2 Unix SMB/CIFS implementation.
4 Winbind cache backend functions
6 Copyright (C) Andrew Tridgell 2001
7 Copyright (C) Gerald Carter 2003
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
28 #define DBGC_CLASS DBGC_WINBIND
30 struct winbind_cache {
36 uint32 sequence_number;
41 #define WINBINDD_MAX_CACHE_SIZE (50*1024*1024)
43 static struct winbind_cache *wcache;
46 void wcache_flush_cache(void)
48 extern BOOL opt_nocache;
53 tdb_close(wcache->tdb);
59 wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"), 5000,
60 TDB_CLEAR_IF_FIRST, O_RDWR|O_CREAT, 0600);
63 DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
65 DEBUG(10,("wcache_flush_cache success\n"));
68 void winbindd_check_cache_size(time_t t)
70 static time_t last_check_time;
73 if (last_check_time == (time_t)0)
76 if (t - last_check_time < 60 && t - last_check_time > 0)
79 if (wcache == NULL || wcache->tdb == NULL) {
80 DEBUG(0, ("Unable to check size of tdb cache - cache not open !\n"));
84 if (fstat(wcache->tdb->fd, &st) == -1) {
85 DEBUG(0, ("Unable to check size of tdb cache %s!\n", strerror(errno) ));
89 if (st.st_size > WINBINDD_MAX_CACHE_SIZE) {
90 DEBUG(10,("flushing cache due to size (%lu) > (%lu)\n",
91 (unsigned long)st.st_size,
92 (unsigned long)WINBINDD_MAX_CACHE_SIZE));
97 /* get the winbind_cache structure */
98 static struct winbind_cache *get_cache(struct winbindd_domain *domain)
100 struct winbind_cache *ret = wcache;
102 if (!domain->backend) {
103 extern struct winbindd_methods msrpc_methods;
104 switch (lp_security()) {
107 extern struct winbindd_methods ads_methods;
108 /* always obey the lp_security parameter for our domain */
109 if ( strequal(lp_realm(), domain->alt_name) || strequal(lp_workgroup(), domain->name) ) {
110 domain->backend = &ads_methods;
114 if ( domain->native_mode ) {
115 domain->backend = &ads_methods;
123 domain->backend = &msrpc_methods;
130 ret = smb_xmalloc(sizeof(*ret));
134 wcache_flush_cache();
140 free a centry structure
142 static void centry_free(struct cache_entry *centry)
146 SAFE_FREE(centry->data);
151 pull a uint32 from a cache entry
153 static uint32 centry_uint32(struct cache_entry *centry)
156 if (centry->len - centry->ofs < 4) {
157 DEBUG(0,("centry corruption? needed 4 bytes, have %d\n",
158 centry->len - centry->ofs));
159 smb_panic("centry_uint32");
161 ret = IVAL(centry->data, centry->ofs);
167 pull a uint8 from a cache entry
169 static uint8 centry_uint8(struct cache_entry *centry)
172 if (centry->len - centry->ofs < 1) {
173 DEBUG(0,("centry corruption? needed 1 bytes, have %d\n",
174 centry->len - centry->ofs));
175 smb_panic("centry_uint32");
177 ret = CVAL(centry->data, centry->ofs);
182 /* pull a string from a cache entry, using the supplied
185 static char *centry_string(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
190 len = centry_uint8(centry);
193 /* a deliberate NULL string */
197 if (centry->len - centry->ofs < len) {
198 DEBUG(0,("centry corruption? needed %d bytes, have %d\n",
199 len, centry->len - centry->ofs));
200 smb_panic("centry_string");
203 ret = talloc(mem_ctx, len+1);
205 smb_panic("centry_string out of memory\n");
207 memcpy(ret,centry->data + centry->ofs, len);
213 /* pull a string from a cache entry, using the supplied
216 static DOM_SID *centry_sid(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
221 sid = talloc(mem_ctx, sizeof(*sid));
225 sid_string = centry_string(centry, mem_ctx);
226 if (!string_to_sid(sid, sid_string)) {
232 /* the server is considered down if it can't give us a sequence number */
233 static BOOL wcache_server_down(struct winbindd_domain *domain)
240 ret = (domain->sequence_number == DOM_SEQUENCE_NONE);
243 DEBUG(10,("wcache_server_down: server for Domain %s down\n",
248 static NTSTATUS fetch_cache_seqnum( struct winbindd_domain *domain, time_t now )
255 DEBUG(10,("fetch_cache_seqnum: tdb == NULL\n"));
256 return NT_STATUS_UNSUCCESSFUL;
259 fstr_sprintf( key, "SEQNUM/%s", domain->name );
