_SID;
894 if (!(sid_peek_rid(sid, &rid)) || (rid == 0)) {
895 return NT_STATUS_INVALID_SID;
898 centry = centry_start(domain, NT_STATUS_OK);
900 return NT_STATUS_INTERNAL_DB_ERROR;
904 dump_data(100, (const char *)nt_pass, NT_HASH_LEN);
907 centry_put_time(centry, time(NULL));
908 centry_put_string(centry, (const char *)nt_pass);
909 centry_end(centry, "CRED/%s", sid_to_string(sid_string, sid));
911 DEBUG(10,("wcache_save_creds: %s\n", sid_string));
919 /* Query display info. This is the basic user list fn */
920 static NTSTATUS query_user_list(struct winbindd_domain *domain,
923 WINBIND_USERINFO **info)
925 struct winbind_cache *cache = get_cache(domain);
926 struct cache_entry *centry = NULL;
928 unsigned int i, retry;
933 centry = wcache_fetch(cache, domain, "UL/%s", domain->name);
937 *num_entries = centry_uint32(centry);
939 if (*num_entries == 0)
942 (*info) = TALLOC_ARRAY(mem_ctx, WINBIND_USERINFO, *num_entries);
944 smb_panic("query_user_list out of memory");
945 for (i=0; i<(*num_entries); i++) {
946 (*info)[i].acct_name = centry_string(centry, mem_ctx);
947 (*info)[i].full_name = centry_string(centry, mem_ctx);
948 (*info)[i].homedir = centry_string(centry, mem_ctx);
949 (*info)[i].shell = centry_string(centry, mem_ctx);
950 centry_sid(centry, mem_ctx, &(*info)[i].user_sid);
951 centry_sid(centry, mem_ctx, &(*info)[i].group_sid);
955 status = centry->status;
957 DEBUG(10,("query_user_list: [Cached] - cached list for domain %s status: %s\n",
958 domain->name, nt_errstr(status) ));
967 /* Return status value returned by seq number check */
969 if (!NT_STATUS_IS_OK(domain->last_status))
970 return domain->last_status;
972 /* Put the query_user_list() in a retry loop. There appears to be
973 * some bug either with Windows 2000 or Samba's handling of large
974 * rpc replies. This manifests itself as sudden disconnection
975 * at a random point in the enumeration of a large (60k) user list.
976 * The retry loop simply tries the operation again. )-: It's not
977 * pretty but an acceptable workaround until we work out what the
978 * real problem is. */
983 DEBUG(10,("query_user_list: [Cached] - doing backend query for list for domain %s\n",
986 status = domain->backend->query_user_list(domain, mem_ctx, num_entries, info);
987 if (!NT_STATUS_IS_OK(status))
988 DEBUG(3, ("query_user_list: returned 0x%08x, "
989 "retrying\n", NT_STATUS_V(status)));
990 if (NT_STATUS_EQUAL(status, NT_STATUS_UNSUCCESSFUL)) {
991 DEBUG(3, ("query_user_list: flushing "
992 "connection cache\n"));
993 invalidate_cm_connection(&domain->conn);
996 } while (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) &&
1000 refresh_sequence_number(domain, False);
1001 centry = centry_start(domain, status);
1004 centry_put_uint32(centry, *num_entries);
1005 for (i=0; i<(*num_entries); i++) {
1006 centry_put_string(centry, (*info)[i].acct_name);
1007 centry_put_string(centry, (*info)[i].full_name);
1008 centry_put_string(centry, (*info)[i].homedir);
1009 centry_put_string(centry, (*info)[i].shell);
1010 centry_put_sid(centry, &(*info)[i].user_sid);
1011 centry_put_sid(centry, &(*info)[i].group_sid);
1012 if (domain->backend->consistent) {
1013 /* when the backend is consistent we can pre-prime some mappings */
1014 wcache_save_name_to_sid(domain, NT_STATUS_OK,
1016 (*info)[i].acct_name,
1017 &(*info)[i].user_sid,
1019 wcache_save_sid_to_name(domain, NT_STATUS_OK,
1020 &(*info)[i].user_sid,
1022 (*info)[i].acct_name,
1024 wcache_save_user(domain, NT_STATUS_OK, &(*info)[i]);
1027 centry_end(centry, "UL/%s", domain->name);
1028 centry_free(centry);
1034 /* list all domain groups */
1035 static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
1036 TALLOC_CTX *mem_ctx,
1037 uint32 *num_entries,
1038 struct acct_info **info)
1040 struct winbind_cache *cache = get_cache(domain);
1041 struct cache_entry *centry = NULL;
1048 centry = wcache_fetch(cache, domain, "GL/%s/domain", domain->name);
1052 *num_entries = centry_uint32(centry);
1054 if (*num_entries == 0)
1057 (*info) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_entries);
1059 smb_panic("enum_dom_groups out of memory");
1060 for (i=0; i<(*num_entries); i++) {
