2 Unix SMB/CIFS implementation.
4 Winbind cache backend functions
6 Copyright (C) Andrew Tridgell 2001
7 Copyright (C) Gerald Carter 2003-2007
8 Copyright (C) Volker Lendecke 2005
9 Copyright (C) Guenther Deschner 2005
10 Copyright (C) Michael Adam 2007
12 This program is free software; you can redistribute it and/or modify
13 it under the terms of the GNU General Public License as published by
14 the Free Software Foundation; either version 3 of the License, or
15 (at your option) any later version.
17 This program is distributed in the hope that it will be useful,
18 but WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 GNU General Public License for more details.
22 You should have received a copy of the GNU General Public License
23 along with this program. If not, see <http://www.gnu.org/licenses/>.
28 #include "tdb_validate.h"
31 #define DBGC_CLASS DBGC_WINBIND
33 #define WINBINDD_CACHE_VERSION 1
34 #define WINBINDD_CACHE_VERSION_KEYSTR "WINBINDD_CACHE_VERSION"
36 extern struct winbindd_methods reconnect_methods;
37 extern bool opt_nocache;
39 extern struct winbindd_methods ads_methods;
41 extern struct winbindd_methods builtin_passdb_methods;
44 * JRA. KEEP THIS LIST UP TO DATE IF YOU ADD CACHE ENTRIES.
45 * Here are the list of entry types that are *not* stored
46 * as form struct cache_entry in the cache.
49 static const char *non_centry_keys[] = {
54 WINBINDD_CACHE_VERSION_KEYSTR,
58 /************************************************************************
59 Is this key a non-centry type ?
60 ************************************************************************/
62 static bool is_non_centry_key(TDB_DATA kbuf)
66 if (kbuf.dptr == NULL || kbuf.dsize == 0) {
69 for (i = 0; non_centry_keys[i] != NULL; i++) {
70 size_t namelen = strlen(non_centry_keys[i]);
71 if (kbuf.dsize < namelen) {
74 if (strncmp(non_centry_keys[i], (const char *)kbuf.dptr, namelen) == 0) {
81 /* Global online/offline state - False when online. winbindd starts up online
82 and sets this to true if the first query fails and there's an entry in
83 the cache tdb telling us to stay offline. */
85 static bool global_winbindd_offline_state;
87 struct winbind_cache {
93 uint32 sequence_number;
98 void (*smb_panic_fn)(const char *const why) = smb_panic;
100 #define WINBINDD_MAX_CACHE_SIZE (50*1024*1024)
102 static struct winbind_cache *wcache;
104 void winbindd_check_cache_size(time_t t)
106 static time_t last_check_time;
109 if (last_check_time == (time_t)0)
112 if (t - last_check_time < 60 && t - last_check_time > 0)
115 if (wcache == NULL || wcache->tdb == NULL) {
116 DEBUG(0, ("Unable to check size of tdb cache - cache not open !\n"));
120 if (fstat(tdb_fd(wcache->tdb), &st) == -1) {
121 DEBUG(0, ("Unable to check size of tdb cache %s!\n", strerror(errno) ));
125 if (st.st_size > WINBINDD_MAX_CACHE_SIZE) {
126 DEBUG(10,("flushing cache due to size (%lu) > (%lu)\n",
127 (unsigned long)st.st_size,
128 (unsigned long)WINBINDD_MAX_CACHE_SIZE));
129 wcache_flush_cache();
133 /* get the winbind_cache structure */
134 static struct winbind_cache *get_cache(struct winbindd_domain *domain)
136 struct winbind_cache *ret = wcache;
138 /* We have to know what type of domain we are dealing with first. */
140 if (domain->internal) {
141 domain->backend = &builtin_passdb_methods;
142 domain->initialized = True;
144 if ( !domain->initialized ) {
145 init_dc_connection( domain );
149 OK. listen up becasue I'm only going to say this once.
150 We have the following scenarios to consider
151 (a) trusted AD domains on a Samba DC,
152 (b) trusted AD domains and we are joined to a non-kerberos domain
153 (c) trusted AD domains and we are joined to a kerberos (AD) domain
155 For (a) we can always contact the trusted domain using krb5
156 since we have the domain trust account password
158 For (b) we can only use RPC since we have no way of
159 getting a krb5 ticket in our own domain
161 For (c) we can always use krb5 since we have a kerberos trust
166 if (!domain->backend) {
168 struct winbindd_domain *our_domain = domain;
170 /* find our domain first so we can figure out if we
171 are joined to a kerberized domain */
173 if ( !domain->primary )
174 our_domain = find_our_domain();
176 if ((our_domain->active_directory || IS_DC)
177 && domain->active_directory
178 && !lp_winbind_rpc_only()) {
179 DEBUG(5,("get_cache: Setting ADS methods for domain %s\n", domain->name));
180 domain->backend = &ads_methods;
182 #endif /* HAVE_ADS */
183 DEBUG(5,("get_cache: Setting MS-RPC methods for domain %s\n", domain->name));
184 domain->backend = &reconnect_methods;
187 #endif /* HAVE_ADS */
193 ret = SMB_XMALLOC_P(struct winbind_cache);
197 wcache_flush_cache();
203 free a centry structure
205 static void centry_free(struct cache_entry *centry)
209 SAFE_FREE(centry->data);
213 static bool centry_check_bytes(struct cache_entry *centry, size_t nbytes)
215 if (centry->len - centry->ofs < nbytes) {
216 DEBUG(0,("centry corruption? needed %u bytes, have %d\n",
217 (unsigned int)nbytes,
218 centry->len - centry->ofs));
225 pull a uint32 from a cache entry
227 static uint32 centry_uint32(struct cache_entry *centry)
231 if (!centry_check_bytes(centry, 4)) {
232 smb_panic_fn("centry_uint32");
234 ret = IVAL(centry->data, centry->ofs);
240 pull a uint16 from a cache entry
242 static uint16 centry_uint16(struct cache_entry *centry)
245 if (!centry_check_bytes(centry, 2)) {
246 smb_panic_fn("centry_uint16");
248 ret = CVAL(centry->data, centry->ofs);
254 pull a uint8 from a cache entry
256 static uint8 centry_uint8(struct cache_entry *centry)
259 if (!centry_check_bytes(centry, 1)) {
260 smb_panic_fn("centry_uint8");
262 ret = CVAL(centry->data, centry->ofs);
268 pull a NTTIME from a cache entry
270 static NTTIME centry_nttime(struct cache_entry *centry)
273 if (!centry_check_bytes(centry, 8)) {
274 smb_panic_fn("centry_nttime");
276 ret = IVAL(centry->data, centry->ofs);
278 ret += (uint64_t)IVAL(centry->data, centry->ofs) << 32;
284 pull a time_t from a cache entry. time_t stored portably as a 64-bit time.
286 static time_t centry_time(struct cache_entry *centry)
288 return (time_t)centry_nttime(centry);
291 /* pull a string from a cache entry, using the supplied
294 static char *centry_string(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
299 len = centry_uint8(centry);
302 /* a deliberate NULL string */
306 if (!centry_check_bytes(centry, (size_t)len)) {
307 smb_panic_fn("centry_string");
310 ret = TALLOC_ARRAY(mem_ctx, char, len+1);
312 smb_panic_fn("centry_string out of memory\n");
314 memcpy(ret,centry->data + centry->ofs, len);
320 /* pull a hash16 from a cache entry, using the supplied
323 static char *centry_hash16(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
328 len = centry_uint8(centry);
331 DEBUG(0,("centry corruption? hash len (%u) != 16\n",
336 if (!centry_check_bytes(centry, 16)) {
340 ret = TALLOC_ARRAY(mem_ctx, char, 16);
342 smb_panic_fn("centry_hash out of memory\n");
344 memcpy(ret,centry->data + centry->ofs, 16);
349 /* pull a sid from a cache entry, using the supplied
352 static bool centry_sid(struct cache_entry *centry, TALLOC_CTX *mem_ctx, DOM_SID *sid)
355 sid_string = centry_string(centry, mem_ctx);
356 if ((sid_string == NULL) || (!string_to_sid(sid, sid_string))) {
364 pull a NTSTATUS from a cache entry
366 static NTSTATUS centry_ntstatus(struct cache_entry *centry)
370 status = NT_STATUS(centry_uint32(centry));
375 /* the server is considered down if it can't give us a sequence number */
376 static bool wcache_server_down(struct winbindd_domain *domain)
383 ret = (domain->sequence_number == DOM_SEQUENCE_NONE);
386 DEBUG(10,("wcache_server_down: server for Domain %s down\n",
391 static NTSTATUS fetch_cache_seqnum( struct winbindd_domain *domain, time_t now )
398 DEBUG(10,("fetch_cache_seqnum: tdb == NULL\n"));
399 return NT_STATUS_UNSUCCESSFUL;
402 fstr_sprintf( key, "SEQNUM/%s", domain->name );
404 data = tdb_fetch_bystring( wcache->tdb, key );
405 if ( !data.dptr || data.dsize!=8 ) {
406 DEBUG(10,("fetch_cache_seqnum: invalid data size key [%s]\n", key ));
407 return NT_STATUS_UNSUCCESSFUL;
410 domain->sequence_number = IVAL(data.dptr, 0);
411 domain->last_seq_check = IVAL(data.dptr, 4);
413 SAFE_FREE(data.dptr);
415 /* have we expired? */
417 time_diff = now - domain->last_seq_check;
418 if ( time_diff > lp_winbind_cache_time() ) {
419 DEBUG(10,("fetch_cache_seqnum: timeout [%s][%u @ %u]\n",
420 domain->name, domain->sequence_number,
421 (uint32)domain->last_seq_check));
422 return NT_STATUS_UNSUCCESSFUL;
425 DEBUG(10,("fetch_cache_seqnum: success [%s][%u @ %u]\n",
426 domain->name, domain->sequence_number,
427 (uint32)domain->last_seq_check));
432 static NTSTATUS store_cache_seqnum( struct winbindd_domain *domain )
439 DEBUG(10,("store_cache_seqnum: tdb == NULL\n"));
440 return NT_STATUS_UNSUCCESSFUL;
443 fstr_sprintf( key_str, "SEQNUM/%s", domain->name );
445 SIVAL(buf, 0, domain->sequence_number);
446 SIVAL(buf, 4, domain->last_seq_check);
450 if ( tdb_store_bystring( wcache->tdb, key_str, data, TDB_REPLACE) == -1 ) {
451 DEBUG(10,("store_cache_seqnum: tdb_store fail key [%s]\n", key_str ));
452 return NT_STATUS_UNSUCCESSFUL;
455 DEBUG(10,("store_cache_seqnum: success [%s][%u @ %u]\n",
456 domain->name, domain->sequence_number,
457 (uint32)domain->last_seq_check));
463 refresh the domain sequence number. If force is true
464 then always refresh it, no matter how recently we fetched it
467 static void refresh_sequence_number(struct winbindd_domain *domain, bool force)
471 time_t t = time(NULL);
472 unsigned cache_time = lp_winbind_cache_time();
474 if ( IS_DOMAIN_OFFLINE(domain) ) {
480 #if 0 /* JERRY -- disable as the default cache time is now 5 minutes */
481 /* trying to reconnect is expensive, don't do it too often */
482 if (domain->sequence_number == DOM_SEQUENCE_NONE) {
487 time_diff = t - domain->last_seq_check;
489 /* see if we have to refetch the domain sequence number */
490 if (!force && (time_diff < cache_time) &&
491 (domain->sequence_number != DOM_SEQUENCE_NONE) &&
492 NT_STATUS_IS_OK(domain->last_status)) {
493 DEBUG(10, ("refresh_sequence_number: %s time ok\n", domain->name));
497 /* try to get the sequence number from the tdb cache first */
498 /* this will update the timestamp as well */
500 status = fetch_cache_seqnum( domain, t );
501 if (NT_STATUS_IS_OK(status) &&
502 (domain->sequence_number != DOM_SEQUENCE_NONE) &&
503 NT_STATUS_IS_OK(domain->last_status)) {
507 /* important! make sure that we know if this is a native
508 mode domain or not. And that we can contact it. */
510 if ( winbindd_can_contact_domain( domain ) ) {
511 status = domain->backend->sequence_number(domain,
512 &domain->sequence_number);
514 /* just use the current time */
515 status = NT_STATUS_OK;
516 domain->sequence_number = time(NULL);
520 /* the above call could have set our domain->backend to NULL when
521 * coming from offline to online mode, make sure to reinitialize the
522 * backend - Guenther */
525 if (!NT_STATUS_IS_OK(status)) {
526 DEBUG(10,("refresh_sequence_number: failed with %s\n", nt_errstr(status)));
527 domain->sequence_number = DOM_SEQUENCE_NONE;
530 domain->last_status = status;
531 domain->last_seq_check = time(NULL);
533 /* save the new sequence number in the cache */
534 store_cache_seqnum( domain );
537 DEBUG(10, ("refresh_sequence_number: %s seq number is now %d\n",
538 domain->name, domain->sequence_number));
544 decide if a cache entry has expired
546 static bool centry_expired(struct winbindd_domain *domain, const char *keystr, struct cache_entry *centry)
548 /* If we've been told to be offline - stay in that state... */
549 if (lp_winbind_offline_logon() && global_winbindd_offline_state) {
550 DEBUG(10,("centry_expired: Key %s for domain %s valid as winbindd is globally offline.\n",
551 keystr, domain->name ));
555 /* when the domain is offline return the cached entry.