261 data = tdb_fetch_bystring( wcache->tdb, key );
262 if ( !data.dptr || data.dsize!=8 ) {
263 DEBUG(10,("fetch_cache_seqnum: invalid data size key [%s]\n", key ));
264 return NT_STATUS_UNSUCCESSFUL;
267 domain->sequence_number = IVAL(data.dptr, 0);
268 domain->last_seq_check = IVAL(data.dptr, 4);
270 /* have we expired? */
272 time_diff = now - domain->last_seq_check;
273 if ( time_diff > lp_winbind_cache_time() ) {
274 DEBUG(10,("fetch_cache_seqnum: timeout [%s][%u @ %u]\n",
275 domain->name, domain->sequence_number,
276 (uint32)domain->last_seq_check));
277 return NT_STATUS_UNSUCCESSFUL;
280 DEBUG(10,("fetch_cache_seqnum: success [%s][%u @ %u]\n",
281 domain->name, domain->sequence_number,
282 (uint32)domain->last_seq_check));
287 static NTSTATUS store_cache_seqnum( struct winbindd_domain *domain )
294 DEBUG(10,("store_cache_seqnum: tdb == NULL\n"));
295 return NT_STATUS_UNSUCCESSFUL;
298 fstr_sprintf( key_str, "SEQNUM/%s", domain->name );
300 key.dsize = strlen(key_str)+1;
302 SIVAL(buf, 0, domain->sequence_number);
303 SIVAL(buf, 4, domain->last_seq_check);
307 if ( tdb_store( wcache->tdb, key, data, TDB_REPLACE) == -1 ) {
308 DEBUG(10,("store_cache_seqnum: tdb_store fail key [%s]\n", key_str ));
309 return NT_STATUS_UNSUCCESSFUL;
312 DEBUG(10,("store_cache_seqnum: success [%s][%u @ %u]\n",
313 domain->name, domain->sequence_number,
314 (uint32)domain->last_seq_check));
320 refresh the domain sequence number. If force is True
321 then always refresh it, no matter how recently we fetched it
324 static void refresh_sequence_number(struct winbindd_domain *domain, BOOL force)
328 time_t t = time(NULL);
329 unsigned cache_time = lp_winbind_cache_time();
333 /* trying to reconnect is expensive, don't do it too often */
334 if (domain->sequence_number == DOM_SEQUENCE_NONE) {
338 time_diff = t - domain->last_seq_check;
340 /* see if we have to refetch the domain sequence number */
341 if (!force && (time_diff < cache_time)) {
342 DEBUG(10, ("refresh_sequence_number: %s time ok\n", domain->name));
346 /* try to get the sequence number from the tdb cache first */
347 /* this will update the timestamp as well */
349 status = fetch_cache_seqnum( domain, t );
350 if ( NT_STATUS_IS_OK(status) )
353 status = domain->backend->sequence_number(domain, &domain->sequence_number);
355 if (!NT_STATUS_IS_OK(status)) {
356 domain->sequence_number = DOM_SEQUENCE_NONE;
359 domain->last_status = status;
360 domain->last_seq_check = time(NULL);
362 /* save the new sequence number ni the cache */
363 store_cache_seqnum( domain );
366 DEBUG(10, ("refresh_sequence_number: %s seq number is now %d\n",
367 domain->name, domain->sequence_number));
373 decide if a cache entry has expired
375 static BOOL centry_expired(struct winbindd_domain *domain, const char *keystr, struct cache_entry *centry)
377 /* if the server is OK and our cache entry came from when it was down then
378 the entry is invalid */
379 if (domain->sequence_number != DOM_SEQUENCE_NONE &&
380 centry->sequence_number == DOM_SEQUENCE_NONE) {
381 DEBUG(10,("centry_expired: Key %s for domain %s invalid sequence.\n",
382 keystr, domain->name ));
386 /* if the server is down or the cache entry is not older than the
387 current sequence number then it is OK */
388 if (wcache_server_down(domain) ||
389 centry->sequence_number == domain->sequence_number) {
390 DEBUG(10,("centry_expired: Key %s for domain %s is good.\n",
391 keystr, domain->name ));
395 DEBUG(10,("centry_expired: Key %s for domain %s expired\n",
396 keystr, domain->name ));
403 fetch an entry from the cache, with a varargs key. auto-fetch the sequence
404 number and return status
406 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
407 struct winbindd_domain *domain,
408 const char *format, ...) PRINTF_ATTRIBUTE(3,4);
409 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
410 struct winbindd_domain *domain,
411 const char *format, ...)
