2 Unix SMB/CIFS implementation.
4 Winbind cache backend functions
6 Copyright (C) Andrew Tridgell 2001
7 Copyright (C) Gerald Carter 2003
8 Copyright (C) Volker Lendecke 2005
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 2 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, write to the Free Software
23 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 extern BOOL opt_nocache;
30 extern struct winbindd_methods msrpc_methods;
31 extern struct winbindd_methods ads_methods;
32 extern BOOL opt_dual_daemon;
33 extern BOOL background_process;
36 #define DBGC_CLASS DBGC_WINBIND
38 struct winbind_cache {
44 uint32 sequence_number;
49 #define WINBINDD_MAX_CACHE_SIZE (50*1024*1024)
51 static struct winbind_cache *wcache;
54 void wcache_flush_cache(void)
59 tdb_close(wcache->tdb);
65 wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"), 5000,
66 TDB_CLEAR_IF_FIRST, O_RDWR|O_CREAT, 0600);
69 DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
71 DEBUG(10,("wcache_flush_cache success\n"));
74 void winbindd_check_cache_size(time_t t)
76 static time_t last_check_time;
79 if (last_check_time == (time_t)0)
82 if (t - last_check_time < 60 && t - last_check_time > 0)
85 if (wcache == NULL || wcache->tdb == NULL) {
86 DEBUG(0, ("Unable to check size of tdb cache - cache not open !\n"));
90 if (fstat(wcache->tdb->fd, &st) == -1) {
91 DEBUG(0, ("Unable to check size of tdb cache %s!\n", strerror(errno) ));
95 if (st.st_size > WINBINDD_MAX_CACHE_SIZE) {
96 DEBUG(10,("flushing cache due to size (%lu) > (%lu)\n",
97 (unsigned long)st.st_size,
98 (unsigned long)WINBINDD_MAX_CACHE_SIZE));
103 /* get the winbind_cache structure */
104 static struct winbind_cache *get_cache(struct winbindd_domain *domain)
106 struct winbind_cache *ret = wcache;
108 if (!domain->backend) {
109 switch (lp_security()) {
112 /* always obey the lp_security parameter for our domain */
113 if (domain->primary) {
114 domain->backend = &ads_methods;
118 /* only use ADS for native modes at the momment.
119 The problem is the correct detection of mixed
120 mode domains from NT4 BDC's --jerry */
122 if ( domain->native_mode ) {
123 DEBUG(5,("get_cache: Setting ADS methods for domain %s\n",
125 domain->backend = &ads_methods;
133 DEBUG(5,("get_cache: Setting MS-RPC methods for domain %s\n",
135 domain->backend = &msrpc_methods;
142 ret = SMB_XMALLOC_P(struct winbind_cache);
146 wcache_flush_cache();
152 free a centry structure
154 static void centry_free(struct cache_entry *centry)
158 SAFE_FREE(centry->data);
163 pull a uint32 from a cache entry
165 static uint32 centry_uint32(struct cache_entry *centry)
168 if (centry->len - centry->ofs < 4) {
169 DEBUG(0,("centry corruption? needed 4 bytes, have %d\n",
170 centry->len - centry->ofs));
171 smb_panic("centry_uint32");
173 ret = IVAL(centry->data, centry->ofs);
179 pull a uint8 from a cache entry
181 static uint8 centry_uint8(struct cache_entry *centry)
184 if (centry->len - centry->ofs < 1) {
185 DEBUG(0,("centry corruption? needed 1 bytes, have %d\n",
186 centry->len - centry->ofs));
187 smb_panic("centry_uint32");
189 ret = CVAL(centry->data, centry->ofs);
194 /* pull a string from a cache entry, using the supplied
197 static char *centry_string(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
202 len = centry_uint8(centry);
205 /* a deliberate NULL string */
209 if (centry->len - centry->ofs < len) {
210 DEBUG(0,("centry corruption? needed %d bytes, have %d\n",
211 len, centry->len - centry->ofs));
212 smb_panic("centry_string");
215 ret = TALLOC(mem_ctx, len+1);
217 smb_panic("centry_string out of memory\n");
219 memcpy(ret,centry->data + centry->ofs, len);
225 /* pull a string from a cache entry, using the supplied
228 static DOM_SID *centry_sid(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
233 sid = TALLOC_P(mem_ctx, DOM_SID);
237 sid_string = centry_string(centry, mem_ctx);
238 if (!string_to_sid(sid, sid_string)) {
244 /* the server is considered down if it can't give us a sequence number */
245 static BOOL wcache_server_down(struct winbindd_domain *domain)
252 ret = (domain->sequence_number == DOM_SEQUENCE_NONE);
255 DEBUG(10,("wcache_server_down: server for Domain %s down\n",
260 static NTSTATUS fetch_cache_seqnum( struct winbindd_domain *domain, time_t now )
