source3/libsmb/samlogon_cache.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Net_sam_logon info3 helpers
   4    Copyright (C) Alexander Bokovoy              2002.
   5    Copyright (C) Andrew Bartlett                2002.
   6    Copyright (C) Gerald Carter                  2003.
   7    Copyright (C) Tim Potter                     2003.
   8    Copyright (C) Guenther Deschner              2008.
   9
  10    This program is free software; you can redistribute it and/or modify
  11    it under the terms of the GNU General Public License as published by
  12    the Free Software Foundation; either version 3 of the License, or
  13    (at your option) any later version.
  14
  15    This program is distributed in the hope that it will be useful,
  16    but WITHOUT ANY WARRANTY; without even the implied warranty of
  17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18    GNU General Public License for more details.
  19
  20    You should have received a copy of the GNU General Public License
  21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  22 */
  23
  24 #include "includes.h"
  25 #include "librpc/gen_ndr/ndr_krb5pac.h"
  26 #include "../libcli/security/security.h"
  27
  28 #define NETSAMLOGON_TDB "netsamlogon_cache.tdb"
  29
  30 static TDB_CONTEXT *netsamlogon_tdb = NULL;
  31
  32 /***********************************************************************
  33  open the tdb
  34  ***********************************************************************/
  35
  36 bool netsamlogon_cache_init(void)
  37 {
  38         bool first_try = true;
  39         const char *path = NULL;
  40         int ret;
  41         struct tdb_context *tdb;
  42
  43         if (netsamlogon_tdb) {
  44                 return true;
  45         }
  46
  47         path = cache_path(NETSAMLOGON_TDB);
  48 again:
  49         tdb = tdb_open_log(path, 0, TDB_DEFAULT|TDB_INCOMPATIBLE_HASH,
  50                            O_RDWR | O_CREAT, 0600);
  51         if (tdb == NULL) {
  52                 DEBUG(0,("tdb_open_log('%s') - failed\n", path));
  53                 goto clear;
  54         }
  55
  56         ret = tdb_check(tdb, NULL, NULL);
  57         if (ret != 0) {
  58                 tdb_close(tdb);
  59                 DEBUG(0,("tdb_check('%s') - failed\n", path));
  60                 goto clear;
  61         }
  62
  63         netsamlogon_tdb = tdb;
  64         return true;
  65
  66 clear:
  67         if (!first_try) {
  68                 return false;
  69         }
  70         first_try = false;
  71
  72         DEBUG(0,("retry after CLEAR_IF_FIRST for '%s'\n", path));
  73         tdb = tdb_open_log(path, 0, TDB_CLEAR_IF_FIRST|TDB_INCOMPATIBLE_HASH,
  74                            O_RDWR | O_CREAT, 0600);
  75         if (tdb) {
  76                 tdb_close(tdb);
  77                 goto again;
  78         }
  79         DEBUG(0,("tdb_open_log(%s) with CLEAR_IF_FIRST - failed\n", path));
  80
  81         return false;
  82 }
  83
  84
  85 /***********************************************************************
  86  Shutdown samlogon_cache database
  87 ***********************************************************************/
  88
  89 bool netsamlogon_cache_shutdown(void)
  90 {
  91         if (netsamlogon_tdb) {
  92                 return (tdb_close(netsamlogon_tdb) == 0);
  93         }
  94
  95         return true;
  96 }
  97
  98 /***********************************************************************
  99  Clear cache getpwnam and getgroups entries from the winbindd cache
 100 ***********************************************************************/
 101
 102 void netsamlogon_clear_cached_user(const struct dom_sid *user_sid)
 103 {
 104         fstring keystr;
 105
 106         if (!netsamlogon_cache_init()) {
 107                 DEBUG(0,("netsamlogon_clear_cached_user: cannot open "
 108                         "%s for write!\n",
 109                         NETSAMLOGON_TDB));
 110                 return;
 111         }
 112
 113         /* Prepare key as DOMAIN-SID/USER-RID string */
 114         sid_to_fstring(keystr, user_sid);
 115
 116         DEBUG(10,("netsamlogon_clear_cached_user: SID [%s]\n", keystr));
 117
 118         tdb_delete_bystring(netsamlogon_tdb, keystr);
 119 }
 120
 121 /***********************************************************************
 122  Store a netr_SamInfo3 structure in a tdb for later user
 123  username should be in UTF-8 format
 124 ***********************************************************************/
 125
 126 bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3)
 127 {
 128         TDB_DATA data;
 129         fstring keystr;
 130         bool result = false;
 131         struct dom_sid  user_sid;
 132         time_t t = time(NULL);
 133         TALLOC_CTX *mem_ctx;
 134         DATA_BLOB blob;
 135         enum ndr_err_code ndr_err;
 136         struct netsamlogoncache_entry r;
 137
 138         if (!info3) {
 139                 return false;
 140         }
 141
 142         if (!netsamlogon_cache_init()) {
 143                 DEBUG(0,("netsamlogon_cache_store: cannot open %s for write!\n",
 144                         NETSAMLOGON_TDB));
 145                 return false;
 146         }
 147