416 struct cache_entry *centry;
419 refresh_sequence_number(domain, False);
421 va_start(ap, format);
422 smb_xvasprintf(&kstr, format, ap);
426 key.dsize = strlen(kstr);
427 data = tdb_fetch(wcache->tdb, key);
434 centry = smb_xmalloc(sizeof(*centry));
435 centry->data = (unsigned char *)data.dptr;
436 centry->len = data.dsize;
439 if (centry->len < 8) {
440 /* huh? corrupt cache? */
441 DEBUG(10,("wcache_fetch: Corrupt cache for key %s domain %s (len < 8) ?\n",
442 kstr, domain->name ));
448 centry->status = NT_STATUS(centry_uint32(centry));
449 centry->sequence_number = centry_uint32(centry);
451 if (centry_expired(domain, kstr, centry)) {
452 extern BOOL opt_dual_daemon;
454 DEBUG(10,("wcache_fetch: entry %s expired for domain %s\n",
455 kstr, domain->name ));
457 if (opt_dual_daemon) {
458 extern BOOL background_process;
459 background_process = True;
460 DEBUG(10,("wcache_fetch: background processing expired entry %s for domain %s\n",
461 kstr, domain->name ));
469 DEBUG(10,("wcache_fetch: returning entry %s for domain %s\n",
470 kstr, domain->name ));
477 make sure we have at least len bytes available in a centry
479 static void centry_expand(struct cache_entry *centry, uint32 len)
482 if (centry->len - centry->ofs >= len)
485 p = realloc(centry->data, centry->len);
487 DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len));
488 smb_panic("out of memory in centry_expand");
494 push a uint32 into a centry
496 static void centry_put_uint32(struct cache_entry *centry, uint32 v)
498 centry_expand(centry, 4);
499 SIVAL(centry->data, centry->ofs, v);
504 push a uint8 into a centry
506 static void centry_put_uint8(struct cache_entry *centry, uint8 v)
508 centry_expand(centry, 1);
509 SCVAL(centry->data, centry->ofs, v);
514 push a string into a centry
516 static void centry_put_string(struct cache_entry *centry, const char *s)
521 /* null strings are marked as len 0xFFFF */
522 centry_put_uint8(centry, 0xFF);
527 /* can't handle more than 254 char strings. Truncating is probably best */
530 centry_put_uint8(centry, len);
531 centry_expand(centry, len);
532 memcpy(centry->data + centry->ofs, s, len);
536 static void centry_put_sid(struct cache_entry *centry, const DOM_SID *sid)
539 centry_put_string(centry, sid_to_string(sid_string, sid));
543 start a centry for output. When finished, call centry_end()
545 struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status)
547 struct cache_entry *centry;
552 centry = smb_xmalloc(sizeof(*centry));
554 centry->len = 8192; /* reasonable default */
555 centry->data = smb_xmalloc(centry->len);
557 centry->sequence_number = domain->sequence_number;
558 centry_put_uint32(centry, NT_STATUS_V(status));
559 centry_put_uint32(centry, centry->sequence_number);
564 finish a centry and write it to the tdb
566 static void centry_end(struct cache_entry *centry, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
567 static void centry_end(struct cache_entry *centry, const char *format, ...)