1061 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
1062 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
1063 (*info)[i].rid = centry_uint32(centry);
1067 status = centry->status;
1069 DEBUG(10,("enum_dom_groups: [Cached] - cached list for domain %s status: %s\n",
1070 domain->name, nt_errstr(status) ));
1072 centry_free(centry);
1079 /* Return status value returned by seq number check */
1081 if (!NT_STATUS_IS_OK(domain->last_status))
1082 return domain->last_status;
1084 DEBUG(10,("enum_dom_groups: [Cached] - doing backend query for list for domain %s\n",
1087 status = domain->backend->enum_dom_groups(domain, mem_ctx, num_entries, info);
1090 refresh_sequence_number(domain, False);
1091 centry = centry_start(domain, status);
1094 centry_put_uint32(centry, *num_entries);
1095 for (i=0; i<(*num_entries); i++) {
1096 centry_put_string(centry, (*info)[i].acct_name);
1097 centry_put_string(centry, (*info)[i].acct_desc);
1098 centry_put_uint32(centry, (*info)[i].rid);
1100 centry_end(centry, "GL/%s/domain", domain->name);
1101 centry_free(centry);
1107 /* list all domain groups */
1108 static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
1109 TALLOC_CTX *mem_ctx,
1110 uint32 *num_entries,
1111 struct acct_info **info)
1113 struct winbind_cache *cache = get_cache(domain);
1114 struct cache_entry *centry = NULL;
1121 centry = wcache_fetch(cache, domain, "GL/%s/local", domain->name);
1125 *num_entries = centry_uint32(centry);
1127 if (*num_entries == 0)
1130 (*info) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_entries);
1132 smb_panic("enum_dom_groups out of memory");
1133 for (i=0; i<(*num_entries); i++) {
1134 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
1135 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
1136 (*info)[i].rid = centry_uint32(centry);
1141 /* If we are returning cached data and the domain controller
1142 is down then we don't know whether the data is up to date
1143 or not. Return NT_STATUS_MORE_PROCESSING_REQUIRED to
1146 if (wcache_server_down(domain)) {
1147 DEBUG(10, ("enum_local_groups: returning cached user list and server was down\n"));
1148 status = NT_STATUS_MORE_PROCESSING_REQUIRED;
1150 status = centry->status;
1152 DEBUG(10,("enum_local_groups: [Cached] - cached list for domain %s status: %s\n",
1153 domain->name, nt_errstr(status) ));
1155 centry_free(centry);
1162 /* Return status value returned by seq number check */
1164 if (!NT_STATUS_IS_OK(domain->last_status))
1165 return domain->last_status;
1167 DEBUG(10,("enum_local_groups: [Cached] - doing backend query for list for domain %s\n",
1170 status = domain->backend->enum_local_groups(domain, mem_ctx, num_entries, info);
1173 refresh_sequence_number(domain, False);
1174 centry = centry_start(domain, status);
1177 centry_put_uint32(centry, *num_entries);
1178 for (i=0; i<(*num_entries); i++) {
1179 centry_put_string(centry, (*info)[i].acct_name);
1180 centry_put_string(centry, (*info)[i].acct_desc);
1181 centry_put_uint32(centry, (*info)[i].rid);
1183 centry_end(centry, "GL/%s/local", domain->name);
1184 centry_free(centry);
1190 /* convert a single name to a sid in a domain */
1191 static NTSTATUS name_to_sid(struct winbindd_domain *domain,
1192 TALLOC_CTX *mem_ctx,
1193 const char *domain_name,
1196 enum SID_NAME_USE *type)
1198 struct winbind_cache *cache = get_cache(domain);
1199 struct cache_entry *centry = NULL;
1206 fstrcpy(uname, name);
1208 centry = wcache_fetch(cache, domain, "NS/%s/%s", domain_name, uname);
1211 *type = (enum SID_NAME_USE)centry_uint32(centry);
1212 status = centry->status;
1213 if (NT_STATUS_IS_OK(status)) {
1214 centry_sid(centry, mem_ctx, sid);
1217 DEBUG(10,("name_to_sid: [Cached] - cached name for domain %s status: %s\n",
1218 domain->name, nt_errstr(status) ));
1220 centry_free(centry);
1226 /* If the seq number check indicated that there is a problem
1227 * with this DC, then return that status... except for
1228 * access_denied. This is special because the dc may be in
1229 * "restrict anonymous = 1" mode, in which case it will deny
1230 * most unauthenticated operations, but *will* allow the LSA
1231 * name-to-sid that we try as a fallback. */
1233 if (!(NT_STATUS_IS_OK(domain->last_status)