 148         sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid);
 149
 150         /* Prepare key as DOMAIN-SID/USER-RID string */
 151         sid_to_fstring(keystr, &user_sid);
 152
 153         DEBUG(10,("netsamlogon_cache_store: SID [%s]\n", keystr));
 154
 155         /* Prepare data */
 156
 157         if (!(mem_ctx = TALLOC_P( NULL, int))) {
 158                 DEBUG(0,("netsamlogon_cache_store: talloc() failed!\n"));
 159                 return false;
 160         }
 161
 162         /* only Samba fills in the username, not sure why NT doesn't */
 163         /* so we fill it in since winbindd_getpwnam() makes use of it */
 164
 165         if (!info3->base.account_name.string) {
 166                 info3->base.account_name.string = talloc_strdup(info3, username);
 167         }
 168
 169         r.timestamp = t;
 170         r.info3 = *info3;
 171
 172         if (DEBUGLEVEL >= 10) {
 173                 NDR_PRINT_DEBUG(netsamlogoncache_entry, &r);
 174         }
 175
 176         ndr_err = ndr_push_struct_blob(&blob, mem_ctx, &r,
 177                                        (ndr_push_flags_fn_t)ndr_push_netsamlogoncache_entry);
 178         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 179                 DEBUG(0,("netsamlogon_cache_store: failed to push entry to cache\n"));
 180                 TALLOC_FREE(mem_ctx);
 181                 return false;
 182         }
 183
 184         data.dsize = blob.length;
 185         data.dptr = blob.data;
 186
 187         if (tdb_store_bystring(netsamlogon_tdb, keystr, data, TDB_REPLACE) != -1) {
 188                 result = true;
 189         }
 190
 191         TALLOC_FREE(mem_ctx);
 192
 193         return result;
 194 }
 195
 196 /***********************************************************************
 197  Retrieves a netr_SamInfo3 structure from a tdb.  Caller must
 198  free the user_info struct (malloc()'d memory)
 199 ***********************************************************************/
 200
 201 struct netr_SamInfo3 *netsamlogon_cache_get(TALLOC_CTX *mem_ctx, const struct dom_sid *user_sid)
 202 {
 203         struct netr_SamInfo3 *info3 = NULL;
 204         TDB_DATA data;
 205         fstring keystr, tmp;
 206         enum ndr_err_code ndr_err;
 207         DATA_BLOB blob;
 208         struct netsamlogoncache_entry r;
 209
 210         if (!netsamlogon_cache_init()) {
 211                 DEBUG(0,("netsamlogon_cache_get: cannot open %s for write!\n",
 212                         NETSAMLOGON_TDB));
 213                 return false;
 214         }
 215
 216         /* Prepare key as DOMAIN-SID/USER-RID string */
 217         slprintf(keystr, sizeof(keystr), "%s", sid_to_fstring(tmp, user_sid));
 218         DEBUG(10,("netsamlogon_cache_get: SID [%s]\n", keystr));
 219         data = tdb_fetch_bystring( netsamlogon_tdb, keystr );
 220
 221         if (!data.dptr) {
 222                 return NULL;
 223         }
 224
 225         info3 = TALLOC_ZERO_P(mem_ctx, struct netr_SamInfo3);
 226         if (!info3) {
 227                 goto done;
 228         }
 229
 230         blob = data_blob_const(data.dptr, data.dsize);
 231
 232         ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, &r,
 233                                       (ndr_pull_flags_fn_t)ndr_pull_netsamlogoncache_entry);
 234
 235         if (DEBUGLEVEL >= 10) {
 236                 NDR_PRINT_DEBUG(netsamlogoncache_entry, &r);
 237         }
 238
 239         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 240                 DEBUG(0,("netsamlogon_cache_get: failed to pull entry from cache\n"));
 241                 tdb_delete(netsamlogon_tdb, data);
 242                 TALLOC_FREE(info3);
 243                 goto done;
 244         }
 245
 246         info3 = (struct netr_SamInfo3 *)talloc_memdup(mem_ctx, &r.info3,
 247                                                       sizeof(r.info3));
 248
 249  done:
 250         SAFE_FREE(data.dptr);
 251
 252         return info3;
 253
 254 #if 0   /* The netsamlogon cache needs to hang around.  Something about
 255            this feels wrong, but it is the only way we can get all of the
 256            groups.  The old universal groups cache didn't expire either.
 257            --jerry */
 258         {
 259                 time_t          now = time(NULL);
 260                 uint32          time_diff;
 261
 262                 /* is the entry expired? */
 263                 time_diff = now - t;
 264
 265                 if ( (time_diff < 0 ) || (time_diff > lp_winbind_cache_time()) ) {
 266                         DEBUG(10,("netsamlogon_cache_get: cache entry expired \n"));
 267                         tdb_delete( netsamlogon_tdb, key );
 268                         TALLOC_FREE( user );
 269                 }
 270         }
 271 #endif
 272 }
 273
 274 bool netsamlogon_cache_have(const struct dom_sid *user_sid)
 275 {
 276         TALLOC_CTX *mem_ctx = talloc_init("netsamlogon_cache_have");
 277         struct netr_SamInfo3 *info3 = NULL;
 278         bool result;
 279
 280         if (!mem_ctx)
 281                 return False;
 282
 283         info3 = netsamlogon_cache_get(mem_ctx, user_sid);
 284
 285         result = (info3 != NULL);
 286
 287         talloc_destroy(mem_ctx);
 288
 289         return result;
 290 }