573 va_start(ap, format);
574 smb_xvasprintf(&kstr, format, ap);
578 key.dsize = strlen(kstr);
579 data.dptr = (char *)centry->data;
580 data.dsize = centry->ofs;
582 tdb_store(wcache->tdb, key, data, TDB_REPLACE);
586 static void wcache_save_name_to_sid(struct winbindd_domain *domain,
588 const char *name, DOM_SID *sid,
589 enum SID_NAME_USE type)
591 struct cache_entry *centry;
595 centry = centry_start(domain, status);
598 centry_put_sid(centry, sid);
599 fstrcpy(uname, name);
601 centry_end(centry, "NS/%s", sid_to_string(sid_string, sid));
602 DEBUG(10,("wcache_save_name_to_sid: %s -> %s\n", uname, sid_string));
606 static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS status,
607 DOM_SID *sid, const char *name, enum SID_NAME_USE type)
609 struct cache_entry *centry;
612 centry = centry_start(domain, status);
615 if (NT_STATUS_IS_OK(status)) {
616 centry_put_uint32(centry, type);
617 centry_put_string(centry, name);
619 centry_end(centry, "SN/%s", sid_to_string(sid_string, sid));
620 DEBUG(10,("wcache_save_sid_to_name: %s -> %s\n", sid_string, name));
625 static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WINBIND_USERINFO *info)
627 struct cache_entry *centry;
630 centry = centry_start(domain, status);
633 centry_put_string(centry, info->acct_name);
634 centry_put_string(centry, info->full_name);
635 centry_put_sid(centry, info->user_sid);
636 centry_put_sid(centry, info->group_sid);
637 centry_end(centry, "U/%s", sid_to_string(sid_string, info->user_sid));
638 DEBUG(10,("wcache_save_user: %s (acct_name %s)\n", sid_string, info->acct_name));
643 /* Query display info. This is the basic user list fn */
644 static NTSTATUS query_user_list(struct winbindd_domain *domain,
647 WINBIND_USERINFO **info)
649 struct winbind_cache *cache = get_cache(domain);
650 struct cache_entry *centry = NULL;
652 unsigned int i, retry;
657 centry = wcache_fetch(cache, domain, "UL/%s", domain->name);
661 *num_entries = centry_uint32(centry);
663 if (*num_entries == 0)
666 (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
668 smb_panic("query_user_list out of memory");
669 for (i=0; i<(*num_entries); i++) {
670 (*info)[i].acct_name = centry_string(centry, mem_ctx);
671 (*info)[i].full_name = centry_string(centry, mem_ctx);
672 (*info)[i].user_sid = centry_sid(centry, mem_ctx);
673 (*info)[i].group_sid = centry_sid(centry, mem_ctx);
677 status = centry->status;
679 DEBUG(10,("query_user_list: [Cached] - cached list for domain %s status %s\n",
680 domain->name, get_friendly_nt_error_msg(status) ));
689 /* Return status value returned by seq number check */
691 if (!NT_STATUS_IS_OK(domain->last_status))
692 return domain->last_status;
694 /* Put the query_user_list() in a retry loop. There appears to be
695 * some bug either with Windows 2000 or Samba's handling of large
696 * rpc replies. This manifests itself as sudden disconnection
697 * at a random point in the enumeration of a large (60k) user list.