1234 || NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)))
1235 return domain->last_status;
1237 DEBUG(10,("name_to_sid: [Cached] - doing backend query for name for domain %s\n",
1240 status = domain->backend->name_to_sid(domain, mem_ctx, domain_name, name, sid, type);
1243 if (domain->online || !is_null_sid(sid)) {
1244 wcache_save_name_to_sid(domain, status, domain_name, name, sid, *type);
1247 if (NT_STATUS_IS_OK(status)) {
1248 strupper_m(CONST_DISCARD(char *,domain_name));
1249 strlower_m(CONST_DISCARD(char *,name));
1250 wcache_save_sid_to_name(domain, status, sid, domain_name, name, *type);
1256 /* convert a sid to a user or group name. The sid is guaranteed to be in the domain
1258 static NTSTATUS sid_to_name(struct winbindd_domain *domain,
1259 TALLOC_CTX *mem_ctx,
1263 enum SID_NAME_USE *type)
1265 struct winbind_cache *cache = get_cache(domain);
1266 struct cache_entry *centry = NULL;
1273 centry = wcache_fetch(cache, domain, "SN/%s", sid_to_string(sid_string, sid));
1276 if (NT_STATUS_IS_OK(centry->status)) {
1277 *type = (enum SID_NAME_USE)centry_uint32(centry);
1278 *domain_name = centry_string(centry, mem_ctx);
1279 *name = centry_string(centry, mem_ctx);
1281 status = centry->status;
1283 DEBUG(10,("sid_to_name: [Cached] - cached name for domain %s status: %s\n",
1284 domain->name, nt_errstr(status) ));
1286 centry_free(centry);
1291 *domain_name = NULL;
1293 /* If the seq number check indicated that there is a problem
1294 * with this DC, then return that status... except for
1295 * access_denied. This is special because the dc may be in
1296 * "restrict anonymous = 1" mode, in which case it will deny
1297 * most unauthenticated operations, but *will* allow the LSA
1298 * sid-to-name that we try as a fallback. */
1300 if (!(NT_STATUS_IS_OK(domain->last_status)
1301 || NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)))
1302 return domain->last_status;
1304 DEBUG(10,("sid_to_name: [Cached] - doing backend query for name for domain %s\n",
1307 status = domain->backend->sid_to_name(domain, mem_ctx, sid, domain_name, name, type);
1310 refresh_sequence_number(domain, False);
1311 wcache_save_sid_to_name(domain, status, sid, *domain_name, *name, *type);
1313 /* We can't save the name to sid mapping here, as with sid history a
1314 * later name2sid would give the wrong sid. */
1319 /* Lookup user information from a rid */
1320 static NTSTATUS query_user(struct winbindd_domain *domain,
1321 TALLOC_CTX *mem_ctx,
1322 const DOM_SID *user_sid,
1323 WINBIND_USERINFO *info)
1325 struct winbind_cache *cache = get_cache(domain);
1326 struct cache_entry *centry = NULL;
1332 centry = wcache_fetch(cache, domain, "U/%s", sid_string_static(user_sid));
1334 /* If we have an access denied cache entry and a cached info3 in the
1335 samlogon cache then do a query. This will force the rpc back end
1336 to return the info3 data. */
1338 if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
1339 netsamlogon_cache_have(user_sid)) {
1340 DEBUG(10, ("query_user: cached access denied and have cached info3\n"));
1341 domain->last_status = NT_STATUS_OK;
1342 centry_free(centry);
1349 info->acct_name = centry_string(centry, mem_ctx);
1350 info->full_name = centry_string(centry, mem_ctx);
1351 info->homedir = centry_string(centry, mem_ctx);
1352 info->shell = centry_string(centry, mem_ctx);
1353 centry_sid(centry, mem_ctx, &info->user_sid);
1354 centry_sid(centry, mem_ctx, &info->group_sid);
1355 status = centry->status;
1357 DEBUG(10,("query_user: [Cached] - cached info for domain %s status: %s\n",
1358 domain->name, nt_errstr(status) ));
1360 centry_free(centry);
1366 /* Return status value returned by seq number check */
1368 if (!NT_STATUS_IS_OK(domain->last_status))
1369 return domain->last_status;
1371 DEBUG(10,("sid_to_name: [Cached] - doing backend query for info for domain %s\n",
1374 status = domain->backend->query_user(domain, mem_ctx, user_sid, info);
1377 refresh_sequence_number(domain, False);
1378 wcache_save_user(domain, status, info);
1384 /* Lookup groups a user is a member of. */
1385 static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
1386 TALLOC_CTX *mem_ctx,
1387 const DOM_SID *user_sid,