556 * This deals with transient offline states... */
558 if (!domain->online) {
559 DEBUG(10,("centry_expired: Key %s for domain %s valid as domain is offline.\n",
560 keystr, domain->name ));
564 /* if the server is OK and our cache entry came from when it was down then
565 the entry is invalid */
566 if ((domain->sequence_number != DOM_SEQUENCE_NONE) &&
567 (centry->sequence_number == DOM_SEQUENCE_NONE)) {
568 DEBUG(10,("centry_expired: Key %s for domain %s invalid sequence.\n",
569 keystr, domain->name ));
573 /* if the server is down or the cache entry is not older than the
574 current sequence number then it is OK */
575 if (wcache_server_down(domain) ||
576 centry->sequence_number == domain->sequence_number) {
577 DEBUG(10,("centry_expired: Key %s for domain %s is good.\n",
578 keystr, domain->name ));
582 DEBUG(10,("centry_expired: Key %s for domain %s expired\n",
583 keystr, domain->name ));
589 static struct cache_entry *wcache_fetch_raw(char *kstr)
592 struct cache_entry *centry;
595 key = string_tdb_data(kstr);
596 data = tdb_fetch(wcache->tdb, key);
602 centry = SMB_XMALLOC_P(struct cache_entry);
603 centry->data = (unsigned char *)data.dptr;
604 centry->len = data.dsize;
607 if (centry->len < 8) {
608 /* huh? corrupt cache? */
609 DEBUG(10,("wcache_fetch_raw: Corrupt cache for key %s (len < 8) ?\n", kstr));
614 centry->status = centry_ntstatus(centry);
615 centry->sequence_number = centry_uint32(centry);
621 fetch an entry from the cache, with a varargs key. auto-fetch the sequence
622 number and return status
624 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
625 struct winbindd_domain *domain,
626 const char *format, ...) PRINTF_ATTRIBUTE(3,4);
627 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
628 struct winbindd_domain *domain,
629 const char *format, ...)
633 struct cache_entry *centry;
639 refresh_sequence_number(domain, false);
641 va_start(ap, format);
642 smb_xvasprintf(&kstr, format, ap);
645 centry = wcache_fetch_raw(kstr);
646 if (centry == NULL) {
651 if (centry_expired(domain, kstr, centry)) {
653 DEBUG(10,("wcache_fetch: entry %s expired for domain %s\n",
654 kstr, domain->name ));
661 DEBUG(10,("wcache_fetch: returning entry %s for domain %s\n",
662 kstr, domain->name ));
668 static void wcache_delete(const char *format, ...) PRINTF_ATTRIBUTE(1,2);
669 static void wcache_delete(const char *format, ...)
675 va_start(ap, format);
676 smb_xvasprintf(&kstr, format, ap);
679 key = string_tdb_data(kstr);
681 tdb_delete(wcache->tdb, key);
686 make sure we have at least len bytes available in a centry
688 static void centry_expand(struct cache_entry *centry, uint32 len)
690 if (centry->len - centry->ofs >= len)
693 centry->data = SMB_REALLOC_ARRAY(centry->data, unsigned char,
696 DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len));
697 smb_panic_fn("out of memory in centry_expand");
702 push a uint32 into a centry
704 static void centry_put_uint32(struct cache_entry *centry, uint32 v)
706 centry_expand(centry, 4);
707 SIVAL(centry->data, centry->ofs, v);
712 push a uint16 into a centry
714 static void centry_put_uint16(struct cache_entry *centry, uint16 v)
716 centry_expand(centry, 2);
717 SIVAL(centry->data, centry->ofs, v);
722 push a uint8 into a centry
724 static void centry_put_uint8(struct cache_entry *centry, uint8 v)
726 centry_expand(centry, 1);
727 SCVAL(centry->data, centry->ofs, v);
732 push a string into a centry
734 static void centry_put_string(struct cache_entry *centry, const char *s)
739 /* null strings are marked as len 0xFFFF */
740 centry_put_uint8(centry, 0xFF);
745 /* can't handle more than 254 char strings. Truncating is probably best */
747 DEBUG(10,("centry_put_string: truncating len (%d) to: 254\n", len));
750 centry_put_uint8(centry, len);
751 centry_expand(centry, len);
752 memcpy(centry->data + centry->ofs, s, len);
757 push a 16 byte hash into a centry - treat as 16 byte string.
759 static void centry_put_hash16(struct cache_entry *centry, const uint8 val[16])
761 centry_put_uint8(centry, 16);
762 centry_expand(centry, 16);
763 memcpy(centry->data + centry->ofs, val, 16);
767 static void centry_put_sid(struct cache_entry *centry, const DOM_SID *sid)
770 centry_put_string(centry, sid_to_fstring(sid_string, sid));
775 put NTSTATUS into a centry
777 static void centry_put_ntstatus(struct cache_entry *centry, NTSTATUS status)
779 uint32 status_value = NT_STATUS_V(status);
780 centry_put_uint32(centry, status_value);
785 push a NTTIME into a centry
787 static void centry_put_nttime(struct cache_entry *centry, NTTIME nt)
789 centry_expand(centry, 8);
790 SIVAL(centry->data, centry->ofs, nt & 0xFFFFFFFF);
792 SIVAL(centry->data, centry->ofs, nt >> 32);
797 push a time_t into a centry - use a 64 bit size.
798 NTTIME here is being used as a convenient 64-bit size.
800 static void centry_put_time(struct cache_entry *centry, time_t t)
802 NTTIME nt = (NTTIME)t;
803 centry_put_nttime(centry, nt);
807 start a centry for output. When finished, call centry_end()
809 struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status)
811 struct cache_entry *centry;
816 centry = SMB_XMALLOC_P(struct cache_entry);
818 centry->len = 8192; /* reasonable default */
819 centry->data = SMB_XMALLOC_ARRAY(uint8, centry->len);
821 centry->sequence_number = domain->sequence_number;
822 centry_put_ntstatus(centry, status);
823 centry_put_uint32(centry, centry->sequence_number);
828 finish a centry and write it to the tdb
830 static void centry_end(struct cache_entry *centry, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
831 static void centry_end(struct cache_entry *centry, const char *format, ...)
841 va_start(ap, format);
842 smb_xvasprintf(&kstr, format, ap);
845 key = string_tdb_data(kstr);
846 data.dptr = centry->data;
847 data.dsize = centry->ofs;
849 tdb_store(wcache->tdb, key, data, TDB_REPLACE);
853 static void wcache_save_name_to_sid(struct winbindd_domain *domain,
854 NTSTATUS status, const char *domain_name,
855 const char *name, const DOM_SID *sid,
856 enum lsa_SidType type)
858 struct cache_entry *centry;
861 centry = centry_start(domain, status);
864 centry_put_uint32(centry, type);
865 centry_put_sid(centry, sid);
866 fstrcpy(uname, name);
868 centry_end(centry, "NS/%s/%s", domain_name, uname);
869 DEBUG(10,("wcache_save_name_to_sid: %s\\%s -> %s (%s)\n", domain_name,
870 uname, sid_string_dbg(sid), nt_errstr(status)));
874 static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS status,
875 const DOM_SID *sid, const char *domain_name, const char *name, enum lsa_SidType type)
877 struct cache_entry *centry;
880 centry = centry_start(domain, status);
884 if (NT_STATUS_IS_OK(status)) {
885 centry_put_uint32(centry, type);
886 centry_put_string(centry, domain_name);
887 centry_put_string(centry, name);
890 centry_end(centry, "SN/%s", sid_to_fstring(sid_string, sid));
891 DEBUG(10,("wcache_save_sid_to_name: %s -> %s (%s)\n", sid_string,
892 name, nt_errstr(status)));
897 static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WINBIND_USERINFO *info)
899 struct cache_entry *centry;
902 if (is_null_sid(&info->user_sid)) {
906 centry = centry_start(domain, status);
909 centry_put_string(centry, info->acct_name);
910 centry_put_string(centry, info->full_name);
911 centry_put_string(centry, info->homedir);
912 centry_put_string(centry, info->shell);
913 centry_put_uint32(centry, info->primary_gid);
914 centry_put_sid(centry, &info->user_sid);
915 centry_put_sid(centry, &info->group_sid);
916 centry_end(centry, "U/%s", sid_to_fstring(sid_string,
918 DEBUG(10,("wcache_save_user: %s (acct_name %s)\n", sid_string, info->acct_name));
922 static void wcache_save_lockout_policy(struct winbindd_domain *domain,
924 struct samr_DomInfo12 *lockout_policy)
926 struct cache_entry *centry;
928 centry = centry_start(domain, status);
932 centry_put_nttime(centry, lockout_policy->lockout_duration);
933 centry_put_nttime(centry, lockout_policy->lockout_window);
934 centry_put_uint16(centry, lockout_policy->lockout_threshold);
936 centry_end(centry, "LOC_POL/%s", domain->name);
938 DEBUG(10,("wcache_save_lockout_policy: %s\n", domain->name));
945 static void wcache_save_password_policy(struct winbindd_domain *domain,
947 struct samr_DomInfo1 *policy)
949 struct cache_entry *centry;
951 centry = centry_start(domain, status);
955 centry_put_uint16(centry, policy->min_password_length);
956 centry_put_uint16(centry, policy->password_history_length);
957 centry_put_uint32(centry, policy->password_properties);
958 centry_put_nttime(centry, policy->max_password_age);
959 centry_put_nttime(centry, policy->min_password_age);
961 centry_end(centry, "PWD_POL/%s", domain->name);
963 DEBUG(10,("wcache_save_password_policy: %s\n", domain->name));
968 /***************************************************************************
969 ***************************************************************************/
971 static void wcache_save_username_alias(struct winbindd_domain *domain,
973 const char *name, const char *alias)
975 struct cache_entry *centry;
978 if ( (centry = centry_start(domain, status)) == NULL )
981 centry_put_string( centry, alias );
983 fstrcpy(uname, name);
985 centry_end(centry, "NSS/NA/%s", uname);
987 DEBUG(10,("wcache_save_username_alias: %s -> %s\n", name, alias ));
992 static void wcache_save_alias_username(struct winbindd_domain *domain,
994 const char *alias, const char *name)
996 struct cache_entry *centry;
999 if ( (centry = centry_start(domain, status)) == NULL )
1002 centry_put_string( centry, name );
1004 fstrcpy(uname, alias);
1006 centry_end(centry, "NSS/AN/%s", uname);
1008 DEBUG(10,("wcache_save_alias_username: %s -> %s\n", alias, name ));
1010 centry_free(centry);
1013 /***************************************************************************
1014 ***************************************************************************/
1016 NTSTATUS resolve_username_to_alias( TALLOC_CTX *mem_ctx,
1017 struct winbindd_domain *domain,
1018 const char *name, char **alias )
1020 struct winbind_cache *cache = get_cache(domain);
1021 struct cache_entry *centry = NULL;
1025 if ( domain->internal )
1026 return NT_STATUS_NOT_SUPPORTED;
1031 if ( (upper_name = SMB_STRDUP(name)) == NULL )
1032 return NT_STATUS_NO_MEMORY;
1033 strupper_m(upper_name);
1035 centry = wcache_fetch(cache, domain, "NSS/NA/%s", upper_name);
1037 SAFE_FREE( upper_name );
1042 status = centry->status;
1044 if (!NT_STATUS_IS_OK(status)) {
1045 centry_free(centry);
1049 *alias = centry_string( centry, mem_ctx );
1051 centry_free(centry);
1053 DEBUG(10,("resolve_username_to_alias: [Cached] - mapped %s to %s\n",
1054 name, *alias ? *alias : "(none)"));
1056 return (*alias) ? NT_STATUS_OK : NT_STATUS_OBJECT_NAME_NOT_FOUND;
1060 /* If its not in cache and we are offline, then fail */
1062 if ( get_global_winbindd_state_offline() || !domain->online ) {
1063 DEBUG(8,("resolve_username_to_alias: rejecting query "
1064 "in offline mode\n"));
1065 return NT_STATUS_NOT_FOUND;
1068 status = nss_map_to_alias( mem_ctx, domain->name, name, alias );
1070 if ( NT_STATUS_IS_OK( status ) ) {
1071 wcache_save_username_alias(domain, status, name, *alias);
1074 if ( NT_STATUS_EQUAL( status, NT_STATUS_NONE_MAPPED ) ) {
1075 wcache_save_username_alias(domain, status, name, "(NULL)");
1078 DEBUG(5,("resolve_username_to_alias: backend query returned %s\n",