267 DEBUG(10,("fetch_cache_seqnum: tdb == NULL\n"));
268 return NT_STATUS_UNSUCCESSFUL;
271 fstr_sprintf( key, "SEQNUM/%s", domain->name );
273 data = tdb_fetch_bystring( wcache->tdb, key );
274 if ( !data.dptr || data.dsize!=8 ) {
275 DEBUG(10,("fetch_cache_seqnum: invalid data size key [%s]\n", key ));
276 return NT_STATUS_UNSUCCESSFUL;
279 domain->sequence_number = IVAL(data.dptr, 0);
280 domain->last_seq_check = IVAL(data.dptr, 4);
282 SAFE_FREE(data.dptr);
284 /* have we expired? */
286 time_diff = now - domain->last_seq_check;
287 if ( time_diff > lp_winbind_cache_time() ) {
288 DEBUG(10,("fetch_cache_seqnum: timeout [%s][%u @ %u]\n",
289 domain->name, domain->sequence_number,
290 (uint32)domain->last_seq_check));
291 return NT_STATUS_UNSUCCESSFUL;
294 DEBUG(10,("fetch_cache_seqnum: success [%s][%u @ %u]\n",
295 domain->name, domain->sequence_number,
296 (uint32)domain->last_seq_check));
301 static NTSTATUS store_cache_seqnum( struct winbindd_domain *domain )
308 DEBUG(10,("store_cache_seqnum: tdb == NULL\n"));
309 return NT_STATUS_UNSUCCESSFUL;
312 fstr_sprintf( key_str, "SEQNUM/%s", domain->name );
314 key.dsize = strlen(key_str)+1;
316 SIVAL(buf, 0, domain->sequence_number);
317 SIVAL(buf, 4, domain->last_seq_check);
321 if ( tdb_store( wcache->tdb, key, data, TDB_REPLACE) == -1 ) {
322 DEBUG(10,("store_cache_seqnum: tdb_store fail key [%s]\n", key_str ));
323 return NT_STATUS_UNSUCCESSFUL;
326 DEBUG(10,("store_cache_seqnum: success [%s][%u @ %u]\n",
327 domain->name, domain->sequence_number,
328 (uint32)domain->last_seq_check));
334 refresh the domain sequence number. If force is True
335 then always refresh it, no matter how recently we fetched it
338 static void refresh_sequence_number(struct winbindd_domain *domain, BOOL force)
342 time_t t = time(NULL);
343 unsigned cache_time = lp_winbind_cache_time();
347 #if 0 /* JERRY -- disable as the default cache time is now 5 minutes */
348 /* trying to reconnect is expensive, don't do it too often */
349 if (domain->sequence_number == DOM_SEQUENCE_NONE) {
354 time_diff = t - domain->last_seq_check;
356 /* see if we have to refetch the domain sequence number */
357 if (!force && (time_diff < cache_time)) {
358 DEBUG(10, ("refresh_sequence_number: %s time ok\n", domain->name));
362 /* try to get the sequence number from the tdb cache first */
363 /* this will update the timestamp as well */
365 status = fetch_cache_seqnum( domain, t );
366 if ( NT_STATUS_IS_OK(status) )
369 /* important! make sure that we know if this is a native
370 mode domain or not */
372 if ( !domain->initialized )
373 set_dc_type_and_flags( domain );
375 status = domain->backend->sequence_number(domain, &domain->sequence_number);
377 if (!NT_STATUS_IS_OK(status)) {
378 domain->sequence_number = DOM_SEQUENCE_NONE;
381 domain->last_status = status;
382 domain->last_seq_check = time(NULL);
384 /* save the new sequence number ni the cache */
385 store_cache_seqnum( domain );
388 DEBUG(10, ("refresh_sequence_number: %s seq number is now %d\n",
389 domain->name, domain->sequence_number));
395 decide if a cache entry has expired
397 static BOOL centry_expired(struct winbindd_domain *domain, const char *keystr, struct cache_entry *centry)
399 /* if the server is OK and our cache entry came from when it was down then
400 the entry is invalid */
401 if (domain->sequence_number != DOM_SEQUENCE_NONE &&
402 centry->sequence_number == DOM_SEQUENCE_NONE) {
403 DEBUG(10,("centry_expired: Key %s for domain %s invalid sequence.\n",
404 keystr, domain->name ));
408 /* if the server is down or the cache entry is not older than the
409 current sequence number then it is OK */
410 if (wcache_server_down(domain) ||
411 centry->sequence_number == domain->sequence_number) {
412 DEBUG(10,("centry_expired: Key %s for domain %s is good.\n",
413 keystr, domain->name ));
417 DEBUG(10,("centry_expired: Key %s for domain %s expired\n",
418 keystr, domain->name ));
425 fetch an entry from the cache, with a varargs key. auto-fetch the sequence
426 number and return status
428 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
429 struct winbindd_domain *domain,
430 const char *format, ...) PRINTF_ATTRIBUTE(3,4);
431 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
432 struct winbindd_domain *domain,
433 const char *format, ...)
