search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
buildtools/wafsamba/samba_abi: always_run helper was deprecated in waf 2.0
[Samba.git] / source3 / libsmb / samlogon_cache.c
blob74e89d7c38bbd260ad42e65bf3caf6b808ab4876
1 /*
2 Unix SMB/CIFS implementation.
3 Net_sam_logon info3 helpers
4 Copyright (C) Alexander Bokovoy 2002.
5 Copyright (C) Andrew Bartlett 2002.
6 Copyright (C) Gerald Carter 2003.
7 Copyright (C) Tim Potter 2003.
8 Copyright (C) Guenther Deschner 2008.
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "replace.h"
25 #include "samlogon_cache.h"
26 #include "system/filesys.h"
27 #include "system/time.h"
28 #include "lib/util/debug.h"
29 #include "lib/util/talloc_stack.h"
30 #include "source3/lib/util_path.h"
31 #include "librpc/gen_ndr/ndr_krb5pac.h"
32 #include "../libcli/security/security.h"
33 #include "util_tdb.h"
34
35 #define NETSAMLOGON_TDB "netsamlogon_cache.tdb"
36
37 static TDB_CONTEXT *netsamlogon_tdb = NULL;
38
39 /***********************************************************************
40 open the tdb
41 ***********************************************************************/
42
43 bool netsamlogon_cache_init(void)
44 {
45 bool first_try = true;
46 char *path = NULL;
47 int ret;
48 struct tdb_context *tdb;
49
50 if (netsamlogon_tdb) {
51 return true;
52 }
53
54 path = cache_path(talloc_tos(), NETSAMLOGON_TDB);
55 if (path == NULL) {
56 return false;
57 }
58 again:
59 tdb = tdb_open_log(path, 0, TDB_DEFAULT|TDB_INCOMPATIBLE_HASH,
60 O_RDWR | O_CREAT, 0600);
61 if (tdb == NULL) {
62 DEBUG(0,("tdb_open_log('%s') - failed\n", path));
63 goto clear;
64 }
65
66 ret = tdb_check(tdb, NULL, NULL);
67 if (ret != 0) {
68 tdb_close(tdb);
69 DEBUG(0,("tdb_check('%s') - failed\n", path));
70 goto clear;
71 }
72
73 netsamlogon_tdb = tdb;
74 talloc_free(path);
75 return true;
76
77 clear:
78 if (!first_try) {
79 talloc_free(path);
80 return false;
81 }
82 first_try = false;
83
84 DEBUG(0,("retry after truncate for '%s'\n", path));
85 ret = truncate(path, 0);
86 if (ret == -1) {
87 DBG_ERR("truncate failed: %s\n", strerror(errno));
88 talloc_free(path);
89 return false;
90 }
91
92 goto again;
93 }
94
95 /***********************************************************************
96 Clear cache getpwnam and getgroups entries from the winbindd cache
97 ***********************************************************************/
98
99 void netsamlogon_clear_cached_user(const struct dom_sid *user_sid)
100 {
101 char keystr[DOM_SID_STR_BUFLEN];
102
103 if (!netsamlogon_cache_init()) {
104 DEBUG(0,("netsamlogon_clear_cached_user: cannot open "
105 "%s for write!\n",
106 NETSAMLOGON_TDB));
107 return;
108 }
109
110 /* Prepare key as DOMAIN-SID/USER-RID string */
111 dom_sid_string_buf(user_sid, keystr, sizeof(keystr));
112
113 DEBUG(10,("netsamlogon_clear_cached_user: SID [%s]\n", keystr));
114
115 tdb_delete_bystring(netsamlogon_tdb, keystr);
116 }
117
118 /***********************************************************************
119 Store a netr_SamInfo3 structure in a tdb for later user
120 username should be in UTF-8 format
121 ***********************************************************************/
122
123 bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3)
124 {
125 uint8_t dummy = 0;
126 TDB_DATA data = { .dptr = &dummy, .dsize = sizeof(dummy) };
127 char keystr[DOM_SID_STR_BUFLEN];
128 bool result = false;
129 struct dom_sid user_sid;
130 TALLOC_CTX *tmp_ctx = talloc_stackframe();
131 DATA_BLOB blob;
132 enum ndr_err_code ndr_err;
133 struct netsamlogoncache_entry r;
134 int ret;
135
136 if (!info3) {
137 return false;
138 }
139
140 if (!netsamlogon_cache_init()) {
141 DEBUG(0,("netsamlogon_cache_store: cannot open %s for write!\n",
142 NETSAMLOGON_TDB));
143 return false;
144 }
145
146 /*
147 * First write a record with just the domain sid for
148 * netsamlogon_cache_domain_known. Use TDB_INSERT to avoid
149 * overwriting potentially other data. We're just interested
150 * in the existence of that record.