1388 uint32 *num_groups, DOM_SID **user_gids)
1390 struct winbind_cache *cache = get_cache(domain);
1391 struct cache_entry *centry = NULL;
1399 centry = wcache_fetch(cache, domain, "UG/%s", sid_to_string(sid_string, user_sid));
1401 /* If we have an access denied cache entry and a cached info3 in the
1402 samlogon cache then do a query. This will force the rpc back end
1403 to return the info3 data. */
1405 if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
1406 netsamlogon_cache_have(user_sid)) {
1407 DEBUG(10, ("lookup_usergroups: cached access denied and have cached info3\n"));
1408 domain->last_status = NT_STATUS_OK;
1409 centry_free(centry);
1416 *num_groups = centry_uint32(centry);
1418 if (*num_groups == 0)
1421 (*user_gids) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_groups);
1423 smb_panic("lookup_usergroups out of memory");
1424 for (i=0; i<(*num_groups); i++) {
1425 centry_sid(centry, mem_ctx, &(*user_gids)[i]);
1429 status = centry->status;
1431 DEBUG(10,("lookup_usergroups: [Cached] - cached info for domain %s status: %s\n",
1432 domain->name, nt_errstr(status) ));
1434 centry_free(centry);
1439 (*user_gids) = NULL;
1441 /* Return status value returned by seq number check */
1443 if (!NT_STATUS_IS_OK(domain->last_status))
1444 return domain->last_status;
1446 DEBUG(10,("lookup_usergroups: [Cached] - doing backend query for info for domain %s\n",
1449 status = domain->backend->lookup_usergroups(domain, mem_ctx, user_sid, num_groups, user_gids);
1452 refresh_sequence_number(domain, False);
1453 centry = centry_start(domain, status);
1456 centry_put_uint32(centry, *num_groups);
1457 for (i=0; i<(*num_groups); i++) {
1458 centry_put_sid(centry, &(*user_gids)[i]);
1460 centry_end(centry, "UG/%s", sid_to_string(sid_string, user_sid));
1461 centry_free(centry);
1467 static NTSTATUS lookup_useraliases(struct winbindd_domain *domain,
1468 TALLOC_CTX *mem_ctx,
1469 uint32 num_sids, const DOM_SID *sids,
1470 uint32 *num_aliases, uint32 **alias_rids)
1472 struct winbind_cache *cache = get_cache(domain);
1473 struct cache_entry *centry = NULL;
1475 char *sidlist = talloc_strdup(mem_ctx, "");
1481 if (num_sids == 0) {
1484 return NT_STATUS_OK;
1487 /* We need to cache indexed by the whole list of SIDs, the aliases
1488 * resulting might come from any of the SIDs. */
1490 for (i=0; i<num_sids; i++) {
1491 sidlist = talloc_asprintf(mem_ctx, "%s/%s", sidlist,
1492 sid_string_static(&sids[i]));
1493 if (sidlist == NULL)
1494 return NT_STATUS_NO_MEMORY;
1497 centry = wcache_fetch(cache, domain, "UA%s", sidlist);
1502 *num_aliases = centry_uint32(centry);
1505 (*alias_rids) = TALLOC_ARRAY(mem_ctx, uint32, *num_aliases);
1507 if ((*num_aliases != 0) && ((*alias_rids) == NULL)) {
1508 centry_free(centry);
1509 return NT_STATUS_NO_MEMORY;
1512 for (i=0; i<(*num_aliases); i++)
1513 (*alias_rids)[i] = centry_uint32(centry);
1515 status = centry->status;
1517 DEBUG(10,("lookup_useraliases: [Cached] - cached info for domain: %s "
1518 "status %s\n", domain->name, nt_errstr(status)));
1520 centry_free(centry);
1525 (*alias_rids) = NULL;
1527 if (!NT_STATUS_IS_OK(domain->last_status))
1528 return domain->last_status;
1530 DEBUG(10,("lookup_usergroups: [Cached] - doing backend query for info "
1531 "for domain %s\n", domain->name ));
1533 status = domain->backend->lookup_useraliases(domain, mem_ctx,
1535 num_aliases, alias_rids);
1538 refresh_sequence_number(domain, False);
1539 centry = centry_start(domain, status);
1542 centry_put_uint32(centry, *num_aliases);
1543 for (i=0; i<(*num_aliases); i++)
1544 centry_put_uint32(centry, (*alias_rids)[i]);
1545 centry_end(centry, "UA%s", sidlist);
1546 centry_free(centry);
1553 static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
1554 TALLOC_CTX *mem_ctx,
1555 const DOM_SID *group_sid, uint32 *num_names,
1556 DOM_SID **sid_mem, char ***names,
1557 uint32 **name_types)
1559 struct winbind_cache *cache = get_cache(domain);
1560 struct cache_entry *centry = NULL;
1568 centry = wcache_fetch(cache, domain, "GM/%s", sid_to_string(sid_string, group_sid));
1572 *num_names = centry_uint32(centry);
1574 if (*num_names == 0)
1577 (*sid_mem) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_names);