438 struct cache_entry *centry;
441 refresh_sequence_number(domain, False);
443 va_start(ap, format);
444 smb_xvasprintf(&kstr, format, ap);
448 key.dsize = strlen(kstr);
449 data = tdb_fetch(wcache->tdb, key);
456 centry = SMB_XMALLOC_P(struct cache_entry);
457 centry->data = (unsigned char *)data.dptr;
458 centry->len = data.dsize;
461 if (centry->len < 8) {
462 /* huh? corrupt cache? */
463 DEBUG(10,("wcache_fetch: Corrupt cache for key %s domain %s (len < 8) ?\n",
464 kstr, domain->name ));
470 centry->status = NT_STATUS(centry_uint32(centry));
471 centry->sequence_number = centry_uint32(centry);
473 if (centry_expired(domain, kstr, centry)) {
475 DEBUG(10,("wcache_fetch: entry %s expired for domain %s\n",
476 kstr, domain->name ));
478 if (opt_dual_daemon) {
479 background_process = True;
480 DEBUG(10,("wcache_fetch: background processing expired entry %s for domain %s\n",
481 kstr, domain->name ));
489 DEBUG(10,("wcache_fetch: returning entry %s for domain %s\n",
490 kstr, domain->name ));
497 make sure we have at least len bytes available in a centry
499 static void centry_expand(struct cache_entry *centry, uint32 len)
502 if (centry->len - centry->ofs >= len)
505 p = SMB_REALLOC(centry->data, centry->len);
507 DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len));
508 smb_panic("out of memory in centry_expand");
514 push a uint32 into a centry
516 static void centry_put_uint32(struct cache_entry *centry, uint32 v)
518 centry_expand(centry, 4);
519 SIVAL(centry->data, centry->ofs, v);
524 push a uint8 into a centry
526 static void centry_put_uint8(struct cache_entry *centry, uint8 v)
528 centry_expand(centry, 1);
529 SCVAL(centry->data, centry->ofs, v);
534 push a string into a centry
536 static void centry_put_string(struct cache_entry *centry, const char *s)
541 /* null strings are marked as len 0xFFFF */
542 centry_put_uint8(centry, 0xFF);
547 /* can't handle more than 254 char strings. Truncating is probably best */
550 centry_put_uint8(centry, len);
551 centry_expand(centry, len);
552 memcpy(centry->data + centry->ofs, s, len);
556 static void centry_put_sid(struct cache_entry *centry, const DOM_SID *sid)
559 centry_put_string(centry, sid_to_string(sid_string, sid));
563 start a centry for output. When finished, call centry_end()
565 struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status)
567 struct cache_entry *centry;
572 centry = SMB_XMALLOC_P(struct cache_entry);
574 centry->len = 8192; /* reasonable default */
575 centry->data = SMB_XMALLOC_ARRAY(char, centry->len);
577 centry->sequence_number = domain->sequence_number;
578 centry_put_uint32(centry, NT_STATUS_V(status));
579 centry_put_uint32(centry, centry->sequence_number);
584 finish a centry and write it to the tdb
586 static void centry_end(struct cache_entry *centry, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
587 static void centry_end(struct cache_entry *centry, const char *format, ...)