1079 nt_errstr(status)));
1081 if ( NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) ) {
1082 set_domain_offline( domain );
1088 /***************************************************************************
1089 ***************************************************************************/
1091 NTSTATUS resolve_alias_to_username( TALLOC_CTX *mem_ctx,
1092 struct winbindd_domain *domain,
1093 const char *alias, char **name )
1095 struct winbind_cache *cache = get_cache(domain);
1096 struct cache_entry *centry = NULL;
1100 if ( domain->internal )
1101 return NT_STATUS_NOT_SUPPORTED;
1106 if ( (upper_name = SMB_STRDUP(alias)) == NULL )
1107 return NT_STATUS_NO_MEMORY;
1108 strupper_m(upper_name);
1110 centry = wcache_fetch(cache, domain, "NSS/AN/%s", upper_name);
1112 SAFE_FREE( upper_name );
1117 status = centry->status;
1119 if (!NT_STATUS_IS_OK(status)) {
1120 centry_free(centry);
1124 *name = centry_string( centry, mem_ctx );
1126 centry_free(centry);
1128 DEBUG(10,("resolve_alias_to_username: [Cached] - mapped %s to %s\n",
1129 alias, *name ? *name : "(none)"));
1131 return (*name) ? NT_STATUS_OK : NT_STATUS_OBJECT_NAME_NOT_FOUND;
1135 /* If its not in cache and we are offline, then fail */
1137 if ( get_global_winbindd_state_offline() || !domain->online ) {
1138 DEBUG(8,("resolve_alias_to_username: rejecting query "
1139 "in offline mode\n"));
1140 return NT_STATUS_NOT_FOUND;
1143 /* an alias cannot contain a domain prefix or '@' */
1145 if (strchr(alias, '\\') || strchr(alias, '@')) {
1146 DEBUG(10,("resolve_alias_to_username: skipping fully "
1147 "qualified name %s\n", alias));
1148 return NT_STATUS_OBJECT_NAME_INVALID;
1151 status = nss_map_from_alias( mem_ctx, domain->name, alias, name );
1153 if ( NT_STATUS_IS_OK( status ) ) {
1154 wcache_save_alias_username( domain, status, alias, *name );
1157 if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
1158 wcache_save_alias_username(domain, status, alias, "(NULL)");
1161 DEBUG(5,("resolve_alias_to_username: backend query returned %s\n",
1162 nt_errstr(status)));
1164 if ( NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) ) {
1165 set_domain_offline( domain );
1171 NTSTATUS wcache_cached_creds_exist(struct winbindd_domain *domain, const DOM_SID *sid)
1173 struct winbind_cache *cache = get_cache(domain);
1175 fstring key_str, tmp;
1179 return NT_STATUS_INTERNAL_DB_ERROR;
1182 if (is_null_sid(sid)) {
1183 return NT_STATUS_INVALID_SID;
1186 if (!(sid_peek_rid(sid, &rid)) || (rid == 0)) {
1187 return NT_STATUS_INVALID_SID;
1190 fstr_sprintf(key_str, "CRED/%s", sid_to_fstring(tmp, sid));
1192 data = tdb_fetch(cache->tdb, string_tdb_data(key_str));
1194 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1197 SAFE_FREE(data.dptr);
1198 return NT_STATUS_OK;
1201 /* Lookup creds for a SID - copes with old (unsalted) creds as well
1202 as new salted ones. */
1204 NTSTATUS wcache_get_creds(struct winbindd_domain *domain,
1205 TALLOC_CTX *mem_ctx,
1207 const uint8 **cached_nt_pass,
1208 const uint8 **cached_salt)
1210 struct winbind_cache *cache = get_cache(domain);
1211 struct cache_entry *centry = NULL;
1218 return NT_STATUS_INTERNAL_DB_ERROR;
1221 if (is_null_sid(sid)) {
1222 return NT_STATUS_INVALID_SID;
1225 if (!(sid_peek_rid(sid, &rid)) || (rid == 0)) {
1226 return NT_STATUS_INVALID_SID;
1229 /* Try and get a salted cred first. If we can't
1230 fall back to an unsalted cred. */
1232 centry = wcache_fetch(cache, domain, "CRED/%s",
1233 sid_to_fstring(tmp, sid));
1235 DEBUG(10,("wcache_get_creds: entry for [CRED/%s] not found\n",
1236 sid_string_dbg(sid)));
1237 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1240 t = centry_time(centry);
1242 /* In the salted case this isn't actually the nt_hash itself,
1243 but the MD5 of the salt + nt_hash. Let the caller
1244 sort this out. It can tell as we only return the cached_salt
1245 if we are returning a salted cred. */
1247 *cached_nt_pass = (const uint8 *)centry_hash16(centry, mem_ctx);
1248 if (*cached_nt_pass == NULL) {
1251 sid_to_fstring(sidstr, sid);
1253 /* Bad (old) cred cache. Delete and pretend we
1255 DEBUG(0,("wcache_get_creds: bad entry for [CRED/%s] - deleting\n",
1257 wcache_delete("CRED/%s", sidstr);
1258 centry_free(centry);
1259 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1262 /* We only have 17 bytes more data in the salted cred case. */
1263 if (centry->len - centry->ofs == 17) {
1264 *cached_salt = (const uint8 *)centry_hash16(centry, mem_ctx);
1266 *cached_salt = NULL;
1269 dump_data_pw("cached_nt_pass", *cached_nt_pass, NT_HASH_LEN);
1271 dump_data_pw("cached_salt", *cached_salt, NT_HASH_LEN);
1274 status = centry->status;
1276 DEBUG(10,("wcache_get_creds: [Cached] - cached creds for user %s status: %s\n",
1277 sid_string_dbg(sid), nt_errstr(status) ));
1279 centry_free(centry);
1283 /* Store creds for a SID - only writes out new salted ones. */
1285 NTSTATUS wcache_save_creds(struct winbindd_domain *domain,
1286 TALLOC_CTX *mem_ctx,
1288 const uint8 nt_pass[NT_HASH_LEN])
1290 struct cache_entry *centry;
1293 uint8 cred_salt[NT_HASH_LEN];
1294 uint8 salted_hash[NT_HASH_LEN];
1296 if (is_null_sid(sid)) {
1297 return NT_STATUS_INVALID_SID;
1300 if (!(sid_peek_rid(sid, &rid)) || (rid == 0)) {
1301 return NT_STATUS_INVALID_SID;
1304 centry = centry_start(domain, NT_STATUS_OK);
1306 return NT_STATUS_INTERNAL_DB_ERROR;
1309 dump_data_pw("nt_pass", nt_pass, NT_HASH_LEN);
1311 centry_put_time(centry, time(NULL));
1313 /* Create a salt and then salt the hash. */
1314 generate_random_buffer(cred_salt, NT_HASH_LEN);
1315 E_md5hash(cred_salt, nt_pass, salted_hash);
1317 centry_put_hash16(centry, salted_hash);
1318 centry_put_hash16(centry, cred_salt);
1319 centry_end(centry, "CRED/%s", sid_to_fstring(sid_string, sid));
1321 DEBUG(10,("wcache_save_creds: %s\n", sid_string));
1323 centry_free(centry);
1325 return NT_STATUS_OK;
1329 /* Query display info. This is the basic user list fn */
1330 static NTSTATUS query_user_list(struct winbindd_domain *domain,
1331 TALLOC_CTX *mem_ctx,
1332 uint32 *num_entries,
1333 WINBIND_USERINFO **info)
1335 struct winbind_cache *cache = get_cache(domain);
1336 struct cache_entry *centry = NULL;
1338 unsigned int i, retry;
1343 centry = wcache_fetch(cache, domain, "UL/%s", domain->name);
1347 *num_entries = centry_uint32(centry);
1349 if (*num_entries == 0)
1352 (*info) = TALLOC_ARRAY(mem_ctx, WINBIND_USERINFO, *num_entries);
1354 smb_panic_fn("query_user_list out of memory");
1356 for (i=0; i<(*num_entries); i++) {
1357 (*info)[i].acct_name = centry_string(centry, mem_ctx);
1358 (*info)[i].full_name = centry_string(centry, mem_ctx);
1359 (*info)[i].homedir = centry_string(centry, mem_ctx);
1360 (*info)[i].shell = centry_string(centry, mem_ctx);
1361 centry_sid(centry, mem_ctx, &(*info)[i].user_sid);
1362 centry_sid(centry, mem_ctx, &(*info)[i].group_sid);
1366 status = centry->status;
1368 DEBUG(10,("query_user_list: [Cached] - cached list for domain %s status: %s\n",
1369 domain->name, nt_errstr(status) ));
1371 centry_free(centry);
1378 /* Return status value returned by seq number check */
1380 if (!NT_STATUS_IS_OK(domain->last_status))
1381 return domain->last_status;
1383 /* Put the query_user_list() in a retry loop. There appears to be
1384 * some bug either with Windows 2000 or Samba's handling of large
1385 * rpc replies. This manifests itself as sudden disconnection
1386 * at a random point in the enumeration of a large (60k) user list.
1387 * The retry loop simply tries the operation again. )-: It's not
1388 * pretty but an acceptable workaround until we work out what the
1389 * real problem is. */
1394 DEBUG(10,("query_user_list: [Cached] - doing backend query for list for domain %s\n",
1397 status = domain->backend->query_user_list(domain, mem_ctx, num_entries, info);
1398 if (!NT_STATUS_IS_OK(status)) {
1399 DEBUG(3, ("query_user_list: returned 0x%08x, "
1400 "retrying\n", NT_STATUS_V(status)));
1402 if (NT_STATUS_EQUAL(status, NT_STATUS_UNSUCCESSFUL)) {
1403 DEBUG(3, ("query_user_list: flushing "
1404 "connection cache\n"));
1405 invalidate_cm_connection(&domain->conn);
1408 } while (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) &&
1412 refresh_sequence_number(domain, false);
1413 centry = centry_start(domain, status);
1416 centry_put_uint32(centry, *num_entries);
1417 for (i=0; i<(*num_entries); i++) {
1418 centry_put_string(centry, (*info)[i].acct_name);
1419 centry_put_string(centry, (*info)[i].full_name);
1420 centry_put_string(centry, (*info)[i].homedir);
1421 centry_put_string(centry, (*info)[i].shell);
1422 centry_put_sid(centry, &(*info)[i].user_sid);
1423 centry_put_sid(centry, &(*info)[i].group_sid);
1424 if (domain->backend && domain->backend->consistent) {
1425 /* when the backend is consistent we can pre-prime some mappings */
1426 wcache_save_name_to_sid(domain, NT_STATUS_OK,
1428 (*info)[i].acct_name,
1429 &(*info)[i].user_sid,
1431 wcache_save_sid_to_name(domain, NT_STATUS_OK,
1432 &(*info)[i].user_sid,
1434 (*info)[i].acct_name,
1436 wcache_save_user(domain, NT_STATUS_OK, &(*info)[i]);
1439 centry_end(centry, "UL/%s", domain->name);
1440 centry_free(centry);
1446 /* list all domain groups */
1447 static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
1448 TALLOC_CTX *mem_ctx,
1449 uint32 *num_entries,
1450 struct acct_info **info)
1452 struct winbind_cache *cache = get_cache(domain);
1453 struct cache_entry *centry = NULL;
1460 centry = wcache_fetch(cache, domain, "GL/%s/domain", domain->name);
1464 *num_entries = centry_uint32(centry);
1466 if (*num_entries == 0)
1469 (*info) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_entries);
1471 smb_panic_fn("enum_dom_groups out of memory");
1473 for (i=0; i<(*num_entries); i++) {
1474 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
1475 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
1476 (*info)[i].rid = centry_uint32(centry);
1480 status = centry->status;
1482 DEBUG(10,("enum_dom_groups: [Cached] - cached list for domain %s status: %s\n",
1483 domain->name, nt_errstr(status) ));
1485 centry_free(centry);
1492 /* Return status value returned by seq number check */
1494 if (!NT_STATUS_IS_OK(domain->last_status))
1495 return domain->last_status;
1497 DEBUG(10,("enum_dom_groups: [Cached] - doing backend query for list for domain %s\n",
1500 status = domain->backend->enum_dom_groups(domain, mem_ctx, num_entries, info);
1503 refresh_sequence_number(domain, false);
1504 centry = centry_start(domain, status);
1507 centry_put_uint32(centry, *num_entries);
1508 for (i=0; i<(*num_entries); i++) {
1509 centry_put_string(centry, (*info)[i].acct_name);
1510 centry_put_string(centry, (*info)[i].acct_desc);
1511 centry_put_uint32(centry, (*info)[i].rid);
1513 centry_end(centry, "GL/%s/domain", domain->name);
1514 centry_free(centry);
1520 /* list all domain groups */
1521 static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
1522 TALLOC_CTX *mem_ctx,
1523 uint32 *num_entries,
1524 struct acct_info **info)
1526 struct winbind_cache *cache = get_cache(domain);
1527 struct cache_entry *centry = NULL;
1534 centry = wcache_fetch(cache, domain, "GL/%s/local", domain->name);
1538 *num_entries = centry_uint32(centry);
1540 if (*num_entries == 0)
1543 (*info) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_entries);
1545 smb_panic_fn("enum_dom_groups out of memory");