1578 (*names) = TALLOC_ARRAY(mem_ctx, char *, *num_names);
1579 (*name_types) = TALLOC_ARRAY(mem_ctx, uint32, *num_names);
1581 if (! (*sid_mem) || ! (*names) || ! (*name_types)) {
1582 smb_panic("lookup_groupmem out of memory");
1585 for (i=0; i<(*num_names); i++) {
1586 centry_sid(centry, mem_ctx, &(*sid_mem)[i]);
1587 (*names)[i] = centry_string(centry, mem_ctx);
1588 (*name_types)[i] = centry_uint32(centry);
1592 status = centry->status;
1594 DEBUG(10,("lookup_groupmem: [Cached] - cached info for domain %s status: %s\n",
1595 domain->name, nt_errstr(status)));
1597 centry_free(centry);
1604 (*name_types) = NULL;
1606 /* Return status value returned by seq number check */
1608 if (!NT_STATUS_IS_OK(domain->last_status))
1609 return domain->last_status;
1611 DEBUG(10,("lookup_groupmem: [Cached] - doing backend query for info for domain %s\n",
1614 status = domain->backend->lookup_groupmem(domain, mem_ctx, group_sid, num_names,
1615 sid_mem, names, name_types);
1618 refresh_sequence_number(domain, False);
1619 centry = centry_start(domain, status);
1622 centry_put_uint32(centry, *num_names);
1623 for (i=0; i<(*num_names); i++) {
1624 centry_put_sid(centry, &(*sid_mem)[i]);
1625 centry_put_string(centry, (*names)[i]);
1626 centry_put_uint32(centry, (*name_types)[i]);
1628 centry_end(centry, "GM/%s", sid_to_string(sid_string, group_sid));
1629 centry_free(centry);
1635 /* find the sequence number for a domain */
1636 static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
1638 refresh_sequence_number(domain, False);
1640 *seq = domain->sequence_number;
1642 return NT_STATUS_OK;
1645 /* enumerate trusted domains
1646 * (we need to have the list of trustdoms in the cache when we go offline) -
1648 static NTSTATUS trusted_domains(struct winbindd_domain *domain,
1649 TALLOC_CTX *mem_ctx,
1650 uint32 *num_domains,
1655 struct winbind_cache *cache = get_cache(domain);
1656 struct cache_entry *centry = NULL;
1663 centry = wcache_fetch(cache, domain, "TRUSTDOMS/%s", domain->name);
1669 *num_domains = centry_uint32(centry);
1671 (*names) = TALLOC_ARRAY(mem_ctx, char *, *num_domains);
1672 (*alt_names) = TALLOC_ARRAY(mem_ctx, char *, *num_domains);
1673 (*dom_sids) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_domains);
1675 if (! (*dom_sids) || ! (*names) || ! (*alt_names)) {
1676 smb_panic("trusted_domains out of memory");
1679 for (i=0; i<(*num_domains); i++) {
1680 (*names)[i] = centry_string(centry, mem_ctx);
1681 (*alt_names)[i] = centry_string(centry, mem_ctx);
1682 centry_sid(centry, mem_ctx, &(*dom_sids)[i]);
1685 status = centry->status;
1687 DEBUG(10,("trusted_domains: [Cached] - cached info for domain %s (%d trusts) status: %s\n",
1688 domain->name, *num_domains, nt_errstr(status) ));
1690 centry_free(centry);
1697 (*alt_names) = NULL;
1699 /* Return status value returned by seq number check */
1701 if (!NT_STATUS_IS_OK(domain->last_status))
1702 return domain->last_status;
1704 DEBUG(10,("trusted_domains: [Cached] - doing backend query for info for domain %s\n",
1707 status = domain->backend->trusted_domains(domain, mem_ctx, num_domains,
1708 names, alt_names, dom_sids);
1710 /* no trusts gives NT_STATUS_NO_MORE_ENTRIES resetting to NT_STATUS_OK
1711 * so that the generic centry handling still applies correctly -
1714 if (!NT_STATUS_IS_ERR(status)) {
1715 status = NT_STATUS_OK;
1719 refresh_sequence_number(domain, False);
1721 centry = centry_start(domain, status);
1725 centry_put_uint32(centry, *num_domains);
1727 for (i=0; i<(*num_domains); i++) {
1728 centry_put_string(centry, (*names)[i]);
1729 centry_put_string(centry, (*alt_names)[i]);
1730 centry_put_sid(centry, &(*dom_sids)[i]);
1733 centry_end(centry, "TRUSTDOMS/%s", domain->name);
1735 centry_free(centry);
1741 /* get lockout policy */
1742 static NTSTATUS lockout_policy(struct winbindd_domain *domain,
1743 TALLOC_CTX *mem_ctx,
1744 SAM_UNK_INFO_12 *policy){
1745 struct winbind_cache *cache = get_cache(domain);
1746 struct cache_entry *centry = NULL;
1752 centry = wcache_fetch(cache, domain, "LOC_POL/%s", domain->name);
1757 policy->duration = centry_nttime(centry);
1758 policy->reset_count = centry_nttime(centry);
