search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3: smbd: Add some DEVELOPER-only code to panic if the destructor for an aio_lnk...
[Samba.git] / source3 / libsmb / samlogon_cache.c
blobab81b4373a1086fb55370ce9a8f848d157edc599
1 /*
2 Unix SMB/CIFS implementation.
3 Net_sam_logon info3 helpers
4 Copyright (C) Alexander Bokovoy 2002.
5 Copyright (C) Andrew Bartlett 2002.
6 Copyright (C) Gerald Carter 2003.
7 Copyright (C) Tim Potter 2003.
8 Copyright (C) Guenther Deschner 2008.
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "replace.h"
25 #include "samlogon_cache.h"
26 #include "system/filesys.h"
27 #include "system/time.h"
28 #include "lib/util/debug.h"
29 #include "lib/util/talloc_stack.h"
30 #include "lib/util/memory.h" /* for SAFE_FREE() */
31 #include "source3/lib/util_path.h"
32 #include "librpc/gen_ndr/ndr_krb5pac.h"
33 #include "../libcli/security/security.h"
34 #include "util_tdb.h"
35
36 #define NETSAMLOGON_TDB "netsamlogon_cache.tdb"
37
38 static TDB_CONTEXT *netsamlogon_tdb = NULL;
39
40 /***********************************************************************
41 open the tdb
42 ***********************************************************************/
43
44 bool netsamlogon_cache_init(void)
45 {
46 bool first_try = true;
47 char *path = NULL;
48 int ret;
49 struct tdb_context *tdb;
50
51 if (netsamlogon_tdb) {
52 return true;
53 }
54
55 path = cache_path(talloc_tos(), NETSAMLOGON_TDB);
56 if (path == NULL) {
57 return false;
58 }
59 again:
60 tdb = tdb_open_log(path, 0, TDB_DEFAULT|TDB_INCOMPATIBLE_HASH,
61 O_RDWR | O_CREAT, 0600);
62 if (tdb == NULL) {
63 DEBUG(0,("tdb_open_log('%s') - failed\n", path));
64 goto clear;
65 }
66
67 ret = tdb_check(tdb, NULL, NULL);
68 if (ret != 0) {
69 tdb_close(tdb);
70 DEBUG(0,("tdb_check('%s') - failed\n", path));
71 goto clear;
72 }
73
74 netsamlogon_tdb = tdb;
75 talloc_free(path);
76 return true;
77
78 clear:
79 if (!first_try) {
80 talloc_free(path);
81 return false;
82 }
83 first_try = false;
84
85 DEBUG(0,("retry after truncate for '%s'\n", path));
86 ret = truncate(path, 0);
87 if (ret == -1) {
88 DBG_ERR("truncate failed: %s\n", strerror(errno));
89 talloc_free(path);
90 return false;
91 }
92
93 goto again;
94 }
95
96 /***********************************************************************
97 Clear cache getpwnam and getgroups entries from the winbindd cache
98 ***********************************************************************/
99
100 void netsamlogon_clear_cached_user(const struct dom_sid *user_sid)
101 {
102 struct dom_sid_buf keystr;
103
104 if (!netsamlogon_cache_init()) {
105 DEBUG(0,("netsamlogon_clear_cached_user: cannot open "
106 "%s for write!\n",
107 NETSAMLOGON_TDB));
108 return;
109 }
110
111 /* Prepare key as DOMAIN-SID/USER-RID string */
112 dom_sid_str_buf(user_sid, &keystr);
113
114 DBG_DEBUG("SID [%s]\n", keystr.buf);
115
116 tdb_delete_bystring(netsamlogon_tdb, keystr.buf);
117 }
118
119 /***********************************************************************
120 Store a netr_SamInfo3 structure in a tdb for later user
121 username should be in UTF-8 format
122 ***********************************************************************/
123
124 bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3)
125 {
126 uint8_t dummy = 0;
127 TDB_DATA data = { .dptr = &dummy, .dsize = sizeof(dummy) };
128 struct dom_sid_buf keystr;
129 bool result = false;
130 struct dom_sid user_sid;
131 TALLOC_CTX *tmp_ctx = talloc_stackframe();
132 DATA_BLOB blob;
133 enum ndr_err_code ndr_err;
134 struct netsamlogoncache_entry r;
135 int ret;
136
137 if (!info3) {
138 goto fail;
139 }
140
141 if (!netsamlogon_cache_init()) {
142 D_WARNING("netsamlogon_cache_store: cannot open %s for write!\n",
143 NETSAMLOGON_TDB);
144 goto fail;
145 }
146
147 /*
148 * First write a record with just the domain sid for
149 * netsamlogon_cache_domain_known. Use TDB_INSERT to avoid
150 * overwriting potentially other data. We're just interested
151 * in the existence of that record.