698 * The retry loop simply tries the operation again. )-: It's not
699 * pretty but an acceptable workaround until we work out what the
700 * real problem is. */
705 DEBUG(10,("query_user_list: [Cached] - doing backend query for list for domain %s\n",
708 status = domain->backend->query_user_list(domain, mem_ctx, num_entries, info);
709 if (!NT_STATUS_IS_OK(status))
710 DEBUG(3, ("query_user_list: returned 0x%08x, retrying\n", NT_STATUS_V(status)));
711 if (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL)) {
712 DEBUG(3, ("query_user_list: flushing connection cache\n"));
716 } while (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) &&
720 refresh_sequence_number(domain, False);
721 centry = centry_start(domain, status);
724 centry_put_uint32(centry, *num_entries);
725 for (i=0; i<(*num_entries); i++) {
726 centry_put_string(centry, (*info)[i].acct_name);
727 centry_put_string(centry, (*info)[i].full_name);
728 centry_put_sid(centry, (*info)[i].user_sid);
729 centry_put_sid(centry, (*info)[i].group_sid);
730 if (domain->backend->consistent) {
731 /* when the backend is consistent we can pre-prime some mappings */
732 wcache_save_name_to_sid(domain, NT_STATUS_OK,
733 (*info)[i].acct_name,
736 wcache_save_sid_to_name(domain, NT_STATUS_OK,
738 (*info)[i].acct_name,
740 wcache_save_user(domain, NT_STATUS_OK, &(*info)[i]);
743 centry_end(centry, "UL/%s", domain->name);
750 /* list all domain groups */
751 static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
754 struct acct_info **info)
756 struct winbind_cache *cache = get_cache(domain);
757 struct cache_entry *centry = NULL;
764 centry = wcache_fetch(cache, domain, "GL/%s/domain", domain->name);
768 *num_entries = centry_uint32(centry);
770 if (*num_entries == 0)
773 (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
775 smb_panic("enum_dom_groups out of memory");
776 for (i=0; i<(*num_entries); i++) {
777 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
778 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
779 (*info)[i].rid = centry_uint32(centry);
783 status = centry->status;
785 DEBUG(10,("enum_dom_groups: [Cached] - cached list for domain %s status %s\n",
786 domain->name, get_friendly_nt_error_msg(status) ));
795 /* Return status value returned by seq number check */
797 if (!NT_STATUS_IS_OK(domain->last_status))
798 return domain->last_status;
800 DEBUG(10,("enum_dom_groups: [Cached] - doing backend query for list for domain %s\n",
803 status = domain->backend->enum_dom_groups(domain, mem_ctx, num_entries, info);
806 refresh_sequence_number(domain, False);
807 centry = centry_start(domain, status);
810 centry_put_uint32(centry, *num_entries);
811 for (i=0; i<(*num_entries); i++) {
812 centry_put_string(centry, (*info)[i].acct_name);
813 centry_put_string(centry, (*info)[i].acct_desc);
814 centry_put_uint32(centry, (*info)[i].rid);
816 centry_end(centry, "GL/%s/domain", domain->name);
823 /* list all domain groups */
824 static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
827 struct acct_info **info)
829 struct winbind_cache *cache = get_cache(domain);
830 struct cache_entry *centry = NULL;
837 centry = wcache_fetch(cache, domain, "GL/%s/local", domain->name);
841 *num_entries = centry_uint32(centry);
843 if (*num_entries == 0)
846 (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
848 smb_panic("enum_dom_groups out of memory");
849 for (i=0; i<(*num_entries); i++) {
850 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
851 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
852 (*info)[i].rid = centry_uint32(centry);
857 /* If we are returning cached data and the domain controller
858 is down then we don't know whether the data is up to date
859 or not. Return NT_STATUS_MORE_PROCESSING_REQUIRED to
862 if (wcache_server_down(domain)) {
863 DEBUG(10, ("enum_local_groups: returning cached user list and server was down\n"));