1759 policy->bad_attempt_lockout = centry_uint16(centry);
1761 status = centry->status;
1763 DEBUG(10,("lockout_policy: [Cached] - cached info for domain %s status: %s\n",
1764 domain->name, nt_errstr(status) ));
1766 centry_free(centry);
1770 ZERO_STRUCTP(policy);
1772 /* Return status value returned by seq number check */
1774 if (!NT_STATUS_IS_OK(domain->last_status))
1775 return domain->last_status;
1777 DEBUG(10,("lockout_policy: [Cached] - doing backend query for info for domain %s\n",
1780 status = domain->backend->lockout_policy(domain, mem_ctx, policy);
1783 refresh_sequence_number(domain, False);
1784 wcache_save_lockout_policy(domain, status, policy);
1789 /* get password policy */
1790 static NTSTATUS password_policy(struct winbindd_domain *domain,
1791 TALLOC_CTX *mem_ctx,
1792 SAM_UNK_INFO_1 *policy)
1794 struct winbind_cache *cache = get_cache(domain);
1795 struct cache_entry *centry = NULL;
1801 centry = wcache_fetch(cache, domain, "PWD_POL/%s", domain->name);
1806 policy->min_length_password = centry_uint16(centry);
1807 policy->password_history = centry_uint16(centry);
1808 policy->password_properties = centry_uint32(centry);
1809 policy->expire = centry_nttime(centry);
1810 policy->min_passwordage = centry_nttime(centry);
1812 status = centry->status;
1814 DEBUG(10,("lockout_policy: [Cached] - cached info for domain %s status: %s\n",
1815 domain->name, nt_errstr(status) ));
1817 centry_free(centry);
1821 ZERO_STRUCTP(policy);
1823 /* Return status value returned by seq number check */
1825 if (!NT_STATUS_IS_OK(domain->last_status))
1826 return domain->last_status;
1828 DEBUG(10,("password_policy: [Cached] - doing backend query for info for domain %s\n",
1831 status = domain->backend->password_policy(domain, mem_ctx, policy);
1834 refresh_sequence_number(domain, False);
1835 wcache_save_password_policy(domain, status, policy);
1841 /* Invalidate cached user and group lists coherently */
1843 static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
1846 if (strncmp(kbuf.dptr, "UL/", 3) == 0 ||
1847 strncmp(kbuf.dptr, "GL/", 3) == 0)
1848 tdb_delete(the_tdb, kbuf);
1853 /* Invalidate the getpwnam and getgroups entries for a winbindd domain */
1855 void wcache_invalidate_samlogon(struct winbindd_domain *domain,
1856 NET_USER_INFO_3 *info3)
1858 struct winbind_cache *cache;
1863 cache = get_cache(domain);
1864 netsamlogon_clear_cached_user(cache->tdb, info3);
1867 void wcache_invalidate_cache(void)
1869 struct winbindd_domain *domain;
1871 for (domain = domain_list(); domain; domain = domain->next) {
1872 struct winbind_cache *cache = get_cache(domain);
1874 DEBUG(10, ("wcache_invalidate_cache: invalidating cache "
1875 "entries for %s\n", domain->name));
1877 tdb_traverse(cache->tdb, traverse_fn, NULL);
1881 static BOOL init_wcache(void)
1883 if (wcache == NULL) {
1884 wcache = SMB_XMALLOC_P(struct winbind_cache);
1885 ZERO_STRUCTP(wcache);
1888 if (wcache->tdb != NULL)
1891 /* when working offline we must not clear the cache on restart */
1892 wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"),
1893 WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
1894 TDB_DEFAULT /*TDB_CLEAR_IF_FIRST*/, O_RDWR|O_CREAT, 0600);
1896 if (wcache->tdb == NULL) {
1897 DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
1904 void cache_store_response(pid_t pid, struct winbindd_response *response)
1911 DEBUG(10, ("Storing response for pid %d, len %d\n",
1912 pid, response->length));
1914 fstr_sprintf(key_str, "DR/%d", pid);
1915 if (tdb_store(wcache->tdb, string_tdb_data(key_str),
1916 make_tdb_data((void *)response, sizeof(*response)),
1920 if (response->length == sizeof(*response))
1923 /* There's extra data */
1925 DEBUG(10, ("Storing extra data: len=%d\n",
1926 (int)(response->length - sizeof(*response))));
1928 fstr_sprintf(key_str, "DE/%d", pid);
1929 if (tdb_store(wcache->tdb, string_tdb_data(key_str),
1930 make_tdb_data(response->extra_data.data,
1931 response->length - sizeof(*response)),
1935 /* We could not store the extra data, make sure the tdb does not
1936 * contain a main record with wrong dangling extra data */
1938 fstr_sprintf(key_str, "DR/%d", pid);
1939 tdb_delete(wcache->tdb, string_tdb_data(key_str));