593 va_start(ap, format);
594 smb_xvasprintf(&kstr, format, ap);
598 key.dsize = strlen(kstr);
599 data.dptr = (char *)centry->data;
600 data.dsize = centry->ofs;
602 tdb_store(wcache->tdb, key, data, TDB_REPLACE);
606 static void wcache_save_name_to_sid(struct winbindd_domain *domain,
607 NTSTATUS status, const char *domain_name,
608 const char *name, const DOM_SID *sid,
609 enum SID_NAME_USE type)
611 struct cache_entry *centry;
614 centry = centry_start(domain, status);
617 centry_put_uint32(centry, type);
618 centry_put_sid(centry, sid);
619 fstrcpy(uname, name);
621 centry_end(centry, "NS/%s/%s", domain_name, uname);
622 DEBUG(10,("wcache_save_name_to_sid: %s -> %s\n", uname,
623 sid_string_static(sid)));
627 static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS status,
628 const DOM_SID *sid, const char *domain_name, const char *name, enum SID_NAME_USE type)
630 struct cache_entry *centry;
633 centry = centry_start(domain, status);
636 if (NT_STATUS_IS_OK(status)) {
637 centry_put_uint32(centry, type);
638 centry_put_string(centry, domain_name);
639 centry_put_string(centry, name);
641 centry_end(centry, "SN/%s", sid_to_string(sid_string, sid));
642 DEBUG(10,("wcache_save_sid_to_name: %s -> %s\n", sid_string, name));
647 static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WINBIND_USERINFO *info)
649 struct cache_entry *centry;
652 centry = centry_start(domain, status);
655 centry_put_string(centry, info->acct_name);
656 centry_put_string(centry, info->full_name);
657 centry_put_sid(centry, info->user_sid);
658 centry_put_sid(centry, info->group_sid);
659 centry_end(centry, "U/%s", sid_to_string(sid_string, info->user_sid));
660 DEBUG(10,("wcache_save_user: %s (acct_name %s)\n", sid_string, info->acct_name));
665 /* Query display info. This is the basic user list fn */
666 static NTSTATUS query_user_list(struct winbindd_domain *domain,
669 WINBIND_USERINFO **info)
671 struct winbind_cache *cache = get_cache(domain);
672 struct cache_entry *centry = NULL;
674 unsigned int i, retry;
679 centry = wcache_fetch(cache, domain, "UL/%s", domain->name);
683 *num_entries = centry_uint32(centry);
685 if (*num_entries == 0)
688 (*info) = TALLOC_ARRAY(mem_ctx, WINBIND_USERINFO, *num_entries);
690 smb_panic("query_user_list out of memory");
691 for (i=0; i<(*num_entries); i++) {
692 (*info)[i].acct_name = centry_string(centry, mem_ctx);
693 (*info)[i].full_name = centry_string(centry, mem_ctx);
694 (*info)[i].user_sid = centry_sid(centry, mem_ctx);
695 (*info)[i].group_sid = centry_sid(centry, mem_ctx);
699 status = centry->status;
701 DEBUG(10,("query_user_list: [Cached] - cached list for domain %s status %s\n",
702 domain->name, get_friendly_nt_error_msg(status) ));
711 /* Return status value returned by seq number check */
713 if (!NT_STATUS_IS_OK(domain->last_status))
714 return domain->last_status;
716 /* Put the query_user_list() in a retry loop. There appears to be
717 * some bug either with Windows 2000 or Samba's handling of large
718 * rpc replies. This manifests itself as sudden disconnection
719 * at a random point in the enumeration of a large (60k) user list.
720 * The retry loop simply tries the operation again. )-: It's not
721 * pretty but an acceptable workaround until we work out what the
722 * real problem is. */
727 DEBUG(10,("query_user_list: [Cached] - doing backend query for list for domain %s\n",
730 status = domain->backend->query_user_list(domain, mem_ctx, num_entries, info);
731 if (!NT_STATUS_IS_OK(status))
732 DEBUG(3, ("query_user_list: returned 0x%08x, retrying\n", NT_STATUS_V(status)));
733 if (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL)) {
734 DEBUG(3, ("query_user_list: flushing connection cache\n"));
738 } while (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) &&
742 refresh_sequence_number(domain, False);
743 centry = centry_start(domain, status);
746 centry_put_uint32(centry, *num_entries);
747 for (i=0; i<(*num_entries); i++) {
748 centry_put_string(centry, (*info)[i].acct_name);
749 centry_put_string(centry, (*info)[i].full_name);
750 centry_put_sid(centry, (*info)[i].user_sid);
751 centry_put_sid(centry, (*info)[i].group_sid);