864 status = NT_STATUS_MORE_PROCESSING_REQUIRED;
866 status = centry->status;
868 DEBUG(10,("enum_local_groups: [Cached] - cached list for domain %s status %s\n",
869 domain->name, get_friendly_nt_error_msg(status) ));
878 /* Return status value returned by seq number check */
880 if (!NT_STATUS_IS_OK(domain->last_status))
881 return domain->last_status;
883 DEBUG(10,("enum_local_groups: [Cached] - doing backend query for list for domain %s\n",
886 status = domain->backend->enum_local_groups(domain, mem_ctx, num_entries, info);
889 refresh_sequence_number(domain, False);
890 centry = centry_start(domain, status);
893 centry_put_uint32(centry, *num_entries);
894 for (i=0; i<(*num_entries); i++) {
895 centry_put_string(centry, (*info)[i].acct_name);
896 centry_put_string(centry, (*info)[i].acct_desc);
897 centry_put_uint32(centry, (*info)[i].rid);
899 centry_end(centry, "GL/%s/local", domain->name);
906 /* convert a single name to a sid in a domain */
907 static NTSTATUS name_to_sid(struct winbindd_domain *domain,
911 enum SID_NAME_USE *type)
913 struct winbind_cache *cache = get_cache(domain);
914 struct cache_entry *centry = NULL;
922 fstrcpy(uname, name);
924 centry = wcache_fetch(cache, domain, "NS/%s/%s", domain->name, uname);
927 *type = (enum SID_NAME_USE)centry_uint32(centry);
928 sid2 = centry_sid(centry, mem_ctx);
935 status = centry->status;
937 DEBUG(10,("name_to_sid: [Cached] - cached name for domain %s status %s\n",
938 domain->name, get_friendly_nt_error_msg(status) ));
946 /* If the seq number check indicated that there is a problem
947 * with this DC, then return that status... except for
948 * access_denied. This is special because the dc may be in
949 * "restrict anonymous = 1" mode, in which case it will deny
950 * most unauthenticated operations, but *will* allow the LSA
951 * name-to-sid that we try as a fallback. */
953 if (!(NT_STATUS_IS_OK(domain->last_status)
954 || NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)))
955 return domain->last_status;
957 DEBUG(10,("name_to_sid: [Cached] - doing backend query for name for domain %s\n",
960 status = domain->backend->name_to_sid(domain, mem_ctx, name, sid, type);
963 wcache_save_name_to_sid(domain, status, name, sid, *type);
965 /* We can't save the sid to name mapping as we don't know the
966 correct case of the name without looking it up */
971 /* convert a sid to a user or group name. The sid is guaranteed to be in the domain
973 static NTSTATUS sid_to_name(struct winbindd_domain *domain,
977 enum SID_NAME_USE *type)
979 struct winbind_cache *cache = get_cache(domain);
980 struct cache_entry *centry = NULL;
987 centry = wcache_fetch(cache, domain, "SN/%s", sid_to_string(sid_string, sid));
990 if (NT_STATUS_IS_OK(centry->status)) {
991 *type = (enum SID_NAME_USE)centry_uint32(centry);
992 *name = centry_string(centry, mem_ctx);
994 status = centry->status;
996 DEBUG(10,("sid_to_name: [Cached] - cached name for domain %s status %s\n",
997 domain->name, get_friendly_nt_error_msg(status) ));
1005 /* If the seq number check indicated that there is a problem
1006 * with this DC, then return that status... except for
1007 * access_denied. This is special because the dc may be in
1008 * "restrict anonymous = 1" mode, in which case it will deny
1009 * most unauthenticated operations, but *will* allow the LSA
1010 * sid-to-name that we try as a fallback. */
1012 if (!(NT_STATUS_IS_OK(domain->last_status)
1013 || NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)))
1014 return domain->last_status;
1016 DEBUG(10,("sid_to_name: [Cached] - doing backend query for name for domain %s\n",
1019 status = domain->backend->sid_to_name(domain, mem_ctx, sid, name, type);
1022 refresh_sequence_number(domain, False);
1023 wcache_save_sid_to_name(domain, status, sid, *name, *type);