1547 for (i=0; i<(*num_entries); i++) {
1548 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
1549 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
1550 (*info)[i].rid = centry_uint32(centry);
1555 /* If we are returning cached data and the domain controller
1556 is down then we don't know whether the data is up to date
1557 or not. Return NT_STATUS_MORE_PROCESSING_REQUIRED to
1560 if (wcache_server_down(domain)) {
1561 DEBUG(10, ("enum_local_groups: returning cached user list and server was down\n"));
1562 status = NT_STATUS_MORE_PROCESSING_REQUIRED;
1564 status = centry->status;
1566 DEBUG(10,("enum_local_groups: [Cached] - cached list for domain %s status: %s\n",
1567 domain->name, nt_errstr(status) ));
1569 centry_free(centry);
1576 /* Return status value returned by seq number check */
1578 if (!NT_STATUS_IS_OK(domain->last_status))
1579 return domain->last_status;
1581 DEBUG(10,("enum_local_groups: [Cached] - doing backend query for list for domain %s\n",
1584 status = domain->backend->enum_local_groups(domain, mem_ctx, num_entries, info);
1587 refresh_sequence_number(domain, false);
1588 centry = centry_start(domain, status);
1591 centry_put_uint32(centry, *num_entries);
1592 for (i=0; i<(*num_entries); i++) {
1593 centry_put_string(centry, (*info)[i].acct_name);
1594 centry_put_string(centry, (*info)[i].acct_desc);
1595 centry_put_uint32(centry, (*info)[i].rid);
1597 centry_end(centry, "GL/%s/local", domain->name);
1598 centry_free(centry);
1604 /* convert a single name to a sid in a domain */
1605 static NTSTATUS name_to_sid(struct winbindd_domain *domain,
1606 TALLOC_CTX *mem_ctx,
1607 enum winbindd_cmd orig_cmd,
1608 const char *domain_name,
1611 enum lsa_SidType *type)
1613 struct winbind_cache *cache = get_cache(domain);
1614 struct cache_entry *centry = NULL;
1621 fstrcpy(uname, name);
1623 centry = wcache_fetch(cache, domain, "NS/%s/%s", domain_name, uname);
1627 status = centry->status;
1628 if (NT_STATUS_IS_OK(status)) {
1629 *type = (enum lsa_SidType)centry_uint32(centry);
1630 centry_sid(centry, mem_ctx, sid);
1633 DEBUG(10,("name_to_sid: [Cached] - cached name for domain %s status: %s\n",
1634 domain->name, nt_errstr(status) ));
1636 centry_free(centry);
1642 /* If the seq number check indicated that there is a problem
1643 * with this DC, then return that status... except for
1644 * access_denied. This is special because the dc may be in
1645 * "restrict anonymous = 1" mode, in which case it will deny
1646 * most unauthenticated operations, but *will* allow the LSA
1647 * name-to-sid that we try as a fallback. */
1649 if (!(NT_STATUS_IS_OK(domain->last_status)
1650 || NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)))
1651 return domain->last_status;
1653 DEBUG(10,("name_to_sid: [Cached] - doing backend query for name for domain %s\n",
1656 status = domain->backend->name_to_sid(domain, mem_ctx, orig_cmd,
1657 domain_name, name, sid, type);
1660 refresh_sequence_number(domain, false);
1662 if (domain->online &&
1663 (NT_STATUS_IS_OK(status) || NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED))) {
1664 wcache_save_name_to_sid(domain, status, domain_name, name, sid, *type);
1666 /* Only save the reverse mapping if this was not a UPN */
1667 if (!strchr(name, '@')) {
1668 strupper_m(CONST_DISCARD(char *,domain_name));
1669 strlower_m(CONST_DISCARD(char *,name));
1670 wcache_save_sid_to_name(domain, status, sid, domain_name, name, *type);
1677 /* convert a sid to a user or group name. The sid is guaranteed to be in the domain
1679 static NTSTATUS sid_to_name(struct winbindd_domain *domain,
1680 TALLOC_CTX *mem_ctx,
1684 enum lsa_SidType *type)
1686 struct winbind_cache *cache = get_cache(domain);
1687 struct cache_entry *centry = NULL;
1694 centry = wcache_fetch(cache, domain, "SN/%s",
1695 sid_to_fstring(sid_string, sid));
1699 status = centry->status;
1700 if (NT_STATUS_IS_OK(status)) {
1701 *type = (enum lsa_SidType)centry_uint32(centry);
1702 *domain_name = centry_string(centry, mem_ctx);
1703 *name = centry_string(centry, mem_ctx);
1706 DEBUG(10,("sid_to_name: [Cached] - cached name for domain %s status: %s\n",
1707 domain->name, nt_errstr(status) ));
1709 centry_free(centry);
1714 *domain_name = NULL;
1716 /* If the seq number check indicated that there is a problem
1717 * with this DC, then return that status... except for
1718 * access_denied. This is special because the dc may be in
1719 * "restrict anonymous = 1" mode, in which case it will deny
1720 * most unauthenticated operations, but *will* allow the LSA
1721 * sid-to-name that we try as a fallback. */
1723 if (!(NT_STATUS_IS_OK(domain->last_status)
1724 || NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)))
1725 return domain->last_status;
1727 DEBUG(10,("sid_to_name: [Cached] - doing backend query for name for domain %s\n",
1730 status = domain->backend->sid_to_name(domain, mem_ctx, sid, domain_name, name, type);
1733 refresh_sequence_number(domain, false);
1734 wcache_save_sid_to_name(domain, status, sid, *domain_name, *name, *type);
1736 /* We can't save the name to sid mapping here, as with sid history a
1737 * later name2sid would give the wrong sid. */
1742 static NTSTATUS rids_to_names(struct winbindd_domain *domain,
1743 TALLOC_CTX *mem_ctx,
1744 const DOM_SID *domain_sid,
1749 enum lsa_SidType **types)
1751 struct winbind_cache *cache = get_cache(domain);
1753 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1757 *domain_name = NULL;
1765 if (num_rids == 0) {
1766 return NT_STATUS_OK;
1769 *names = TALLOC_ARRAY(mem_ctx, char *, num_rids);
1770 *types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_rids);
1772 if ((*names == NULL) || (*types == NULL)) {
1773 result = NT_STATUS_NO_MEMORY;
1777 have_mapped = have_unmapped = false;
1779 for (i=0; i<num_rids; i++) {
1781 struct cache_entry *centry;
1784 if (!sid_compose(&sid, domain_sid, rids[i])) {
1785 result = NT_STATUS_INTERNAL_ERROR;
1789 centry = wcache_fetch(cache, domain, "SN/%s",
1790 sid_to_fstring(tmp, &sid));
1795 (*types)[i] = SID_NAME_UNKNOWN;
1796 (*names)[i] = talloc_strdup(*names, "");
1798 if (NT_STATUS_IS_OK(centry->status)) {
1801 (*types)[i] = (enum lsa_SidType)centry_uint32(centry);
1803 dom = centry_string(centry, mem_ctx);
1804 if (*domain_name == NULL) {
1810 (*names)[i] = centry_string(centry, *names);
1812 } else if (NT_STATUS_EQUAL(centry->status, NT_STATUS_NONE_MAPPED)) {
1813 have_unmapped = true;
1816 /* something's definitely wrong */
1817 result = centry->status;
1821 centry_free(centry);
1825 return NT_STATUS_NONE_MAPPED;
1827 if (!have_unmapped) {
1828 return NT_STATUS_OK;
1830 return STATUS_SOME_UNMAPPED;
1834 TALLOC_FREE(*names);
1835 TALLOC_FREE(*types);
1837 result = domain->backend->rids_to_names(domain, mem_ctx, domain_sid,
1838 rids, num_rids, domain_name,
1842 None of the queried rids has been found so save all negative entries
1844 if (NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED)) {
1845 for (i = 0; i < num_rids; i++) {
1847 const char *name = "";
1848 const enum lsa_SidType type = SID_NAME_UNKNOWN;
1849 NTSTATUS status = NT_STATUS_NONE_MAPPED;
1851 if (!sid_compose(&sid, domain_sid, rids[i])) {
1852 return NT_STATUS_INTERNAL_ERROR;
1855 wcache_save_sid_to_name(domain, status, &sid, *domain_name,
1863 Some or all of the queried rids have been found.
1865 if (!NT_STATUS_IS_OK(result) &&
1866 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
1870 refresh_sequence_number(domain, false);
1872 for (i=0; i<num_rids; i++) {
1876 if (!sid_compose(&sid, domain_sid, rids[i])) {
1877 result = NT_STATUS_INTERNAL_ERROR;
1881 status = (*types)[i] == SID_NAME_UNKNOWN ?
1882 NT_STATUS_NONE_MAPPED : NT_STATUS_OK;
1884 wcache_save_sid_to_name(domain, status, &sid, *domain_name,
1885 (*names)[i], (*types)[i]);
1892 TALLOC_FREE(*names);
1893 TALLOC_FREE(*types);
1897 /* Lookup user information from a rid */
1898 static NTSTATUS query_user(struct winbindd_domain *domain,
1899 TALLOC_CTX *mem_ctx,
1900 const DOM_SID *user_sid,
1901 WINBIND_USERINFO *info)
1903 struct winbind_cache *cache = get_cache(domain);
1904 struct cache_entry *centry = NULL;
1911 centry = wcache_fetch(cache, domain, "U/%s",
1912 sid_to_fstring(tmp, user_sid));
1914 /* If we have an access denied cache entry and a cached info3 in the
1915 samlogon cache then do a query. This will force the rpc back end
1916 to return the info3 data. */
1918 if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
1919 netsamlogon_cache_have(user_sid)) {
1920 DEBUG(10, ("query_user: cached access denied and have cached info3\n"));
1921 domain->last_status = NT_STATUS_OK;
1922 centry_free(centry);
1929 /* if status is not ok then this is a negative hit
1930 and the rest of the data doesn't matter */
1931 status = centry->status;
1932 if (NT_STATUS_IS_OK(status)) {
1933 info->acct_name = centry_string(centry, mem_ctx);
1934 info->full_name = centry_string(centry, mem_ctx);
1935 info->homedir = centry_string(centry, mem_ctx);
1936 info->shell = centry_string(centry, mem_ctx);
1937 info->primary_gid = centry_uint32(centry);
1938 centry_sid(centry, mem_ctx, &info->user_sid);
1939 centry_sid(centry, mem_ctx, &info->group_sid);
1942 DEBUG(10,("query_user: [Cached] - cached info for domain %s status: %s\n",
1943 domain->name, nt_errstr(status) ));
1945 centry_free(centry);
1951 /* Return status value returned by seq number check */
1953 if (!NT_STATUS_IS_OK(domain->last_status))
1954 return domain->last_status;
1956 DEBUG(10,("query_user: [Cached] - doing backend query for info for domain %s\n",
1959 status = domain->backend->query_user(domain, mem_ctx, user_sid, info);
1962 refresh_sequence_number(domain, false);
1963 wcache_save_user(domain, status, info);
1969 /* Lookup groups a user is a member of. */
1970 static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
1971 TALLOC_CTX *mem_ctx,
1972 const DOM_SID *user_sid,
1973 uint32 *num_groups, DOM_SID **user_gids)
1975 struct winbind_cache *cache = get_cache(domain);
1976 struct cache_entry *centry = NULL;
1984 centry = wcache_fetch(cache, domain, "UG/%s",
1985 sid_to_fstring(sid_string, user_sid));
1987 /* If we have an access denied cache entry and a cached info3 in the
1988 samlogon cache then do a query. This will force the rpc back end
1989 to return the info3 data. */
1991 if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
1992 netsamlogon_cache_have(user_sid)) {
1993 DEBUG(10, ("lookup_usergroups: cached access denied and have cached info3\n"));
1994 domain->last_status = NT_STATUS_OK;
1995 centry_free(centry);
2002 *num_groups = centry_uint32(centry);
2004 if (*num_groups == 0)
2007 (*user_gids) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_groups);
2008 if (! (*user_gids)) {
2009 smb_panic_fn("lookup_usergroups out of memory");
2011 for (i=0; i<(*num_groups); i++) {
2012 centry_sid(centry, mem_ctx, &(*user_gids)[i]);
2016 status = centry->status;
2018 DEBUG(10,("lookup_usergroups: [Cached] - cached info for domain %s status: %s\n",
2019 domain->name, nt_errstr(status) ));
2021 centry_free(centry);
2026 (*user_gids) = NULL;
2028 /* Return status value returned by seq number check */
2030 if (!NT_STATUS_IS_OK(domain->last_status))
2031 return domain->last_status;
2033 DEBUG(10,("lookup_usergroups: [Cached] - doing backend query for info for domain %s\n",