752 if (domain->backend->consistent) {
753 /* when the backend is consistent we can pre-prime some mappings */
754 wcache_save_name_to_sid(domain, NT_STATUS_OK,
756 (*info)[i].acct_name,
759 wcache_save_sid_to_name(domain, NT_STATUS_OK,
762 (*info)[i].acct_name,
764 wcache_save_user(domain, NT_STATUS_OK, &(*info)[i]);
767 centry_end(centry, "UL/%s", domain->name);
774 /* list all domain groups */
775 static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
778 struct acct_info **info)
780 struct winbind_cache *cache = get_cache(domain);
781 struct cache_entry *centry = NULL;
788 centry = wcache_fetch(cache, domain, "GL/%s/domain", domain->name);
792 *num_entries = centry_uint32(centry);
794 if (*num_entries == 0)
797 (*info) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_entries);
799 smb_panic("enum_dom_groups out of memory");
800 for (i=0; i<(*num_entries); i++) {
801 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
802 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
803 (*info)[i].rid = centry_uint32(centry);
807 status = centry->status;
809 DEBUG(10,("enum_dom_groups: [Cached] - cached list for domain %s status %s\n",
810 domain->name, get_friendly_nt_error_msg(status) ));
819 /* Return status value returned by seq number check */
821 if (!NT_STATUS_IS_OK(domain->last_status))
822 return domain->last_status;
824 DEBUG(10,("enum_dom_groups: [Cached] - doing backend query for list for domain %s\n",
827 status = domain->backend->enum_dom_groups(domain, mem_ctx, num_entries, info);
830 refresh_sequence_number(domain, False);
831 centry = centry_start(domain, status);
834 centry_put_uint32(centry, *num_entries);
835 for (i=0; i<(*num_entries); i++) {
836 centry_put_string(centry, (*info)[i].acct_name);
837 centry_put_string(centry, (*info)[i].acct_desc);
838 centry_put_uint32(centry, (*info)[i].rid);
840 centry_end(centry, "GL/%s/domain", domain->name);
847 /* list all domain groups */
848 static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
851 struct acct_info **info)
853 struct winbind_cache *cache = get_cache(domain);
854 struct cache_entry *centry = NULL;
861 centry = wcache_fetch(cache, domain, "GL/%s/local", domain->name);
865 *num_entries = centry_uint32(centry);
867 if (*num_entries == 0)
870 (*info) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_entries);
872 smb_panic("enum_dom_groups out of memory");
873 for (i=0; i<(*num_entries); i++) {
874 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
875 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
876 (*info)[i].rid = centry_uint32(centry);
881 /* If we are returning cached data and the domain controller
882 is down then we don't know whether the data is up to date
883 or not. Return NT_STATUS_MORE_PROCESSING_REQUIRED to
886 if (wcache_server_down(domain)) {
887 DEBUG(10, ("enum_local_groups: returning cached user list and server was down\n"));
888 status = NT_STATUS_MORE_PROCESSING_REQUIRED;
890 status = centry->status;
892 DEBUG(10,("enum_local_groups: [Cached] - cached list for domain %s status %s\n",
893 domain->name, get_friendly_nt_error_msg(status) ));
902 /* Return status value returned by seq number check */
904 if (!NT_STATUS_IS_OK(domain->last_status))
905 return domain->last_status;
907 DEBUG(10,("enum_local_groups: [Cached] - doing backend query for list for domain %s\n",
910 status = domain->backend->enum_local_groups(domain, mem_ctx, num_entries, info);
913 refresh_sequence_number(domain, False);
914 centry = centry_start(domain, status);
917 centry_put_uint32(centry, *num_entries);
918 for (i=0; i<(*num_entries); i++) {
919 centry_put_string(centry, (*info)[i].acct_name);
920 centry_put_string(centry, (*info)[i].acct_desc);
921 centry_put_uint32(centry, (*info)[i].rid);
923 centry_end(centry, "GL/%s/local", domain->name);
930 /* convert a single name to a sid in a domain */
931 static NTSTATUS name_to_sid(struct winbindd_domain *domain,
933 const char *domain_name,
936 enum SID_NAME_USE *type)
938 struct winbind_cache *cache = get_cache(domain);
939 struct cache_entry *centry = NULL;
947 fstrcpy(uname, name);