1944 BOOL cache_retrieve_response(pid_t pid, struct winbindd_response * response)
1952 DEBUG(10, ("Retrieving response for pid %d\n", pid));
1954 fstr_sprintf(key_str, "DR/%d", pid);
1955 data = tdb_fetch(wcache->tdb, string_tdb_data(key_str));
1957 if (data.dptr == NULL)
1960 if (data.dsize != sizeof(*response))
1963 memcpy(response, data.dptr, data.dsize);
1964 SAFE_FREE(data.dptr);
1966 if (response->length == sizeof(*response)) {
1967 response->extra_data.data = NULL;
1971 /* There's extra data */
1973 DEBUG(10, ("Retrieving extra data length=%d\n",
1974 (int)(response->length - sizeof(*response))));
1976 fstr_sprintf(key_str, "DE/%d", pid);
1977 data = tdb_fetch(wcache->tdb, string_tdb_data(key_str));
1979 if (data.dptr == NULL) {
1980 DEBUG(0, ("Did not find extra data\n"));
1984 if (data.dsize != (response->length - sizeof(*response))) {
1985 DEBUG(0, ("Invalid extra data length: %d\n", (int)data.dsize));
1986 SAFE_FREE(data.dptr);
1990 dump_data(11, data.dptr, data.dsize);
1992 response->extra_data.data = data.dptr;
1996 void cache_cleanup_response(pid_t pid)
2003 fstr_sprintf(key_str, "DR/%d", pid);
2004 tdb_delete(wcache->tdb, string_tdb_data(key_str));
2006 fstr_sprintf(key_str, "DE/%d", pid);
2007 tdb_delete(wcache->tdb, string_tdb_data(key_str));
2013 BOOL lookup_cached_sid(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
2014 const char **domain_name, const char **name,
2015 enum SID_NAME_USE *type)
2017 struct winbindd_domain *domain;
2018 struct winbind_cache *cache;
2019 struct cache_entry *centry = NULL;
2022 domain = find_lookup_domain_from_sid(sid);
2023 if (domain == NULL) {
2027 cache = get_cache(domain);
2029 if (cache->tdb == NULL) {
2033 centry = wcache_fetch(cache, domain, "SN/%s", sid_string_static(sid));
2034 if (centry == NULL) {
2038 if (NT_STATUS_IS_OK(centry->status)) {
2039 *type = (enum SID_NAME_USE)centry_uint32(centry);
2040 *domain_name = centry_string(centry, mem_ctx);
2041 *name = centry_string(centry, mem_ctx);
2044 status = centry->status;
2045 centry_free(centry);
2046 return NT_STATUS_IS_OK(status);
2049 BOOL lookup_cached_name(TALLOC_CTX *mem_ctx,
2050 const char *domain_name,
2053 enum SID_NAME_USE *type)
2055 struct winbindd_domain *domain;
2056 struct winbind_cache *cache;
2057 struct cache_entry *centry = NULL;
2061 domain = find_lookup_domain_from_name(domain_name);
2062 if (domain == NULL) {
2066 cache = get_cache(domain);
2068 if (cache->tdb == NULL) {
2072 fstrcpy(uname, name);
2075 centry = wcache_fetch(cache, domain, "NS/%s/%s", domain_name, uname);
2076 if (centry == NULL) {
2080 if (NT_STATUS_IS_OK(centry->status)) {
2081 *type = (enum SID_NAME_USE)centry_uint32(centry);
2082 centry_sid(centry, mem_ctx, sid);
2085 status = centry->status;
2086 centry_free(centry);
2088 return NT_STATUS_IS_OK(status);
2091 void cache_name2sid(struct winbindd_domain *domain,
2092 const char *domain_name, const char *name,
2093 enum SID_NAME_USE type, const DOM_SID *sid)
2095 wcache_save_name_to_sid(domain, NT_STATUS_OK, domain_name, name,
2099 /* delete all centries that don't have NT_STATUS_OK set */
2100 static int traverse_fn_cleanup(TDB_CONTEXT *the_tdb, TDB_DATA kbuf,
2101 TDB_DATA dbuf, void *state)
2103 struct cache_entry *centry;
2105 centry = wcache_fetch_raw(kbuf.dptr);
2110 if (!NT_STATUS_IS_OK(centry->status)) {
2111 DEBUG(10,("deleting centry %s\n", kbuf.dptr));
2112 tdb_delete(the_tdb, kbuf);
2115 centry_free(centry);
2119 /* flush the cache */
2120 void wcache_flush_cache(void)
2122 extern BOOL opt_nocache;
2127 tdb_close(wcache->tdb);
2133 /* when working offline we must not clear the cache on restart */
2134 wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"),
2135 WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
2136 TDB_DEFAULT /* TDB_CLEAR_IF_FIRST */, O_RDWR|O_CREAT, 0600);
2139 DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
2143 tdb_traverse(wcache->tdb, traverse_fn_cleanup, NULL);
2145 DEBUG(10,("wcache_flush_cache success\n"));
2148 /* Count cached creds */
2150 static int traverse_fn_cached_creds(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
2153 int *cred_count = (int*)state;