2036 status = domain->backend->lookup_usergroups(domain, mem_ctx, user_sid, num_groups, user_gids);
2038 if ( NT_STATUS_EQUAL(status, NT_STATUS_SYNCHRONIZATION_REQUIRED) )
2042 refresh_sequence_number(domain, false);
2043 centry = centry_start(domain, status);
2047 centry_put_uint32(centry, *num_groups);
2048 for (i=0; i<(*num_groups); i++) {
2049 centry_put_sid(centry, &(*user_gids)[i]);
2052 centry_end(centry, "UG/%s", sid_to_fstring(sid_string, user_sid));
2053 centry_free(centry);
2059 static NTSTATUS lookup_useraliases(struct winbindd_domain *domain,
2060 TALLOC_CTX *mem_ctx,
2061 uint32 num_sids, const DOM_SID *sids,
2062 uint32 *num_aliases, uint32 **alias_rids)
2064 struct winbind_cache *cache = get_cache(domain);
2065 struct cache_entry *centry = NULL;
2067 char *sidlist = talloc_strdup(mem_ctx, "");
2073 if (num_sids == 0) {
2076 return NT_STATUS_OK;
2079 /* We need to cache indexed by the whole list of SIDs, the aliases
2080 * resulting might come from any of the SIDs. */
2082 for (i=0; i<num_sids; i++) {
2084 sidlist = talloc_asprintf(mem_ctx, "%s/%s", sidlist,
2085 sid_to_fstring(tmp, &sids[i]));
2086 if (sidlist == NULL)
2087 return NT_STATUS_NO_MEMORY;
2090 centry = wcache_fetch(cache, domain, "UA%s", sidlist);
2095 *num_aliases = centry_uint32(centry);
2099 (*alias_rids) = TALLOC_ARRAY(mem_ctx, uint32, *num_aliases);
2101 if ((*alias_rids) == NULL) {
2102 centry_free(centry);
2103 return NT_STATUS_NO_MEMORY;
2106 (*alias_rids) = NULL;
2109 for (i=0; i<(*num_aliases); i++)
2110 (*alias_rids)[i] = centry_uint32(centry);
2112 status = centry->status;
2114 DEBUG(10,("lookup_useraliases: [Cached] - cached info for domain: %s "
2115 "status %s\n", domain->name, nt_errstr(status)));
2117 centry_free(centry);
2122 (*alias_rids) = NULL;
2124 if (!NT_STATUS_IS_OK(domain->last_status))
2125 return domain->last_status;
2127 DEBUG(10,("lookup_usergroups: [Cached] - doing backend query for info "
2128 "for domain %s\n", domain->name ));
2130 status = domain->backend->lookup_useraliases(domain, mem_ctx,
2132 num_aliases, alias_rids);
2135 refresh_sequence_number(domain, false);
2136 centry = centry_start(domain, status);
2139 centry_put_uint32(centry, *num_aliases);
2140 for (i=0; i<(*num_aliases); i++)
2141 centry_put_uint32(centry, (*alias_rids)[i]);
2142 centry_end(centry, "UA%s", sidlist);
2143 centry_free(centry);
2150 static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
2151 TALLOC_CTX *mem_ctx,
2152 const DOM_SID *group_sid, uint32 *num_names,
2153 DOM_SID **sid_mem, char ***names,
2154 uint32 **name_types)
2156 struct winbind_cache *cache = get_cache(domain);
2157 struct cache_entry *centry = NULL;
2165 centry = wcache_fetch(cache, domain, "GM/%s",
2166 sid_to_fstring(sid_string, group_sid));
2170 *num_names = centry_uint32(centry);
2172 if (*num_names == 0)
2175 (*sid_mem) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_names);
2176 (*names) = TALLOC_ARRAY(mem_ctx, char *, *num_names);
2177 (*name_types) = TALLOC_ARRAY(mem_ctx, uint32, *num_names);
2179 if (! (*sid_mem) || ! (*names) || ! (*name_types)) {
2180 smb_panic_fn("lookup_groupmem out of memory");
2183 for (i=0; i<(*num_names); i++) {
2184 centry_sid(centry, mem_ctx, &(*sid_mem)[i]);
2185 (*names)[i] = centry_string(centry, mem_ctx);
2186 (*name_types)[i] = centry_uint32(centry);
2190 status = centry->status;
2192 DEBUG(10,("lookup_groupmem: [Cached] - cached info for domain %s status: %s\n",
2193 domain->name, nt_errstr(status)));
2195 centry_free(centry);
2202 (*name_types) = NULL;
2204 /* Return status value returned by seq number check */
2206 if (!NT_STATUS_IS_OK(domain->last_status))
2207 return domain->last_status;
2209 DEBUG(10,("lookup_groupmem: [Cached] - doing backend query for info for domain %s\n",
2212 status = domain->backend->lookup_groupmem(domain, mem_ctx, group_sid, num_names,
2213 sid_mem, names, name_types);
2216 refresh_sequence_number(domain, false);
2217 centry = centry_start(domain, status);
2220 centry_put_uint32(centry, *num_names);
2221 for (i=0; i<(*num_names); i++) {
2222 centry_put_sid(centry, &(*sid_mem)[i]);
2223 centry_put_string(centry, (*names)[i]);
2224 centry_put_uint32(centry, (*name_types)[i]);
2226 centry_end(centry, "GM/%s", sid_to_fstring(sid_string, group_sid));
2227 centry_free(centry);
2233 /* find the sequence number for a domain */
2234 static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
2236 refresh_sequence_number(domain, false);
2238 *seq = domain->sequence_number;
2240 return NT_STATUS_OK;
2243 /* enumerate trusted domains
2244 * (we need to have the list of trustdoms in the cache when we go offline) -
2246 static NTSTATUS trusted_domains(struct winbindd_domain *domain,
2247 TALLOC_CTX *mem_ctx,
2248 uint32 *num_domains,
2253 struct winbind_cache *cache = get_cache(domain);
2254 struct cache_entry *centry = NULL;
2261 centry = wcache_fetch(cache, domain, "TRUSTDOMS/%s", domain->name);
2267 *num_domains = centry_uint32(centry);
2270 (*names) = TALLOC_ARRAY(mem_ctx, char *, *num_domains);
2271 (*alt_names) = TALLOC_ARRAY(mem_ctx, char *, *num_domains);
2272 (*dom_sids) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_domains);
2274 if (! (*dom_sids) || ! (*names) || ! (*alt_names)) {
2275 smb_panic_fn("trusted_domains out of memory");
2279 (*alt_names) = NULL;
2283 for (i=0; i<(*num_domains); i++) {
2284 (*names)[i] = centry_string(centry, mem_ctx);
2285 (*alt_names)[i] = centry_string(centry, mem_ctx);
2286 if (!centry_sid(centry, mem_ctx, &(*dom_sids)[i])) {
2287 sid_copy(&(*dom_sids)[i], &global_sid_NULL);
2291 status = centry->status;
2293 DEBUG(10,("trusted_domains: [Cached] - cached info for domain %s (%d trusts) status: %s\n",
2294 domain->name, *num_domains, nt_errstr(status) ));
2296 centry_free(centry);
2303 (*alt_names) = NULL;
2305 /* Return status value returned by seq number check */
2307 if (!NT_STATUS_IS_OK(domain->last_status))
2308 return domain->last_status;
2310 DEBUG(10,("trusted_domains: [Cached] - doing backend query for info for domain %s\n",
2313 status = domain->backend->trusted_domains(domain, mem_ctx, num_domains,
2314 names, alt_names, dom_sids);
2316 /* no trusts gives NT_STATUS_NO_MORE_ENTRIES resetting to NT_STATUS_OK
2317 * so that the generic centry handling still applies correctly -
2320 if (!NT_STATUS_IS_ERR(status)) {
2321 status = NT_STATUS_OK;
2325 #if 0 /* Disabled as we want the trust dom list to be managed by
2326 the main parent and always to make the query. --jerry */
2329 refresh_sequence_number(domain, false);
2331 centry = centry_start(domain, status);
2335 centry_put_uint32(centry, *num_domains);
2337 for (i=0; i<(*num_domains); i++) {
2338 centry_put_string(centry, (*names)[i]);
2339 centry_put_string(centry, (*alt_names)[i]);
2340 centry_put_sid(centry, &(*dom_sids)[i]);
2343 centry_end(centry, "TRUSTDOMS/%s", domain->name);
2345 centry_free(centry);
2353 /* get lockout policy */
2354 static NTSTATUS lockout_policy(struct winbindd_domain *domain,
2355 TALLOC_CTX *mem_ctx,
2356 struct samr_DomInfo12 *policy)
2358 struct winbind_cache *cache = get_cache(domain);
2359 struct cache_entry *centry = NULL;
2365 centry = wcache_fetch(cache, domain, "LOC_POL/%s", domain->name);
2370 policy->lockout_duration = centry_nttime(centry);
2371 policy->lockout_window = centry_nttime(centry);
2372 policy->lockout_threshold = centry_uint16(centry);
2374 status = centry->status;
2376 DEBUG(10,("lockout_policy: [Cached] - cached info for domain %s status: %s\n",
2377 domain->name, nt_errstr(status) ));
2379 centry_free(centry);
2383 ZERO_STRUCTP(policy);
2385 /* Return status value returned by seq number check */
2387 if (!NT_STATUS_IS_OK(domain->last_status))
2388 return domain->last_status;
2390 DEBUG(10,("lockout_policy: [Cached] - doing backend query for info for domain %s\n",
2393 status = domain->backend->lockout_policy(domain, mem_ctx, policy);
2396 refresh_sequence_number(domain, false);
2397 wcache_save_lockout_policy(domain, status, policy);
2402 /* get password policy */
2403 static NTSTATUS password_policy(struct winbindd_domain *domain,
2404 TALLOC_CTX *mem_ctx,
2405 struct samr_DomInfo1 *policy)
2407 struct winbind_cache *cache = get_cache(domain);
2408 struct cache_entry *centry = NULL;
2414 centry = wcache_fetch(cache, domain, "PWD_POL/%s", domain->name);
2419 policy->min_password_length = centry_uint16(centry);
2420 policy->password_history_length = centry_uint16(centry);
2421 policy->password_properties = centry_uint32(centry);
2422 policy->max_password_age = centry_nttime(centry);
2423 policy->min_password_age = centry_nttime(centry);
2425 status = centry->status;
2427 DEBUG(10,("lockout_policy: [Cached] - cached info for domain %s status: %s\n",
2428 domain->name, nt_errstr(status) ));
2430 centry_free(centry);
2434 ZERO_STRUCTP(policy);
2436 /* Return status value returned by seq number check */
2438 if (!NT_STATUS_IS_OK(domain->last_status))
2439 return domain->last_status;
2441 DEBUG(10,("password_policy: [Cached] - doing backend query for info for domain %s\n",
2444 status = domain->backend->password_policy(domain, mem_ctx, policy);
2447 refresh_sequence_number(domain, false);
2448 if (NT_STATUS_IS_OK(status)) {
2449 wcache_save_password_policy(domain, status, policy);
2456 /* Invalidate cached user and group lists coherently */
2458 static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
2461 if (strncmp((const char *)kbuf.dptr, "UL/", 3) == 0 ||
2462 strncmp((const char *)kbuf.dptr, "GL/", 3) == 0)
2463 tdb_delete(the_tdb, kbuf);
2468 /* Invalidate the getpwnam and getgroups entries for a winbindd domain */
2470 void wcache_invalidate_samlogon(struct winbindd_domain *domain,
2471 struct netr_SamInfo3 *info3)
2474 fstring key_str, sid_string;
2475 struct winbind_cache *cache;
2477 /* dont clear cached U/SID and UG/SID entries when we want to logon
2480 if (lp_winbind_offline_logon()) {
2487 cache = get_cache(domain);
2493 sid_copy(&sid, info3->base.domain_sid);
2494 sid_append_rid(&sid, info3->base.rid);
2496 /* Clear U/SID cache entry */
2497 fstr_sprintf(key_str, "U/%s", sid_to_fstring(sid_string, &sid));
2498 DEBUG(10, ("wcache_invalidate_samlogon: clearing %s\n", key_str));
2499 tdb_delete(cache->tdb, string_tdb_data(key_str));
2501 /* Clear UG/SID cache entry */
2502 fstr_sprintf(key_str, "UG/%s", sid_to_fstring(sid_string, &sid));
2503 DEBUG(10, ("wcache_invalidate_samlogon: clearing %s\n", key_str));
2504 tdb_delete(cache->tdb, string_tdb_data(key_str));
2506 /* Samba/winbindd never needs this. */
2507 netsamlogon_clear_cached_user(info3);
2510 bool wcache_invalidate_cache(void)
2512 struct winbindd_domain *domain;
2514 for (domain = domain_list(); domain; domain = domain->next) {
2515 struct winbind_cache *cache = get_cache(domain);
2517 DEBUG(10, ("wcache_invalidate_cache: invalidating cache "
2518 "entries for %s\n", domain->name));
2521 tdb_traverse(cache->tdb, traverse_fn, NULL);
2530 bool init_wcache(void)
2532 if (wcache == NULL) {
2533 wcache = SMB_XMALLOC_P(struct winbind_cache);
2534 ZERO_STRUCTP(wcache);
2537 if (wcache->tdb != NULL)
2540 /* when working offline we must not clear the cache on restart */
2541 wcache->tdb = tdb_open_log(cache_path("winbindd_cache.tdb"),
2542 WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
2543 lp_winbind_offline_logon() ? TDB_DEFAULT : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST),