949 centry = wcache_fetch(cache, domain, "NS/%s/%s", domain_name, uname);
952 *type = (enum SID_NAME_USE)centry_uint32(centry);
953 sid2 = centry_sid(centry, mem_ctx);
960 status = centry->status;
962 DEBUG(10,("name_to_sid: [Cached] - cached name for domain %s status %s\n",
963 domain->name, get_friendly_nt_error_msg(status) ));
971 /* If the seq number check indicated that there is a problem
972 * with this DC, then return that status... except for
973 * access_denied. This is special because the dc may be in
974 * "restrict anonymous = 1" mode, in which case it will deny
975 * most unauthenticated operations, but *will* allow the LSA
976 * name-to-sid that we try as a fallback. */
978 if (!(NT_STATUS_IS_OK(domain->last_status)
979 || NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)))
980 return domain->last_status;
982 DEBUG(10,("name_to_sid: [Cached] - doing backend query for name for domain %s\n",
985 status = domain->backend->name_to_sid(domain, mem_ctx, domain_name, name, sid, type);
988 wcache_save_name_to_sid(domain, status, domain_name, name, sid, *type);
990 /* We can't save the sid to name mapping as we don't know the
991 correct case of the name without looking it up */
996 /* convert a sid to a user or group name. The sid is guaranteed to be in the domain
998 static NTSTATUS sid_to_name(struct winbindd_domain *domain,
1003 enum SID_NAME_USE *type)
1005 struct winbind_cache *cache = get_cache(domain);
1006 struct cache_entry *centry = NULL;
1013 centry = wcache_fetch(cache, domain, "SN/%s", sid_to_string(sid_string, sid));
1016 if (NT_STATUS_IS_OK(centry->status)) {
1017 *type = (enum SID_NAME_USE)centry_uint32(centry);
1018 *domain_name = centry_string(centry, mem_ctx);
1019 *name = centry_string(centry, mem_ctx);
1021 status = centry->status;
1023 DEBUG(10,("sid_to_name: [Cached] - cached name for domain %s status %s\n",
1024 domain->name, get_friendly_nt_error_msg(status) ));
1026 centry_free(centry);
1031 *domain_name = NULL;
1033 /* If the seq number check indicated that there is a problem
1034 * with this DC, then return that status... except for
1035 * access_denied. This is special because the dc may be in
1036 * "restrict anonymous = 1" mode, in which case it will deny
1037 * most unauthenticated operations, but *will* allow the LSA
1038 * sid-to-name that we try as a fallback. */
1040 if (!(NT_STATUS_IS_OK(domain->last_status)
1041 || NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)))
1042 return domain->last_status;
1044 DEBUG(10,("sid_to_name: [Cached] - doing backend query for name for domain %s\n",
1047 status = domain->backend->sid_to_name(domain, mem_ctx, sid, domain_name, name, type);
1050 refresh_sequence_number(domain, False);
1051 wcache_save_sid_to_name(domain, status, sid, *domain_name, *name, *type);
1053 /* We can't save the name to sid mapping here, as with sid history a
1054 * later name2sid would give the wrong sid. */
1060 /* Lookup user information from a rid */
1061 static NTSTATUS query_user(struct winbindd_domain *domain,
1062 TALLOC_CTX *mem_ctx,
1063 const DOM_SID *user_sid,
1064 WINBIND_USERINFO *info)
1066 struct winbind_cache *cache = get_cache(domain);
1067 struct cache_entry *centry = NULL;
1073 centry = wcache_fetch(cache, domain, "U/%s", sid_string_static(user_sid));
1075 /* If we have an access denied cache entry and a cached info3 in the
1076 samlogon cache then do a query. This will force the rpc back end
1077 to return the info3 data. */
1079 if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
1080 netsamlogon_cache_have(user_sid)) {
1081 DEBUG(10, ("query_user: cached access denied and have cached info3\n"));
1082 domain->last_status = NT_STATUS_OK;
1083 centry_free(centry);
1090 info->acct_name = centry_string(centry, mem_ctx);
1091 info->full_name = centry_string(centry, mem_ctx);
1092 info->user_sid = centry_sid(centry, mem_ctx);
1093 info->group_sid = centry_sid(centry, mem_ctx);
1094 status = centry->status;
1096 DEBUG(10,("query_user: [Cached] - cached info for domain %s status %s\n",
1097 domain->name, get_friendly_nt_error_msg(status) ));
1099 centry_free(centry);
1105 /* Return status value returned by seq number check */