1024 wcache_save_name_to_sid(domain, status, *name, sid, *type);
1030 /* Lookup user information from a rid */
1031 static NTSTATUS query_user(struct winbindd_domain *domain,
1032 TALLOC_CTX *mem_ctx,
1034 WINBIND_USERINFO *info)
1036 struct winbind_cache *cache = get_cache(domain);
1037 struct cache_entry *centry = NULL;
1043 centry = wcache_fetch(cache, domain, "U/%s", sid_string_static(user_sid));
1045 /* If we have an access denied cache entry and a cached info3 in the
1046 samlogon cache then do a query. This will force the rpc back end
1047 to return the info3 data. */
1049 if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
1050 netsamlogon_cache_have(user_sid)) {
1051 DEBUG(10, ("query_user: cached access denied and have cached info3\n"));
1052 domain->last_status = NT_STATUS_OK;
1053 centry_free(centry);
1060 info->acct_name = centry_string(centry, mem_ctx);
1061 info->full_name = centry_string(centry, mem_ctx);
1062 info->user_sid = centry_sid(centry, mem_ctx);
1063 info->group_sid = centry_sid(centry, mem_ctx);
1064 status = centry->status;
1066 DEBUG(10,("query_user: [Cached] - cached info for domain %s status %s\n",
1067 domain->name, get_friendly_nt_error_msg(status) ));
1069 centry_free(centry);
1075 /* Return status value returned by seq number check */
1077 if (!NT_STATUS_IS_OK(domain->last_status))
1078 return domain->last_status;
1080 DEBUG(10,("sid_to_name: [Cached] - doing backend query for info for domain %s\n",
1083 status = domain->backend->query_user(domain, mem_ctx, user_sid, info);
1086 refresh_sequence_number(domain, False);
1087 wcache_save_user(domain, status, info);
1093 /* Lookup groups a user is a member of. */
1094 static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
1095 TALLOC_CTX *mem_ctx,
1097 uint32 *num_groups, DOM_SID ***user_gids)
1099 struct winbind_cache *cache = get_cache(domain);
1100 struct cache_entry *centry = NULL;
1108 centry = wcache_fetch(cache, domain, "UG/%s", sid_to_string(sid_string, user_sid));
1110 /* If we have an access denied cache entry and a cached info3 in the
1111 samlogon cache then do a query. This will force the rpc back end
1112 to return the info3 data. */
1114 if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
1115 netsamlogon_cache_have(user_sid)) {
1116 DEBUG(10, ("query_user: cached access denied and have cached info3\n"));
1117 domain->last_status = NT_STATUS_OK;
1118 centry_free(centry);
1125 *num_groups = centry_uint32(centry);
1127 if (*num_groups == 0)
1130 (*user_gids) = talloc(mem_ctx, sizeof(**user_gids) * (*num_groups));
1132 smb_panic("lookup_usergroups out of memory");
1133 for (i=0; i<(*num_groups); i++) {
1134 (*user_gids)[i] = centry_sid(centry, mem_ctx);
1138 status = centry->status;
1140 DEBUG(10,("lookup_usergroups: [Cached] - cached info for domain %s status %s\n",
1141 domain->name, get_friendly_nt_error_msg(status) ));
1143 centry_free(centry);
1148 (*user_gids) = NULL;
1150 /* Return status value returned by seq number check */
1152 if (!NT_STATUS_IS_OK(domain->last_status))
1153 return domain->last_status;
1155 DEBUG(10,("lookup_usergroups: [Cached] - doing backend query for info for domain %s\n",
1158 status = domain->backend->lookup_usergroups(domain, mem_ctx, user_sid, num_groups, user_gids);
1161 refresh_sequence_number(domain, False);
1162 centry = centry_start(domain, status);
1165 centry_put_uint32(centry, *num_groups);
1166 for (i=0; i<(*num_groups); i++) {
1167 centry_put_sid(centry, (*user_gids)[i]);
1169 centry_end(centry, "UG/%s", sid_to_string(sid_string, user_sid));
1170 centry_free(centry);
1177 static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
1178 TALLOC_CTX *mem_ctx,
1179 DOM_SID *group_sid, uint32 *num_names,
1180 DOM_SID ***sid_mem, char ***names,
1181 uint32 **name_types)
1183 struct winbind_cache *cache = get_cache(domain);
1184 struct cache_entry *centry = NULL;