2544 O_RDWR|O_CREAT, 0600);
2546 if (wcache->tdb == NULL) {
2547 DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
2554 /************************************************************************
2555 This is called by the parent to initialize the cache file.
2556 We don't need sophisticated locking here as we know we're the
2558 ************************************************************************/
2560 bool initialize_winbindd_cache(void)
2562 bool cache_bad = true;
2565 if (!init_wcache()) {
2566 DEBUG(0,("initialize_winbindd_cache: init_wcache failed.\n"));
2570 /* Check version number. */
2571 if (tdb_fetch_uint32(wcache->tdb, WINBINDD_CACHE_VERSION_KEYSTR, &vers) &&
2572 vers == WINBINDD_CACHE_VERSION) {
2577 DEBUG(0,("initialize_winbindd_cache: clearing cache "
2578 "and re-creating with version number %d\n",
2579 WINBINDD_CACHE_VERSION ));
2581 tdb_close(wcache->tdb);
2584 if (unlink(cache_path("winbindd_cache.tdb")) == -1) {
2585 DEBUG(0,("initialize_winbindd_cache: unlink %s failed %s ",
2586 cache_path("winbindd_cache.tdb"),
2590 if (!init_wcache()) {
2591 DEBUG(0,("initialize_winbindd_cache: re-initialization "
2592 "init_wcache failed.\n"));
2596 /* Write the version. */
2597 if (!tdb_store_uint32(wcache->tdb, WINBINDD_CACHE_VERSION_KEYSTR, WINBINDD_CACHE_VERSION)) {
2598 DEBUG(0,("initialize_winbindd_cache: version number store failed %s\n",
2599 tdb_errorstr(wcache->tdb) ));
2604 tdb_close(wcache->tdb);
2609 void close_winbindd_cache(void)
2615 tdb_close(wcache->tdb);
2620 void cache_store_response(pid_t pid, struct winbindd_response *response)
2627 DEBUG(10, ("Storing response for pid %d, len %d\n",
2628 pid, response->length));
2630 fstr_sprintf(key_str, "DR/%d", pid);
2631 if (tdb_store(wcache->tdb, string_tdb_data(key_str),
2632 make_tdb_data((uint8 *)response, sizeof(*response)),
2636 if (response->length == sizeof(*response))
2639 /* There's extra data */
2641 DEBUG(10, ("Storing extra data: len=%d\n",
2642 (int)(response->length - sizeof(*response))));
2644 fstr_sprintf(key_str, "DE/%d", pid);
2645 if (tdb_store(wcache->tdb, string_tdb_data(key_str),
2646 make_tdb_data((uint8 *)response->extra_data.data,
2647 response->length - sizeof(*response)),
2651 /* We could not store the extra data, make sure the tdb does not
2652 * contain a main record with wrong dangling extra data */
2654 fstr_sprintf(key_str, "DR/%d", pid);
2655 tdb_delete(wcache->tdb, string_tdb_data(key_str));
2660 bool cache_retrieve_response(pid_t pid, struct winbindd_response * response)
2668 DEBUG(10, ("Retrieving response for pid %d\n", pid));
2670 fstr_sprintf(key_str, "DR/%d", pid);
2671 data = tdb_fetch(wcache->tdb, string_tdb_data(key_str));
2673 if (data.dptr == NULL)
2676 if (data.dsize != sizeof(*response))
2679 memcpy(response, data.dptr, data.dsize);
2680 SAFE_FREE(data.dptr);
2682 if (response->length == sizeof(*response)) {
2683 response->extra_data.data = NULL;
2687 /* There's extra data */
2689 DEBUG(10, ("Retrieving extra data length=%d\n",
2690 (int)(response->length - sizeof(*response))));
2692 fstr_sprintf(key_str, "DE/%d", pid);
2693 data = tdb_fetch(wcache->tdb, string_tdb_data(key_str));
2695 if (data.dptr == NULL) {
2696 DEBUG(0, ("Did not find extra data\n"));
2700 if (data.dsize != (response->length - sizeof(*response))) {
2701 DEBUG(0, ("Invalid extra data length: %d\n", (int)data.dsize));
2702 SAFE_FREE(data.dptr);
2706 dump_data(11, (uint8 *)data.dptr, data.dsize);
2708 response->extra_data.data = data.dptr;
2712 void cache_cleanup_response(pid_t pid)
2719 fstr_sprintf(key_str, "DR/%d", pid);
2720 tdb_delete(wcache->tdb, string_tdb_data(key_str));
2722 fstr_sprintf(key_str, "DE/%d", pid);
2723 tdb_delete(wcache->tdb, string_tdb_data(key_str));
2729 bool lookup_cached_sid(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
2730 char **domain_name, char **name,
2731 enum lsa_SidType *type)
2733 struct winbindd_domain *domain;
2734 struct winbind_cache *cache;
2735 struct cache_entry *centry = NULL;
2739 domain = find_lookup_domain_from_sid(sid);
2740 if (domain == NULL) {
2744 cache = get_cache(domain);
2746 if (cache->tdb == NULL) {
2750 centry = wcache_fetch(cache, domain, "SN/%s",
2751 sid_to_fstring(tmp, sid));
2752 if (centry == NULL) {
2756 if (NT_STATUS_IS_OK(centry->status)) {
2757 *type = (enum lsa_SidType)centry_uint32(centry);
2758 *domain_name = centry_string(centry, mem_ctx);
2759 *name = centry_string(centry, mem_ctx);
2762 status = centry->status;
2763 centry_free(centry);
2764 return NT_STATUS_IS_OK(status);
2767 bool lookup_cached_name(TALLOC_CTX *mem_ctx,
2768 const char *domain_name,
2771 enum lsa_SidType *type)
2773 struct winbindd_domain *domain;
2774 struct winbind_cache *cache;
2775 struct cache_entry *centry = NULL;
2778 bool original_online_state;
2780 domain = find_lookup_domain_from_name(domain_name);
2781 if (domain == NULL) {
2785 cache = get_cache(domain);
2787 if (cache->tdb == NULL) {
2791 fstrcpy(uname, name);
2794 /* If we are doing a cached logon, temporarily set the domain
2795 offline so the cache won't expire the entry */
2797 original_online_state = domain->online;
2798 domain->online = false;
2799 centry = wcache_fetch(cache, domain, "NS/%s/%s", domain_name, uname);
2800 domain->online = original_online_state;
2802 if (centry == NULL) {
2806 if (NT_STATUS_IS_OK(centry->status)) {
2807 *type = (enum lsa_SidType)centry_uint32(centry);
2808 centry_sid(centry, mem_ctx, sid);
2811 status = centry->status;
2812 centry_free(centry);
2814 return NT_STATUS_IS_OK(status);
2817 void cache_name2sid(struct winbindd_domain *domain,
2818 const char *domain_name, const char *name,
2819 enum lsa_SidType type, const DOM_SID *sid)
2821 refresh_sequence_number(domain, false);
2822 wcache_save_name_to_sid(domain, NT_STATUS_OK, domain_name, name,
2827 * The original idea that this cache only contains centries has
2828 * been blurred - now other stuff gets put in here. Ensure we
2829 * ignore these things on cleanup.
2832 static int traverse_fn_cleanup(TDB_CONTEXT *the_tdb, TDB_DATA kbuf,
2833 TDB_DATA dbuf, void *state)
2835 struct cache_entry *centry;
2837 if (is_non_centry_key(kbuf)) {
2841 centry = wcache_fetch_raw((char *)kbuf.dptr);
2846 if (!NT_STATUS_IS_OK(centry->status)) {
2847 DEBUG(10,("deleting centry %s\n", (const char *)kbuf.dptr));
2848 tdb_delete(the_tdb, kbuf);
2851 centry_free(centry);
2855 /* flush the cache */
2856 void wcache_flush_cache(void)
2861 tdb_close(wcache->tdb);
2867 /* when working offline we must not clear the cache on restart */
2868 wcache->tdb = tdb_open_log(cache_path("winbindd_cache.tdb"),
2869 WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
2870 lp_winbind_offline_logon() ? TDB_DEFAULT : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST),
2871 O_RDWR|O_CREAT, 0600);
2874 DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
2878 tdb_traverse(wcache->tdb, traverse_fn_cleanup, NULL);
2880 DEBUG(10,("wcache_flush_cache success\n"));
2883 /* Count cached creds */
2885 static int traverse_fn_cached_creds(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
2888 int *cred_count = (int*)state;
2890 if (strncmp((const char *)kbuf.dptr, "CRED/", 5) == 0) {
2896 NTSTATUS wcache_count_cached_creds(struct winbindd_domain *domain, int *count)
2898 struct winbind_cache *cache = get_cache(domain);
2903 return NT_STATUS_INTERNAL_DB_ERROR;
2906 tdb_traverse(cache->tdb, traverse_fn_cached_creds, (void *)count);
2908 return NT_STATUS_OK;
2912 struct cred_list *prev, *next;
2917 static struct cred_list *wcache_cred_list;
2919 static int traverse_fn_get_credlist(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
2922 struct cred_list *cred;
2924 if (strncmp((const char *)kbuf.dptr, "CRED/", 5) == 0) {
2926 cred = SMB_MALLOC_P(struct cred_list);
2928 DEBUG(0,("traverse_fn_remove_first_creds: failed to malloc new entry for list\n"));
2934 /* save a copy of the key */
2936 fstrcpy(cred->name, (const char *)kbuf.dptr);
2937 DLIST_ADD(wcache_cred_list, cred);
2943 NTSTATUS wcache_remove_oldest_cached_creds(struct winbindd_domain *domain, const DOM_SID *sid)
2945 struct winbind_cache *cache = get_cache(domain);
2948 struct cred_list *cred, *oldest = NULL;
2951 return NT_STATUS_INTERNAL_DB_ERROR;
2954 /* we possibly already have an entry */
2955 if (sid && NT_STATUS_IS_OK(wcache_cached_creds_exist(domain, sid))) {
2957 fstring key_str, tmp;
2959 DEBUG(11,("we already have an entry, deleting that\n"));
2961 fstr_sprintf(key_str, "CRED/%s", sid_to_fstring(tmp, sid));
2963 tdb_delete(cache->tdb, string_tdb_data(key_str));
2965 return NT_STATUS_OK;
2968 ret = tdb_traverse(cache->tdb, traverse_fn_get_credlist, NULL);
2970 return NT_STATUS_OK;
2971 } else if ((ret == -1) || (wcache_cred_list == NULL)) {
2972 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2975 ZERO_STRUCTP(oldest);
2977 for (cred = wcache_cred_list; cred; cred = cred->next) {
2982 data = tdb_fetch(cache->tdb, string_tdb_data(cred->name));
2984 DEBUG(10,("wcache_remove_oldest_cached_creds: entry for [%s] not found\n",
2986 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
2990 t = IVAL(data.dptr, 0);
2991 SAFE_FREE(data.dptr);
2994 oldest = SMB_MALLOC_P(struct cred_list);
2995 if (oldest == NULL) {
2996 status = NT_STATUS_NO_MEMORY;
3000 fstrcpy(oldest->name, cred->name);
3001 oldest->created = t;
3005 if (t < oldest->created) {
3006 fstrcpy(oldest->name, cred->name);
3007 oldest->created = t;
3011 if (tdb_delete(cache->tdb, string_tdb_data(oldest->name)) == 0) {
3012 status = NT_STATUS_OK;
3014 status = NT_STATUS_UNSUCCESSFUL;
3017 SAFE_FREE(wcache_cred_list);
3023 /* Change the global online/offline state. */
3024 bool set_global_winbindd_state_offline(void)
3028 DEBUG(10,("set_global_winbindd_state_offline: offline requested.\n"));
3030 /* Only go offline if someone has created
3031 the key "WINBINDD_OFFLINE" in the cache tdb. */
3033 if (wcache == NULL || wcache->tdb == NULL) {
3034 DEBUG(10,("set_global_winbindd_state_offline: wcache not open yet.\n"));
3038 if (!lp_winbind_offline_logon()) {
3039 DEBUG(10,("set_global_winbindd_state_offline: rejecting.\n"));
3043 if (global_winbindd_offline_state) {
3044 /* Already offline. */
3048 data = tdb_fetch_bystring( wcache->tdb, "WINBINDD_OFFLINE" );
3050 if (!data.dptr || data.dsize != 4) {
3051 DEBUG(10,("set_global_winbindd_state_offline: offline state not set.\n"));
3052 SAFE_FREE(data.dptr);
3055 DEBUG(10,("set_global_winbindd_state_offline: offline state set.\n"));
3056 global_winbindd_offline_state = true;
3057 SAFE_FREE(data.dptr);
3062 void set_global_winbindd_state_online(void)
3064 DEBUG(10,("set_global_winbindd_state_online: online requested.\n"));
3066 if (!lp_winbind_offline_logon()) {
3067 DEBUG(10,("set_global_winbindd_state_online: rejecting.\n"));
3071 if (!global_winbindd_offline_state) {
3072 /* Already online. */
3075 global_winbindd_offline_state = false;
3081 /* Ensure there is no key "WINBINDD_OFFLINE" in the cache tdb. */
3082 tdb_delete_bystring(wcache->tdb, "WINBINDD_OFFLINE");
3085 bool get_global_winbindd_state_offline(void)
3087 return global_winbindd_offline_state;