1107 if (!NT_STATUS_IS_OK(domain->last_status))
1108 return domain->last_status;
1110 DEBUG(10,("sid_to_name: [Cached] - doing backend query for info for domain %s\n",
1113 status = domain->backend->query_user(domain, mem_ctx, user_sid, info);
1116 refresh_sequence_number(domain, False);
1117 wcache_save_user(domain, status, info);
1123 /* Lookup groups a user is a member of. */
1124 static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
1125 TALLOC_CTX *mem_ctx,
1126 const DOM_SID *user_sid,
1127 uint32 *num_groups, DOM_SID ***user_gids)
1129 struct winbind_cache *cache = get_cache(domain);
1130 struct cache_entry *centry = NULL;
1138 centry = wcache_fetch(cache, domain, "UG/%s", sid_to_string(sid_string, user_sid));
1140 /* If we have an access denied cache entry and a cached info3 in the
1141 samlogon cache then do a query. This will force the rpc back end
1142 to return the info3 data. */
1144 if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
1145 netsamlogon_cache_have(user_sid)) {
1146 DEBUG(10, ("query_user: cached access denied and have cached info3\n"));
1147 domain->last_status = NT_STATUS_OK;
1148 centry_free(centry);
1155 *num_groups = centry_uint32(centry);
1157 if (*num_groups == 0)
1160 (*user_gids) = TALLOC_ARRAY(mem_ctx, DOM_SID *, *num_groups);
1162 smb_panic("lookup_usergroups out of memory");
1163 for (i=0; i<(*num_groups); i++) {
1164 (*user_gids)[i] = centry_sid(centry, mem_ctx);
1168 status = centry->status;
1170 DEBUG(10,("lookup_usergroups: [Cached] - cached info for domain %s status %s\n",
1171 domain->name, get_friendly_nt_error_msg(status) ));
1173 centry_free(centry);
1178 (*user_gids) = NULL;
1180 /* Return status value returned by seq number check */
1182 if (!NT_STATUS_IS_OK(domain->last_status))
1183 return domain->last_status;
1185 DEBUG(10,("lookup_usergroups: [Cached] - doing backend query for info for domain %s\n",
1188 status = domain->backend->lookup_usergroups(domain, mem_ctx, user_sid, num_groups, user_gids);
1191 refresh_sequence_number(domain, False);
1192 centry = centry_start(domain, status);
1195 centry_put_uint32(centry, *num_groups);
1196 for (i=0; i<(*num_groups); i++) {
1197 centry_put_sid(centry, (*user_gids)[i]);
1199 centry_end(centry, "UG/%s", sid_to_string(sid_string, user_sid));
1200 centry_free(centry);
1206 static NTSTATUS lookup_useraliases(struct winbindd_domain *domain,
1207 TALLOC_CTX *mem_ctx,
1208 uint32 num_sids, DOM_SID **sids,
1209 uint32 *num_aliases, uint32 **alias_rids)
1211 struct winbind_cache *cache = get_cache(domain);
1212 struct cache_entry *centry = NULL;
1214 char *sidlist = talloc_strdup(mem_ctx, "");
1220 if (num_sids == 0) {
1223 return NT_STATUS_OK;
1226 /* We need to cache indexed by the whole list of SIDs, the aliases
1227 * resulting might come from any of the SIDs. */
1229 for (i=0; i<num_sids; i++) {
1230 sidlist = talloc_asprintf(mem_ctx, "%s/%s", sidlist,
1231 sid_string_static(sids[i]));
1232 if (sidlist == NULL)
1233 return NT_STATUS_NO_MEMORY;
1236 centry = wcache_fetch(cache, domain, "UA%s", sidlist);
1241 *num_aliases = centry_uint32(centry);
1244 (*alias_rids) = TALLOC_ARRAY(mem_ctx, uint32, *num_aliases);
1246 if ((*num_aliases != 0) && ((*alias_rids) == NULL))
1247 return NT_STATUS_NO_MEMORY;
1249 for (i=0; i<(*num_aliases); i++)
1250 (*alias_rids)[i] = centry_uint32(centry);
1252 status = centry->status;
1254 DEBUG(10,("lookup_useraliases: [Cached] - cached info for domain %s "
1255 "status %s\n", domain->name,
1256 get_friendly_nt_error_msg(status)));
1258 centry_free(centry);
1263 (*alias_rids) = NULL;
1265 if (!NT_STATUS_IS_OK(domain->last_status))
1266 return domain->last_status;
1268 DEBUG(10,("lookup_usergroups: [Cached] - doing backend query for info "
1269 "for domain %s\n", domain->name ));
1271 status = domain->backend->lookup_useraliases(domain, mem_ctx,
1273 num_aliases, alias_rids);
1276 refresh_sequence_number(domain, False);
1277 centry = centry_start(domain, status);
1280 centry_put_uint32(centry, *num_aliases);
1281 for (i=0; i<(*num_aliases); i++)
1282 centry_put_uint32(centry, (*alias_rids)[i]);
1283 centry_end(centry, "UA%s", sidlist);