2155 if (strncmp(kbuf.dptr, "CRED/", 5) == 0) {
2161 NTSTATUS wcache_count_cached_creds(struct winbindd_domain *domain, int *count)
2163 struct winbind_cache *cache = get_cache(domain);
2168 return NT_STATUS_INTERNAL_DB_ERROR;
2171 tdb_traverse(cache->tdb, traverse_fn_cached_creds, (void *)count);
2173 return NT_STATUS_OK;
2177 struct cred_list *prev, *next;
2182 static struct cred_list *wcache_cred_list;
2184 static int traverse_fn_get_credlist(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
2187 struct cred_list *cred;
2189 if (strncmp(kbuf.dptr, "CRED/", 5) == 0) {
2191 cred = SMB_MALLOC_P(struct cred_list);
2193 DEBUG(0,("traverse_fn_remove_first_creds: failed to malloc new entry for list\n"));
2199 /* save a copy of the key */
2201 fstrcpy(cred->name, kbuf.dptr);
2202 DLIST_ADD(wcache_cred_list, cred);
2208 NTSTATUS wcache_remove_oldest_cached_creds(struct winbindd_domain *domain, const DOM_SID *sid)
2210 struct winbind_cache *cache = get_cache(domain);
2213 struct cred_list *cred, *oldest = NULL;
2216 return NT_STATUS_INTERNAL_DB_ERROR;
2219 /* we possibly already have an entry */
2220 if (sid && NT_STATUS_IS_OK(wcache_cached_creds_exist(domain, sid))) {
2224 DEBUG(11,("we already have an entry, deleting that\n"));
2226 fstr_sprintf(key_str, "CRED/%s", sid_string_static(sid));
2228 tdb_delete(cache->tdb, string_tdb_data(key_str));
2230 return NT_STATUS_OK;
2233 ret = tdb_traverse(cache->tdb, traverse_fn_get_credlist, NULL);
2235 return NT_STATUS_OK;
2236 } else if ((ret == -1) || (wcache_cred_list == NULL)) {
2237 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2240 ZERO_STRUCTP(oldest);
2242 for (cred = wcache_cred_list; cred; cred = cred->next) {
2247 data = tdb_fetch(cache->tdb, make_tdb_data(cred->name, strlen(cred->name)));
2249 DEBUG(10,("wcache_remove_oldest_cached_creds: entry for [%s] not found\n",
2251 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
2255 t = IVAL(data.dptr, 0);
2256 SAFE_FREE(data.dptr);
2259 oldest = SMB_MALLOC_P(struct cred_list);
2260 if (oldest == NULL) {
2261 status = NT_STATUS_NO_MEMORY;
2265 fstrcpy(oldest->name, cred->name);
2266 oldest->created = t;
2270 if (t < oldest->created) {
2271 fstrcpy(oldest->name, cred->name);
2272 oldest->created = t;
2276 if (tdb_delete(cache->tdb, string_tdb_data(oldest->name)) == 0) {
2277 status = NT_STATUS_OK;
2279 status = NT_STATUS_UNSUCCESSFUL;
2282 SAFE_FREE(wcache_cred_list);
2288 /* Change the global online/offline state. */
2289 BOOL set_global_winbindd_state_offline(void)
2294 DEBUG(10,("set_global_winbindd_state_offline: offline requested.\n"));
2296 /* Only go offline if someone has created
2297 the key "WINBINDD_OFFLINE" in the cache tdb. */
2299 if (wcache == NULL || wcache->tdb == NULL) {
2300 DEBUG(10,("set_global_winbindd_state_offline: wcache not open yet.\n"));
2304 if (!lp_winbind_offline_logon()) {
2305 DEBUG(10,("set_global_winbindd_state_offline: rejecting.\n"));
2309 if (global_winbindd_offline_state) {
2310 /* Already offline. */
2314 wcache->tdb->ecode = 0;
2316 data = tdb_fetch_bystring( wcache->tdb, "WINBINDD_OFFLINE" );
2318 /* As this is a key with no data we don't need to free, we
2319 check for existence by looking at tdb_err. */
2321 err = tdb_error(wcache->tdb);
2323 if (err == TDB_ERR_NOEXIST) {
2324 DEBUG(10,("set_global_winbindd_state_offline: offline state not set.\n"));
2327 DEBUG(10,("set_global_winbindd_state_offline: offline state set.\n"));
2328 global_winbindd_offline_state = True;
2333 void set_global_winbindd_state_online(void)
2335 DEBUG(10,("set_global_winbindd_state_online: online requested.\n"));
2337 if (!lp_winbind_offline_logon()) {
2338 DEBUG(10,("set_global_winbindd_state_online: rejecting.\n"));
2342 if (!global_winbindd_offline_state) {
2343 /* Already online. */
2346 global_winbindd_offline_state = False;
2352 /* Ensure there is no key "WINBINDD_OFFLINE" in the cache tdb. */
2353 tdb_delete_bystring(wcache->tdb, "WINBINDD_OFFLINE");
2356 BOOL get_global_winbindd_state_online(void)
2358 return global_winbindd_offline_state;
2361 /* the cache backend methods are exposed via this structure */
2362 struct winbindd_methods cache_methods = {
git.samba.org / sfrench / samba-autobuild / .git / blob