3090 /***********************************************************************
3091 Validate functions for all possible cache tdb keys.
3092 ***********************************************************************/
3094 static struct cache_entry *create_centry_validate(const char *kstr, TDB_DATA data,
3095 struct tdb_validation_status *state)
3097 struct cache_entry *centry;
3099 centry = SMB_XMALLOC_P(struct cache_entry);
3100 centry->data = (unsigned char *)memdup(data.dptr, data.dsize);
3101 if (!centry->data) {
3105 centry->len = data.dsize;
3108 if (centry->len < 8) {
3109 /* huh? corrupt cache? */
3110 DEBUG(0,("create_centry_validate: Corrupt cache for key %s (len < 8) ?\n", kstr));
3111 centry_free(centry);
3112 state->bad_entry = true;
3113 state->success = false;
3117 centry->status = NT_STATUS(centry_uint32(centry));
3118 centry->sequence_number = centry_uint32(centry);
3122 static int validate_seqnum(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3123 struct tdb_validation_status *state)
3125 if (dbuf.dsize != 8) {
3126 DEBUG(0,("validate_seqnum: Corrupt cache for key %s (len %u != 8) ?\n",
3127 keystr, (unsigned int)dbuf.dsize ));
3128 state->bad_entry = true;
3134 static int validate_ns(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3135 struct tdb_validation_status *state)
3137 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3142 (void)centry_uint32(centry);
3143 if (NT_STATUS_IS_OK(centry->status)) {
3145 (void)centry_sid(centry, mem_ctx, &sid);
3148 centry_free(centry);
3150 if (!(state->success)) {
3153 DEBUG(10,("validate_ns: %s ok\n", keystr));
3157 static int validate_sn(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3158 struct tdb_validation_status *state)
3160 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3165 if (NT_STATUS_IS_OK(centry->status)) {
3166 (void)centry_uint32(centry);
3167 (void)centry_string(centry, mem_ctx);
3168 (void)centry_string(centry, mem_ctx);
3171 centry_free(centry);
3173 if (!(state->success)) {
3176 DEBUG(10,("validate_sn: %s ok\n", keystr));
3180 static int validate_u(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3181 struct tdb_validation_status *state)
3183 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3190 (void)centry_string(centry, mem_ctx);
3191 (void)centry_string(centry, mem_ctx);
3192 (void)centry_string(centry, mem_ctx);
3193 (void)centry_string(centry, mem_ctx);
3194 (void)centry_uint32(centry);
3195 (void)centry_sid(centry, mem_ctx, &sid);
3196 (void)centry_sid(centry, mem_ctx, &sid);
3198 centry_free(centry);
3200 if (!(state->success)) {
3203 DEBUG(10,("validate_u: %s ok\n", keystr));
3207 static int validate_loc_pol(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3208 struct tdb_validation_status *state)
3210 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3216 (void)centry_nttime(centry);
3217 (void)centry_nttime(centry);
3218 (void)centry_uint16(centry);
3220 centry_free(centry);
3222 if (!(state->success)) {
3225 DEBUG(10,("validate_loc_pol: %s ok\n", keystr));
3229 static int validate_pwd_pol(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3230 struct tdb_validation_status *state)
3232 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3238 (void)centry_uint16(centry);
3239 (void)centry_uint16(centry);
3240 (void)centry_uint32(centry);
3241 (void)centry_nttime(centry);
3242 (void)centry_nttime(centry);
3244 centry_free(centry);
3246 if (!(state->success)) {
3249 DEBUG(10,("validate_pwd_pol: %s ok\n", keystr));
3253 static int validate_cred(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3254 struct tdb_validation_status *state)
3256 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3262 (void)centry_time(centry);
3263 (void)centry_hash16(centry, mem_ctx);
3265 /* We only have 17 bytes more data in the salted cred case. */
3266 if (centry->len - centry->ofs == 17) {
3267 (void)centry_hash16(centry, mem_ctx);
3270 centry_free(centry);
3272 if (!(state->success)) {
3275 DEBUG(10,("validate_cred: %s ok\n", keystr));
3279 static int validate_ul(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3280 struct tdb_validation_status *state)
3282 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3283 int32 num_entries, i;
3289 num_entries = (int32)centry_uint32(centry);
3291 for (i=0; i< num_entries; i++) {
3293 (void)centry_string(centry, mem_ctx);
3294 (void)centry_string(centry, mem_ctx);
3295 (void)centry_string(centry, mem_ctx);
3296 (void)centry_string(centry, mem_ctx);
3297 (void)centry_sid(centry, mem_ctx, &sid);
3298 (void)centry_sid(centry, mem_ctx, &sid);
3301 centry_free(centry);
3303 if (!(state->success)) {
3306 DEBUG(10,("validate_ul: %s ok\n", keystr));
3310 static int validate_gl(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3311 struct tdb_validation_status *state)
3313 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3314 int32 num_entries, i;
3320 num_entries = centry_uint32(centry);
3322 for (i=0; i< num_entries; i++) {
3323 (void)centry_string(centry, mem_ctx);
3324 (void)centry_string(centry, mem_ctx);
3325 (void)centry_uint32(centry);
3328 centry_free(centry);
3330 if (!(state->success)) {
3333 DEBUG(10,("validate_gl: %s ok\n", keystr));
3337 static int validate_ug(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3338 struct tdb_validation_status *state)
3340 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3341 int32 num_groups, i;
3347 num_groups = centry_uint32(centry);
3349 for (i=0; i< num_groups; i++) {
3351 centry_sid(centry, mem_ctx, &sid);
3354 centry_free(centry);
3356 if (!(state->success)) {
3359 DEBUG(10,("validate_ug: %s ok\n", keystr));
3363 static int validate_ua(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3364 struct tdb_validation_status *state)
3366 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3367 int32 num_aliases, i;
3373 num_aliases = centry_uint32(centry);
3375 for (i=0; i < num_aliases; i++) {
3376 (void)centry_uint32(centry);
3379 centry_free(centry);
3381 if (!(state->success)) {
3384 DEBUG(10,("validate_ua: %s ok\n", keystr));
3388 static int validate_gm(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3389 struct tdb_validation_status *state)
3391 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3398 num_names = centry_uint32(centry);
3400 for (i=0; i< num_names; i++) {
3402 centry_sid(centry, mem_ctx, &sid);
3403 (void)centry_string(centry, mem_ctx);
3404 (void)centry_uint32(centry);
3407 centry_free(centry);
3409 if (!(state->success)) {
3412 DEBUG(10,("validate_gm: %s ok\n", keystr));
3416 static int validate_dr(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3417 struct tdb_validation_status *state)
3419 /* Can't say anything about this other than must be nonzero. */
3420 if (dbuf.dsize == 0) {
3421 DEBUG(0,("validate_dr: Corrupt cache for key %s (len == 0) ?\n",
3423 state->bad_entry = true;
3424 state->success = false;
3428 DEBUG(10,("validate_dr: %s ok\n", keystr));
3432 static int validate_de(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3433 struct tdb_validation_status *state)
3435 /* Can't say anything about this other than must be nonzero. */
3436 if (dbuf.dsize == 0) {
3437 DEBUG(0,("validate_de: Corrupt cache for key %s (len == 0) ?\n",
3439 state->bad_entry = true;
3440 state->success = false;
3444 DEBUG(10,("validate_de: %s ok\n", keystr));
3448 static int validate_pwinfo(TALLOC_CTX *mem_ctx, const char *keystr,
3449 TDB_DATA dbuf, struct tdb_validation_status *state)
3451 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3457 (void)centry_string(centry, mem_ctx);
3458 (void)centry_string(centry, mem_ctx);
3459 (void)centry_string(centry, mem_ctx);
3460 (void)centry_uint32(centry);
3462 centry_free(centry);
3464 if (!(state->success)) {
3467 DEBUG(10,("validate_pwinfo: %s ok\n", keystr));
3471 static int validate_nss_an(TALLOC_CTX *mem_ctx, const char *keystr,
3473 struct tdb_validation_status *state)
3475 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3481 (void)centry_string( centry, mem_ctx );
3483 centry_free(centry);
3485 if (!(state->success)) {
3488 DEBUG(10,("validate_pwinfo: %s ok\n", keystr));
3492 static int validate_nss_na(TALLOC_CTX *mem_ctx, const char *keystr,
3494 struct tdb_validation_status *state)
3496 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3502 (void)centry_string( centry, mem_ctx );
3504 centry_free(centry);
3506 if (!(state->success)) {
3509 DEBUG(10,("validate_pwinfo: %s ok\n", keystr));
3513 static int validate_trustdoms(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3514 struct tdb_validation_status *state)
3516 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3517 int32 num_domains, i;
3523 num_domains = centry_uint32(centry);
3525 for (i=0; i< num_domains; i++) {
3527 (void)centry_string(centry, mem_ctx);
3528 (void)centry_string(centry, mem_ctx);
3529 (void)centry_sid(centry, mem_ctx, &sid);
3532 centry_free(centry);
3534 if (!(state->success)) {
3537 DEBUG(10,("validate_trustdoms: %s ok\n", keystr));
3541 static int validate_trustdomcache(TALLOC_CTX *mem_ctx, const char *keystr,
3543 struct tdb_validation_status *state)
3545 if (dbuf.dsize == 0) {
3546 DEBUG(0, ("validate_trustdomcache: Corrupt cache for "
3547 "key %s (len ==0) ?\n", keystr));
3548 state->bad_entry = true;
3549 state->success = false;
3553 DEBUG(10, ("validate_trustdomcache: %s ok\n", keystr));
3554 DEBUGADD(10, (" Don't trust me, I am a DUMMY!\n"));
3558 static int validate_offline(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3559 struct tdb_validation_status *state)
3561 if (dbuf.dsize != 4) {
3562 DEBUG(0,("validate_offline: Corrupt cache for key %s (len %u != 4) ?\n",
3563 keystr, (unsigned int)dbuf.dsize ));
3564 state->bad_entry = true;
3565 state->success = false;
3568 DEBUG(10,("validate_offline: %s ok\n", keystr));
3572 static int validate_cache_version(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3573 struct tdb_validation_status *state)
3575 if (dbuf.dsize != 4) {
3576 DEBUG(0, ("validate_cache_version: Corrupt cache for "
3577 "key %s (len %u != 4) ?\n",
3578 keystr, (unsigned int)dbuf.dsize));
3579 state->bad_entry = true;
3580 state->success = false;
3584 DEBUG(10, ("validate_cache_version: %s ok\n", keystr));
3588 /***********************************************************************
3589 A list of all possible cache tdb keys with associated validation
3591 ***********************************************************************/
3593 struct key_val_struct {
3594 const char *keyname;
3595 int (*validate_data_fn)(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf, struct tdb_validation_status* state);
3597 {"SEQNUM/", validate_seqnum},
3598 {"NS/", validate_ns},
3599 {"SN/", validate_sn},
3601 {"LOC_POL/", validate_loc_pol},
3602 {"PWD_POL/", validate_pwd_pol},
3603 {"CRED/", validate_cred},
3604 {"UL/", validate_ul},
3605 {"GL/", validate_gl},
3606 {"UG/", validate_ug},
3607 {"UA", validate_ua},
3608 {"GM/", validate_gm},
3609 {"DR/", validate_dr},
3610 {"DE/", validate_de},
3611 {"NSS/PWINFO/", validate_pwinfo},
3612 {"TRUSTDOMS/", validate_trustdoms},
3613 {"TRUSTDOMCACHE/", validate_trustdomcache},
3614 {"NSS/NA/", validate_nss_na},
3615 {"NSS/AN/", validate_nss_an},
3616 {"WINBINDD_OFFLINE", validate_offline},
3617 {WINBINDD_CACHE_VERSION_KEYSTR, validate_cache_version},
3621 /***********************************************************************
3622 Function to look at every entry in the tdb and validate it as far as
3624 ***********************************************************************/
3626 static int cache_traverse_validate_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, void *state)
3629 unsigned int max_key_len = 1024;
3630 struct tdb_validation_status *v_state = (struct tdb_validation_status *)state;
3632 /* Paranoia check. */
3633 if (strncmp("UA/", (const char *)kbuf.dptr, 3) == 0) {
3634 max_key_len = 1024 * 1024;
3636 if (kbuf.dsize > max_key_len) {
3637 DEBUG(0, ("cache_traverse_validate_fn: key length too large: "
3639 (unsigned int)kbuf.dsize, (unsigned int)max_key_len));
3643 for (i = 0; key_val[i].keyname; i++) {
3644 size_t namelen = strlen(key_val[i].keyname);
3645 if (kbuf.dsize >= namelen && (
3646 strncmp(key_val[i].keyname, (const char *)kbuf.dptr, namelen)) == 0) {
3647 TALLOC_CTX *mem_ctx;
3651 keystr = SMB_MALLOC_ARRAY(char, kbuf.dsize+1);
3655 memcpy(keystr, kbuf.dptr, kbuf.dsize);
3656 keystr[kbuf.dsize] = '\0';
3658 mem_ctx = talloc_init("validate_ctx");
3664 ret = key_val[i].validate_data_fn(mem_ctx, keystr, dbuf,
3668 talloc_destroy(mem_ctx);
3673 DEBUG(0,("cache_traverse_validate_fn: unknown cache entry\nkey :\n"));
3674 dump_data(0, (uint8 *)kbuf.dptr, kbuf.dsize);
3675 DEBUG(0,("data :\n"));
3676 dump_data(0, (uint8 *)dbuf.dptr, dbuf.dsize);
3677 v_state->unknown_key = true;
3678 v_state->success = false;
3679 return 1; /* terminate. */
3682 static void validate_panic(const char *const why)
3684 DEBUG(0,("validating cache: would panic %s\n", why ));
3685 DEBUGADD(0, ("exiting instead (cache validation mode)\n"));
3689 /***********************************************************************
3690 Try and validate every entry in the winbindd cache. If we fail here,
3691 delete the cache tdb and return non-zero.