1284 centry_free(centry);
1291 static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
1292 TALLOC_CTX *mem_ctx,
1293 const DOM_SID *group_sid, uint32 *num_names,
1294 DOM_SID ***sid_mem, char ***names,
1295 uint32 **name_types)
1297 struct winbind_cache *cache = get_cache(domain);
1298 struct cache_entry *centry = NULL;
1306 centry = wcache_fetch(cache, domain, "GM/%s", sid_to_string(sid_string, group_sid));
1310 *num_names = centry_uint32(centry);
1312 if (*num_names == 0)
1315 (*sid_mem) = TALLOC_ARRAY(mem_ctx, DOM_SID *, *num_names);
1316 (*names) = TALLOC_ARRAY(mem_ctx, char *, *num_names);
1317 (*name_types) = TALLOC_ARRAY(mem_ctx, uint32, *num_names);
1319 if (! (*sid_mem) || ! (*names) || ! (*name_types)) {
1320 smb_panic("lookup_groupmem out of memory");
1323 for (i=0; i<(*num_names); i++) {
1324 (*sid_mem)[i] = centry_sid(centry, mem_ctx);
1325 (*names)[i] = centry_string(centry, mem_ctx);
1326 (*name_types)[i] = centry_uint32(centry);
1330 status = centry->status;
1332 DEBUG(10,("lookup_groupmem: [Cached] - cached info for domain %s status %s\n",
1333 domain->name, get_friendly_nt_error_msg(status) ));
1335 centry_free(centry);
1342 (*name_types) = NULL;
1344 /* Return status value returned by seq number check */
1346 if (!NT_STATUS_IS_OK(domain->last_status))
1347 return domain->last_status;
1349 DEBUG(10,("lookup_groupmem: [Cached] - doing backend query for info for domain %s\n",
1352 status = domain->backend->lookup_groupmem(domain, mem_ctx, group_sid, num_names,
1353 sid_mem, names, name_types);
1356 refresh_sequence_number(domain, False);
1357 centry = centry_start(domain, status);
1360 centry_put_uint32(centry, *num_names);
1361 for (i=0; i<(*num_names); i++) {
1362 centry_put_sid(centry, (*sid_mem)[i]);
1363 centry_put_string(centry, (*names)[i]);
1364 centry_put_uint32(centry, (*name_types)[i]);
1366 centry_end(centry, "GM/%s", sid_to_string(sid_string, group_sid));
1367 centry_free(centry);
1373 /* find the sequence number for a domain */
1374 static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
1376 refresh_sequence_number(domain, False);
1378 *seq = domain->sequence_number;
1380 return NT_STATUS_OK;
1383 /* enumerate trusted domains */
1384 static NTSTATUS trusted_domains(struct winbindd_domain *domain,
1385 TALLOC_CTX *mem_ctx,
1386 uint32 *num_domains,
1393 DEBUG(10,("trusted_domains: [Cached] - doing backend query for info for domain %s\n",
1396 /* we don't cache this call */
1397 return domain->backend->trusted_domains(domain, mem_ctx, num_domains,
1398 names, alt_names, dom_sids);
1401 /* find the domain sid */
1402 static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid)
1406 DEBUG(10,("domain_sid: [Cached] - doing backend query for info for domain %s\n",
1409 /* we don't cache this call */
1410 return domain->backend->domain_sid(domain, sid);
1413 /* find the alternate names for the domain, if any */
1414 static NTSTATUS alternate_name(struct winbindd_domain *domain)
1418 DEBUG(10,("alternate_name: [Cached] - doing backend query for info for domain %s\n",
1421 /* we don't cache this call */
1422 return domain->backend->alternate_name(domain);
1425 /* Invalidate cached user and group lists coherently */
1427 static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
1430 if (strncmp(kbuf.dptr, "UL/", 3) == 0 ||
1431 strncmp(kbuf.dptr, "GL/", 3) == 0)
1432 tdb_delete(the_tdb, kbuf);
1437 /* Invalidate the getpwnam and getgroups entries for a winbindd domain */
1439 void wcache_invalidate_samlogon(struct winbindd_domain *domain,
1440 NET_USER_INFO_3 *info3)
1442 struct winbind_cache *cache;
1447 cache = get_cache(domain);
1448 netsamlogon_clear_cached_user(cache->tdb, info3);
1451 void wcache_invalidate_cache(void)
1453 struct winbindd_domain *domain;
1455 for (domain = domain_list(); domain; domain = domain->next) {
1456 struct winbind_cache *cache = get_cache(domain);
1458 DEBUG(10, ("wcache_invalidate_cache: invalidating cache "
1459 "entries for %s\n", domain->name));
1461 tdb_traverse(cache->tdb, traverse_fn, NULL);
1465 /* the ADS backend methods are exposed via this structure */
1466 struct winbindd_methods cache_methods = {