151 */
152 dom_sid_string_buf(info3->base.domain_sid, keystr, sizeof(keystr));
153
154 ret = tdb_store_bystring(netsamlogon_tdb, keystr, data, TDB_INSERT);
155
156 if ((ret == -1) && (tdb_error(netsamlogon_tdb) != TDB_ERR_EXISTS)) {
157 DBG_WARNING("Could not store domain marker for %s: %s\n",
158 keystr, tdb_errorstr(netsamlogon_tdb));
159 TALLOC_FREE(tmp_ctx);
160 return false;
161 }
162
163 sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid);
164
165 /* Prepare key as DOMAIN-SID/USER-RID string */
166 dom_sid_string_buf(&user_sid, keystr, sizeof(keystr));
167
168 DEBUG(10,("netsamlogon_cache_store: SID [%s]\n", keystr));
169
170 /* Prepare data */
171
172 if (info3->base.full_name.string == NULL) {
173 struct netr_SamInfo3 *cached_info3;
174 const char *full_name = NULL;
175
176 cached_info3 = netsamlogon_cache_get(tmp_ctx, &user_sid);
177 if (cached_info3 != NULL) {
178 full_name = cached_info3->base.full_name.string;
179 }
180
181 if (full_name != NULL) {
182 info3->base.full_name.string = talloc_strdup(info3, full_name);
183 }
184 }
185
186 /* only Samba fills in the username, not sure why NT doesn't */
187 /* so we fill it in since winbindd_getpwnam() makes use of it */
188
189 if (!info3->base.account_name.string) {
190 info3->base.account_name.string = talloc_strdup(info3, username);
191 }
192
193 r.timestamp = time(NULL);
194 r.info3 = *info3;
195
196 /* avoid storing secret information */
197 ZERO_STRUCT(r.info3.base.key);
198 ZERO_STRUCT(r.info3.base.LMSessKey);
199
200 if (DEBUGLEVEL >= 10) {
201 NDR_PRINT_DEBUG(netsamlogoncache_entry, &r);
202 }
203
204 ndr_err = ndr_push_struct_blob(&blob, tmp_ctx, &r,
205 (ndr_push_flags_fn_t)ndr_push_netsamlogoncache_entry);
206 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
207 DEBUG(0,("netsamlogon_cache_store: failed to push entry to cache\n"));
208 TALLOC_FREE(tmp_ctx);
209 return false;
210 }
211
212 data.dsize = blob.length;
213 data.dptr = blob.data;
214
215 if (tdb_store_bystring(netsamlogon_tdb, keystr, data, TDB_REPLACE) == 0) {
216 result = true;
217 }
218
219 TALLOC_FREE(tmp_ctx);
220
221 return result;
222 }
223
224 /***********************************************************************
225 Retrieves a netr_SamInfo3 structure from a tdb. Caller must
226 free the user_info struct (talloced memory)
227 ***********************************************************************/
228
229 struct netr_SamInfo3 *netsamlogon_cache_get(TALLOC_CTX *mem_ctx, const struct dom_sid *user_sid)
230 {
231 struct netr_SamInfo3 *info3 = NULL;
232 TDB_DATA data;
233 char keystr[DOM_SID_STR_BUFLEN];
234 enum ndr_err_code ndr_err;
235 DATA_BLOB blob;
236 struct netsamlogoncache_entry r;
237
238 if (!netsamlogon_cache_init()) {
239 DEBUG(0,("netsamlogon_cache_get: cannot open %s for write!\n",
240 NETSAMLOGON_TDB));
241 return NULL;
242 }
243
244 /* Prepare key as DOMAIN-SID/USER-RID string */
245 dom_sid_string_buf(user_sid, keystr, sizeof(keystr));
246 DEBUG(10,("netsamlogon_cache_get: SID [%s]\n", keystr));
247 data = tdb_fetch_bystring( netsamlogon_tdb, keystr );
248
249 if (!data.dptr) {
250 return NULL;
251 }
252
253 info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
254 if (!info3) {
255 goto done;
256 }
257
258 blob = data_blob_const(data.dptr, data.dsize);
259
260 ndr_err = ndr_pull_struct_blob_all(