3692 ***********************************************************************/
3694 int winbindd_validate_cache(void)
3697 const char *tdb_path = cache_path("winbindd_cache.tdb");
3698 TDB_CONTEXT *tdb = NULL;
3700 DEBUG(10, ("winbindd_validate_cache: replacing panic function\n"));
3701 smb_panic_fn = validate_panic;
3704 tdb = tdb_open_log(tdb_path,
3705 WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
3706 ( lp_winbind_offline_logon()
3708 : TDB_DEFAULT | TDB_CLEAR_IF_FIRST ),
3712 DEBUG(0, ("winbindd_validate_cache: "
3713 "error opening/initializing tdb\n"));
3718 ret = tdb_validate_and_backup(tdb_path, cache_traverse_validate_fn);
3721 DEBUG(10, ("winbindd_validate_cache: validation not successful.\n"));
3722 DEBUGADD(10, ("removing tdb %s.\n", tdb_path));
3727 DEBUG(10, ("winbindd_validate_cache: restoring panic function\n"));
3728 smb_panic_fn = smb_panic;
3732 /***********************************************************************
3733 Try and validate every entry in the winbindd cache.
3734 ***********************************************************************/
3736 int winbindd_validate_cache_nobackup(void)
3739 const char *tdb_path = cache_path("winbindd_cache.tdb");
3741 DEBUG(10, ("winbindd_validate_cache: replacing panic function\n"));
3742 smb_panic_fn = validate_panic;
3745 if (wcache == NULL || wcache->tdb == NULL) {
3746 ret = tdb_validate_open(tdb_path, cache_traverse_validate_fn);
3748 ret = tdb_validate(wcache->tdb, cache_traverse_validate_fn);
3752 DEBUG(10, ("winbindd_validate_cache_nobackup: validation not "
3756 DEBUG(10, ("winbindd_validate_cache_nobackup: restoring panic "
3758 smb_panic_fn = smb_panic;
3762 bool winbindd_cache_validate_and_initialize(void)
3764 close_winbindd_cache();
3766 if (lp_winbind_offline_logon()) {
3767 if (winbindd_validate_cache() < 0) {
3768 DEBUG(0, ("winbindd cache tdb corrupt and no backup "
3769 "could be restored.\n"));
3773 return initialize_winbindd_cache();
3776 /*********************************************************************
3777 ********************************************************************/
3779 static bool add_wbdomain_to_tdc_array( struct winbindd_domain *new_dom,
3780 struct winbindd_tdc_domain **domains,
3781 size_t *num_domains )
3783 struct winbindd_tdc_domain *list = NULL;
3786 bool set_only = false;
3788 /* don't allow duplicates */
3793 for ( i=0; i< (*num_domains); i++ ) {
3794 if ( strequal( new_dom->name, list[i].domain_name ) ) {
3795 DEBUG(10,("add_wbdomain_to_tdc_array: Found existing record for %s\n",
3806 list = TALLOC_ARRAY( NULL, struct winbindd_tdc_domain, 1 );
3809 list = TALLOC_REALLOC_ARRAY( *domains, *domains,
3810 struct winbindd_tdc_domain,
3815 ZERO_STRUCT( list[idx] );
3821 list[idx].domain_name = talloc_strdup( list, new_dom->name );
3822 list[idx].dns_name = talloc_strdup( list, new_dom->alt_name );
3824 if ( !is_null_sid( &new_dom->sid ) ) {
3825 sid_copy( &list[idx].sid, &new_dom->sid );
3827 sid_copy(&list[idx].sid, &global_sid_NULL);
3830 if ( new_dom->domain_flags != 0x0 )
3831 list[idx].trust_flags = new_dom->domain_flags;
3833 if ( new_dom->domain_type != 0x0 )
3834 list[idx].trust_type = new_dom->domain_type;
3836 if ( new_dom->domain_trust_attribs != 0x0 )
3837 list[idx].trust_attribs = new_dom->domain_trust_attribs;
3841 *num_domains = idx + 1;
3847 /*********************************************************************
3848 ********************************************************************/
3850 static TDB_DATA make_tdc_key( const char *domain_name )
3852 char *keystr = NULL;
3853 TDB_DATA key = { NULL, 0 };
3855 if ( !domain_name ) {
3856 DEBUG(5,("make_tdc_key: Keyname workgroup is NULL!\n"));
3861 if (asprintf( &keystr, "TRUSTDOMCACHE/%s", domain_name ) == -1) {
3864 key = string_term_tdb_data(keystr);
3869 /*********************************************************************
3870 ********************************************************************/
3872 static int pack_tdc_domains( struct winbindd_tdc_domain *domains,
3874 unsigned char **buf )
3876 unsigned char *buffer = NULL;
3881 DEBUG(10,("pack_tdc_domains: Packing %d trusted domains\n",
3889 /* Store the number of array items first */
3890 len += tdb_pack( buffer+len, buflen-len, "d",
3893 /* now pack each domain trust record */
3894 for ( i=0; i<num_domains; i++ ) {
3899 DEBUG(10,("pack_tdc_domains: Packing domain %s (%s)\n",
3900 domains[i].domain_name,
3901 domains[i].dns_name ? domains[i].dns_name : "UNKNOWN" ));
3904 len += tdb_pack( buffer+len, buflen-len, "fffddd",
3905 domains[i].domain_name,
3906 domains[i].dns_name,
3907 sid_to_fstring(tmp, &domains[i].sid),
3908 domains[i].trust_flags,
3909 domains[i].trust_attribs,
3910 domains[i].trust_type );
3913 if ( buflen < len ) {
3915 if ( (buffer = SMB_MALLOC_ARRAY(unsigned char, len)) == NULL ) {
3916 DEBUG(0,("pack_tdc_domains: failed to alloc buffer!\n"));
3930 /*********************************************************************
3931 ********************************************************************/
3933 static size_t unpack_tdc_domains( unsigned char *buf, int buflen,
3934 struct winbindd_tdc_domain **domains )
3936 fstring domain_name, dns_name, sid_string;
3937 uint32 type, attribs, flags;
3941 struct winbindd_tdc_domain *list = NULL;
3943 /* get the number of domains */
3944 len += tdb_unpack( buf+len, buflen-len, "d", &num_domains);
3946 DEBUG(5,("unpack_tdc_domains: Failed to unpack domain array\n"));
3950 list = TALLOC_ARRAY( NULL, struct winbindd_tdc_domain, num_domains );
3952 DEBUG(0,("unpack_tdc_domains: Failed to talloc() domain list!\n"));
3956 for ( i=0; i<num_domains; i++ ) {
3957 len += tdb_unpack( buf+len, buflen-len, "fffddd",
3966 DEBUG(5,("unpack_tdc_domains: Failed to unpack domain array\n"));
3967 TALLOC_FREE( list );
3971 DEBUG(11,("unpack_tdc_domains: Unpacking domain %s (%s) "
3972 "SID %s, flags = 0x%x, attribs = 0x%x, type = 0x%x\n",
3973 domain_name, dns_name, sid_string,
3974 flags, attribs, type));
3976 list[i].domain_name = talloc_strdup( list, domain_name );
3977 list[i].dns_name = talloc_strdup( list, dns_name );
3978 if ( !string_to_sid( &(list[i].sid), sid_string ) ) {
3979 DEBUG(10,("unpack_tdc_domains: no SID for domain %s\n",
3982 list[i].trust_flags = flags;
3983 list[i].trust_attribs = attribs;
3984 list[i].trust_type = type;
3992 /*********************************************************************
3993 ********************************************************************/
3995 static bool wcache_tdc_store_list( struct winbindd_tdc_domain *domains, size_t num_domains )
3997 TDB_DATA key = make_tdc_key( lp_workgroup() );
3998 TDB_DATA data = { NULL, 0 };
4004 /* See if we were asked to delete the cache entry */
4007 ret = tdb_delete( wcache->tdb, key );
4011 data.dsize = pack_tdc_domains( domains, num_domains, &data.dptr );
4018 ret = tdb_store( wcache->tdb, key, data, 0 );
4021 SAFE_FREE( data.dptr );
4022 SAFE_FREE( key.dptr );
4024 return ( ret != -1 );
4027 /*********************************************************************
4028 ********************************************************************/
4030 bool wcache_tdc_fetch_list( struct winbindd_tdc_domain **domains, size_t *num_domains )
4032 TDB_DATA key = make_tdc_key( lp_workgroup() );
4033 TDB_DATA data = { NULL, 0 };
4041 data = tdb_fetch( wcache->tdb, key );
4043 SAFE_FREE( key.dptr );
4048 *num_domains = unpack_tdc_domains( data.dptr, data.dsize, domains );
4050 SAFE_FREE( data.dptr );
4058 /*********************************************************************
4059 ********************************************************************/
4061 bool wcache_tdc_add_domain( struct winbindd_domain *domain )
4063 struct winbindd_tdc_domain *dom_list = NULL;
4064 size_t num_domains = 0;
4067 DEBUG(10,("wcache_tdc_add_domain: Adding domain %s (%s), SID %s, "
4068 "flags = 0x%x, attributes = 0x%x, type = 0x%x\n",
4069 domain->name, domain->alt_name,
4070 sid_string_dbg(&domain->sid),
4071 domain->domain_flags,
4072 domain->domain_trust_attribs,
4073 domain->domain_type));
4075 if ( !init_wcache() ) {
4079 /* fetch the list */
4081 wcache_tdc_fetch_list( &dom_list, &num_domains );
4083 /* add the new domain */
4085 if ( !add_wbdomain_to_tdc_array( domain, &dom_list, &num_domains ) ) {
4089 /* pack the domain */
4091 if ( !wcache_tdc_store_list( dom_list, num_domains ) ) {
4099 TALLOC_FREE( dom_list );
4104 /*********************************************************************
4105 ********************************************************************/
4107 struct winbindd_tdc_domain * wcache_tdc_fetch_domain( TALLOC_CTX *ctx, const char *name )
4109 struct winbindd_tdc_domain *dom_list = NULL;
4110 size_t num_domains = 0;
4112 struct winbindd_tdc_domain *d = NULL;
4114 DEBUG(10,("wcache_tdc_fetch_domain: Searching for domain %s\n", name));
4116 if ( !init_wcache() ) {
4120 /* fetch the list */
4122 wcache_tdc_fetch_list( &dom_list, &num_domains );
4124 for ( i=0; i<num_domains; i++ ) {
4125 if ( strequal(name, dom_list[i].domain_name) ||
4126 strequal(name, dom_list[i].dns_name) )
4128 DEBUG(10,("wcache_tdc_fetch_domain: Found domain %s\n",
4131 d = TALLOC_P( ctx, struct winbindd_tdc_domain );
4135 d->domain_name = talloc_strdup( d, dom_list[i].domain_name );
4136 d->dns_name = talloc_strdup( d, dom_list[i].dns_name );
4137 sid_copy( &d->sid, &dom_list[i].sid );
4138 d->trust_flags = dom_list[i].trust_flags;
4139 d->trust_type = dom_list[i].trust_type;
4140 d->trust_attribs = dom_list[i].trust_attribs;
4146 TALLOC_FREE( dom_list );
4152 /*********************************************************************
4153 ********************************************************************/
4155 void wcache_tdc_clear( void )
4157 if ( !init_wcache() )
4160 wcache_tdc_store_list( NULL, 0 );
4166 /*********************************************************************
4167 ********************************************************************/
4169 static void wcache_save_user_pwinfo(struct winbindd_domain *domain,
4171 const DOM_SID *user_sid,
4172 const char *homedir,
4177 struct cache_entry *centry;
4180 if ( (centry = centry_start(domain, status)) == NULL )
4183 centry_put_string( centry, homedir );
4184 centry_put_string( centry, shell );
4185 centry_put_string( centry, gecos );
4186 centry_put_uint32( centry, gid );
4188 centry_end(centry, "NSS/PWINFO/%s", sid_to_fstring(tmp, user_sid) );
4190 DEBUG(10,("wcache_save_user_pwinfo: %s\n", sid_string_dbg(user_sid) ));
4192 centry_free(centry);
4195 NTSTATUS nss_get_info_cached( struct winbindd_domain *domain,
4196 const DOM_SID *user_sid,
4198 ADS_STRUCT *ads, LDAPMessage *msg,
4199 char **homedir, char **shell, char **gecos,
4202 struct winbind_cache *cache = get_cache(domain);
4203 struct cache_entry *centry = NULL;
4210 centry = wcache_fetch(cache, domain, "NSS/PWINFO/%s",
4211 sid_to_fstring(tmp, user_sid));
4216 *homedir = centry_string( centry, ctx );
4217 *shell = centry_string( centry, ctx );
4218 *gecos = centry_string( centry, ctx );
4219 *p_gid = centry_uint32( centry );
4221 centry_free(centry);
4223 DEBUG(10,("nss_get_info_cached: [Cached] - user_sid %s\n",
4224 sid_string_dbg(user_sid)));
4226 return NT_STATUS_OK;
4230 nt_status = nss_get_info( domain->name, user_sid, ctx, ads, msg,
4231 homedir, shell, gecos, p_gid );
4233 DEBUG(10, ("nss_get_info returned %s\n", nt_errstr(nt_status)));
4235 if ( NT_STATUS_IS_OK(nt_status) ) {
4236 DEBUG(10, ("result:\n\thomedir = '%s'\n", *homedir));
4237 DEBUGADD(10, ("\tshell = '%s'\n", *shell));
4238 DEBUGADD(10, ("\tgecos = '%s'\n", *gecos));
4239 DEBUGADD(10, ("\tgid = '%u'\n", *p_gid));
4241 wcache_save_user_pwinfo( domain, nt_status, user_sid,
4242 *homedir, *shell, *gecos, *p_gid );
4245 if ( NT_STATUS_EQUAL( nt_status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND ) ) {
4246 DEBUG(5,("nss_get_info_cached: Setting domain %s offline\n",
4248 set_domain_offline( domain );
4255 /* the cache backend methods are exposed via this structure */
4256 struct winbindd_methods cache_methods = {
git.samba.org / sfrench / samba-autobuild / .git / blob