1192 centry = wcache_fetch(cache, domain, "GM/%s", sid_to_string(sid_string, group_sid));
1196 *num_names = centry_uint32(centry);
1198 if (*num_names == 0)
1201 (*sid_mem) = talloc(mem_ctx, sizeof(**sid_mem) * (*num_names));
1202 (*names) = talloc(mem_ctx, sizeof(**names) * (*num_names));
1203 (*name_types) = talloc(mem_ctx, sizeof(**name_types) * (*num_names));
1205 if (! (*sid_mem) || ! (*names) || ! (*name_types)) {
1206 smb_panic("lookup_groupmem out of memory");
1209 for (i=0; i<(*num_names); i++) {
1210 (*sid_mem)[i] = centry_sid(centry, mem_ctx);
1211 (*names)[i] = centry_string(centry, mem_ctx);
1212 (*name_types)[i] = centry_uint32(centry);
1216 status = centry->status;
1218 DEBUG(10,("lookup_groupmem: [Cached] - cached info for domain %s status %s\n",
1219 domain->name, get_friendly_nt_error_msg(status) ));
1221 centry_free(centry);
1228 (*name_types) = NULL;
1230 /* Return status value returned by seq number check */
1232 if (!NT_STATUS_IS_OK(domain->last_status))
1233 return domain->last_status;
1235 DEBUG(10,("lookup_groupmem: [Cached] - doing backend query for info for domain %s\n",
1238 status = domain->backend->lookup_groupmem(domain, mem_ctx, group_sid, num_names,
1239 sid_mem, names, name_types);
1242 refresh_sequence_number(domain, False);
1243 centry = centry_start(domain, status);
1246 centry_put_uint32(centry, *num_names);
1247 for (i=0; i<(*num_names); i++) {
1248 centry_put_sid(centry, (*sid_mem)[i]);
1249 centry_put_string(centry, (*names)[i]);
1250 centry_put_uint32(centry, (*name_types)[i]);
1252 centry_end(centry, "GM/%s", sid_to_string(sid_string, group_sid));
1253 centry_free(centry);
1259 /* find the sequence number for a domain */
1260 static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
1262 refresh_sequence_number(domain, False);
1264 *seq = domain->sequence_number;
1266 return NT_STATUS_OK;
1269 /* enumerate trusted domains */
1270 static NTSTATUS trusted_domains(struct winbindd_domain *domain,
1271 TALLOC_CTX *mem_ctx,
1272 uint32 *num_domains,
1279 DEBUG(10,("trusted_domains: [Cached] - doing backend query for info for domain %s\n",
1282 /* we don't cache this call */
1283 return domain->backend->trusted_domains(domain, mem_ctx, num_domains,
1284 names, alt_names, dom_sids);
1287 /* find the domain sid */
1288 static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid)
1292 DEBUG(10,("domain_sid: [Cached] - doing backend query for info for domain %s\n",
1295 /* we don't cache this call */
1296 return domain->backend->domain_sid(domain, sid);
1299 /* find the alternate names for the domain, if any */
1300 static NTSTATUS alternate_name(struct winbindd_domain *domain)
1304 DEBUG(10,("alternate_name: [Cached] - doing backend query for info for domain %s\n",
1307 /* we don't cache this call */
1308 return domain->backend->alternate_name(domain);
1311 /* Invalidate cached user and group lists coherently */
1313 static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
1316 if (strncmp(kbuf.dptr, "UL/", 3) == 0 ||
1317 strncmp(kbuf.dptr, "GL/", 3) == 0)
1318 tdb_delete(the_tdb, kbuf);
1323 /* Invalidate the getpwnam and getgroups entries for a winbindd domain */
1325 void wcache_invalidate_samlogon(struct winbindd_domain *domain,
1326 NET_USER_INFO_3 *info3)
1328 struct winbind_cache *cache;
1333 cache = get_cache(domain);
1334 netsamlogon_clear_cached_user(cache->tdb, info3);
1337 void wcache_invalidate_cache(void)
1339 struct winbindd_domain *domain;
1341 for (domain = domain_list(); domain; domain = domain->next) {
1342 struct winbind_cache *cache = get_cache(domain);
1344 DEBUG(10, ("wcache_invalidate_cache: invalidating cache "
1345 "entries for %s\n", domain->name));
1347 tdb_traverse(cache->tdb, traverse_fn, NULL);
1351 /* the ADS backend methods are exposed via this structure */
1352 struct winbindd_methods cache_methods = {
git.samba.org / tprouty / samba.git / blob