152 */
153 dom_sid_str_buf(info3->base.domain_sid, &keystr);
154
155 ret = tdb_store_bystring(netsamlogon_tdb, keystr.buf, data, TDB_INSERT);
156
157 if ((ret == -1) && (tdb_error(netsamlogon_tdb) != TDB_ERR_EXISTS)) {
158 D_WARNING("Could not store domain marker for %s: %s\n",
159 keystr.buf, tdb_errorstr(netsamlogon_tdb));
160 goto fail;
161 }
162
163 sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid);
164
165 /* Prepare key as DOMAIN-SID/USER-RID string */
166 dom_sid_str_buf(&user_sid, &keystr);
167
168 DBG_DEBUG("SID [%s]\n", keystr.buf);
169
170 /* Prepare data */
171
172 if (info3->base.full_name.string == NULL) {
173 struct netr_SamInfo3 *cached_info3;
174 const char *full_name = NULL;
175
176 cached_info3 = netsamlogon_cache_get(tmp_ctx, &user_sid);
177 if (cached_info3 != NULL) {
178 full_name = cached_info3->base.full_name.string;
179 }
180
181 if (full_name != NULL) {
182 info3->base.full_name.string = talloc_strdup(info3, full_name);
183 if (info3->base.full_name.string == NULL) {
184 goto fail;
185 }
186 }
187 }
188
189 /* only Samba fills in the username, not sure why NT doesn't */
190 /* so we fill it in since winbindd_getpwnam() makes use of it */
191
192 if (!info3->base.account_name.string) {
193 info3->base.account_name.string = talloc_strdup(info3, username);
194 if (info3->base.account_name.string == NULL) {
195 goto fail;
196 }
197 }
198
199 r.timestamp = time(NULL);
200 r.info3 = *info3;
201
202 /* avoid storing secret information */
203 ZERO_STRUCT(r.info3.base.key);
204 ZERO_STRUCT(r.info3.base.LMSessKey);
205
206 if (DEBUGLEVEL >= 10) {
207 NDR_PRINT_DEBUG(netsamlogoncache_entry, &r);
208 }
209
210 ndr_err = ndr_push_struct_blob(&blob, tmp_ctx, &r,
211 (ndr_push_flags_fn_t)ndr_push_netsamlogoncache_entry);
212 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
213 DBG_WARNING("failed to push entry to cache: %s\n",
214 ndr_errstr(ndr_err));
215 goto fail;
216 }
217
218 data.dsize = blob.length;
219 data.dptr = blob.data;
220
221 if (tdb_store_bystring(netsamlogon_tdb, keystr.buf, data, TDB_REPLACE) == 0) {
222 result = true;
223 }
224
225 fail:
226 TALLOC_FREE(tmp_ctx);
227 return result;
228 }
229
230 /***********************************************************************
231 Retrieves a netr_SamInfo3 structure from a tdb. Caller must
232 free the user_info struct (talloced memory)
233 ***********************************************************************/
234
235 struct netr_SamInfo3 *netsamlogon_cache_get(TALLOC_CTX *mem_ctx, const struct dom_sid *user_sid)
236 {
237 struct netr_SamInfo3 *info3 = NULL;
238 TDB_DATA data;
239 struct dom_sid_buf keystr;
240 enum ndr_err_code ndr_err;
241 DATA_BLOB blob;
242 struct netsamlogoncache_entry r;
243
244 if (!netsamlogon_cache_init()) {
245 DEBUG(0,("netsamlogon_cache_get: cannot open %s for write!\n",
246 NETSAMLOGON_TDB));
247 return NULL;
248 }
249
250 /* Prepare key as DOMAIN-SID/USER-RID string */
251 dom_sid_str_buf(user_sid, &keystr);
252 DBG_DEBUG("SID [%s]\n", keystr.buf);
253 data = tdb_fetch_bystring( netsamlogon_tdb, keystr.buf );
254
255 if (!data.dptr) {
256 D_DEBUG("tdb fetch for %s is empty\n", keystr.buf);
257 return NULL;
258 }
259
260 info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
261 if (!info3) {
262 goto done;
263 }
264
265 blob = data_blob_const(data.dptr, data.dsize);