261 &blob, mem_ctx, &r,
262 (ndr_pull_flags_fn_t)ndr_pull_netsamlogoncache_entry);
263
264 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
265 DEBUG(0,("netsamlogon_cache_get: failed to pull entry from cache\n"));
266 tdb_delete_bystring(netsamlogon_tdb, keystr);
267 TALLOC_FREE(info3);
268 goto done;
269 }
270
271 if (DEBUGLEVEL >= 10) {
272 NDR_PRINT_DEBUG(netsamlogoncache_entry, &r);
273 }
274
275 info3 = (struct netr_SamInfo3 *)talloc_memdup(mem_ctx, &r.info3,
276 sizeof(r.info3));
277
278 done:
279 SAFE_FREE(data.dptr);
280
281 return info3;
282 }
283
284 bool netsamlogon_cache_have(const struct dom_sid *sid)
285 {
286 char keystr[DOM_SID_STR_BUFLEN];
287 bool ok;
288
289 if (!netsamlogon_cache_init()) {
290 DBG_WARNING("Cannot open %s\n", NETSAMLOGON_TDB);
291 return false;
292 }
293
294 dom_sid_string_buf(sid, keystr, sizeof(keystr));
295
296 ok = tdb_exists(netsamlogon_tdb, string_term_tdb_data(keystr));
297 return ok;
298 }
299
300 struct netsamlog_cache_forall_state {
301 TALLOC_CTX *mem_ctx;
302 int (*cb)(const char *sid_str,
303 time_t when_cached,
304 struct netr_SamInfo3 *,
305 void *private_data);
306 void *private_data;
307 };
308
309 static int netsamlog_cache_traverse_cb(struct tdb_context *tdb,
310 TDB_DATA key,
311 TDB_DATA data,
312 void *private_data)
313 {
314 struct netsamlog_cache_forall_state *state =
315 (struct netsamlog_cache_forall_state *)private_data;
316 TALLOC_CTX *mem_ctx = NULL;
317 DATA_BLOB blob;
318 const char *sid_str = NULL;
319 struct dom_sid sid;
320 struct netsamlogoncache_entry r;
321 enum ndr_err_code ndr_err;
322 int ret;
323 bool ok;
324
325 if (key.dsize == 0) {
326 return 0;
327 }
328 if (key.dptr[key.dsize - 1] != '\0') {
329 return 0;
330 }
331 if (data.dptr == NULL) {
332 return 0;
333 }
334 sid_str = (char *)key.dptr;
335
336 ok = string_to_sid(&sid, sid_str);
337 if (!ok) {
338 DBG_ERR("String to SID failed for %s\n", sid_str);
339 return -1;
340 }
341
342 if (sid.num_auths != 5) {
343 return 0;
344 }
345
346 mem_ctx = talloc_new(state->mem_ctx);
347 if (mem_ctx == NULL) {
348 return -1;
349 }
350
351 blob = data_blob_const(data.dptr, data.dsize);
352
353 ndr_err = ndr_pull_struct_blob(
354 &blob, state->mem_ctx, &r,
355 (ndr_pull_flags_fn_t)ndr_pull_netsamlogoncache_entry);
356
357 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
358 DBG_ERR("failed to pull entry from cache\n");
359 return -1;
360 }
361
362 ret = state->cb(sid_str, r.timestamp, &r.info3, state->private_data);
363
364 TALLOC_FREE(mem_ctx);
365 return ret;
366 }
367
368 int netsamlog_cache_for_all(int (*cb)(const char *sid_str,
369 time_t when_cached,
370 struct netr_SamInfo3 *,
371 void *private_data),
372 void *private_data)
373 {
374 int ret;
375 TALLOC_CTX *mem_ctx = NULL;
376 struct netsamlog_cache_forall_state state;
377
378 if (!netsamlogon_cache_init()) {
379 DBG_ERR("Cannot open %s\n", NETSAMLOGON_TDB);
380 return -1;
381 }
382
383 mem_ctx = talloc_init("netsamlog_cache_for_all");
384 if (mem_ctx == NULL) {
385 return -1;
386 }
387
388 state = (struct netsamlog_cache_forall_state) {
389 .mem_ctx = mem_ctx,
390 .cb = cb,
391 .private_data = private_data,
392 };
393
394 ret = tdb_traverse_read(netsamlogon_tdb,
395 netsamlog_cache_traverse_cb,
396 &state);
397
398 TALLOC_FREE(state.mem_ctx);
399 return ret;
400 }
Samba GIT mirror