266
267 ndr_err = ndr_pull_struct_blob_all(
268 &blob, mem_ctx, &r,
269 (ndr_pull_flags_fn_t)ndr_pull_netsamlogoncache_entry);
270
271 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
272 D_WARNING("netsamlogon_cache_get: failed to pull entry from cache\n");
273 tdb_delete_bystring(netsamlogon_tdb, keystr.buf);
274 TALLOC_FREE(info3);
275 goto done;
276 }
277
278 NDR_PRINT_DEBUG_LEVEL(DBGLVL_DEBUG, netsamlogoncache_entry, &r);
279
280 info3 = (struct netr_SamInfo3 *)talloc_memdup(mem_ctx, &r.info3,
281 sizeof(r.info3));
282
283 done:
284 SAFE_FREE(data.dptr);
285
286 return info3;
287 }
288
289 bool netsamlogon_cache_have(const struct dom_sid *sid)
290 {
291 struct dom_sid_buf keystr;
292 bool ok;
293
294 if (!netsamlogon_cache_init()) {
295 DBG_WARNING("Cannot open %s\n", NETSAMLOGON_TDB);
296 return false;
297 }
298
299 dom_sid_str_buf(sid, &keystr);
300
301 ok = tdb_exists(netsamlogon_tdb, string_term_tdb_data(keystr.buf));
302 return ok;
303 }
304
305 struct netsamlog_cache_forall_state {
306 TALLOC_CTX *mem_ctx;
307 int (*cb)(const char *sid_str,
308 time_t when_cached,
309 struct netr_SamInfo3 *,
310 void *private_data);
311 void *private_data;
312 };
313
314 static int netsamlog_cache_traverse_cb(struct tdb_context *tdb,
315 TDB_DATA key,
316 TDB_DATA data,
317 void *private_data)
318 {
319 struct netsamlog_cache_forall_state *state =
320 (struct netsamlog_cache_forall_state *)private_data;
321 TALLOC_CTX *mem_ctx = NULL;
322 DATA_BLOB blob;
323 const char *sid_str = NULL;
324 struct dom_sid sid;
325 struct netsamlogoncache_entry r;
326 enum ndr_err_code ndr_err;
327 int ret;
328 bool ok;
329
330 if (key.dsize == 0) {
331 return 0;
332 }
333 if (key.dptr[key.dsize - 1] != '\0') {
334 return 0;
335 }
336 if (data.dptr == NULL) {
337 return 0;
338 }
339 sid_str = (char *)key.dptr;
340
341 ok = string_to_sid(&sid, sid_str);
342 if (!ok) {
343 DBG_ERR("String to SID failed for %s\n", sid_str);
344 return -1;
345 }
346
347 if (sid.num_auths != 5) {
348 return 0;
349 }
350
351 mem_ctx = talloc_new(state->mem_ctx);
352 if (mem_ctx == NULL) {
353 return -1;
354 }
355
356 blob = data_blob_const(data.dptr, data.dsize);
357
358 ndr_err = ndr_pull_struct_blob(
359 &blob, state->mem_ctx, &r,
360 (ndr_pull_flags_fn_t)ndr_pull_netsamlogoncache_entry);
361
362 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
363 DBG_ERR("failed to pull entry from cache\n");
364 return -1;
365 }
366
367 ret = state->cb(sid_str, r.timestamp, &r.info3, state->private_data);
368
369 TALLOC_FREE(mem_ctx);
370 return ret;
371 }
372
373 int netsamlog_cache_for_all(int (*cb)(const char *sid_str,
374 time_t when_cached,
375 struct netr_SamInfo3 *,
376 void *private_data),
377 void *private_data)
378 {
379 int ret;
380 TALLOC_CTX *mem_ctx = NULL;
381 struct netsamlog_cache_forall_state state;
382
383 if (!netsamlogon_cache_init()) {
384 DBG_ERR("Cannot open %s\n", NETSAMLOGON_TDB);
385 return -1;
386 }
387
388 mem_ctx = talloc_init("netsamlog_cache_for_all");
389 if (mem_ctx == NULL) {
390 return -1;
391 }
392
393 state = (struct netsamlog_cache_forall_state) {
394 .mem_ctx = mem_ctx,
395 .cb = cb,
396 .private_data = private_data,
397 };
398
399 ret = tdb_traverse_read(netsamlogon_tdb,
400 netsamlog_cache_traverse_cb,
401 &state);
402
403 TALLOC_FREE(state.mem_ctx);
404 return ret;
405 }
Samba GIT mirror