search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:winbind: Factor out wcache_store_seqnum()
[Samba/aatanasov.git] / source3 / winbindd / winbindd_cache.c
blobcc1f095919c6e4a4fd82b48f3faeb23f17b4aa27
1 /*
2 Unix SMB/CIFS implementation.
3
4 Winbind cache backend functions
5
6 Copyright (C) Andrew Tridgell 2001
7 Copyright (C) Gerald Carter 2003-2007
8 Copyright (C) Volker Lendecke 2005
9 Copyright (C) Guenther Deschner 2005
10 Copyright (C) Michael Adam 2007
11
12 This program is free software; you can redistribute it and/or modify
13 it under the terms of the GNU General Public License as published by
14 the Free Software Foundation; either version 3 of the License, or
15 (at your option) any later version.
16
17 This program is distributed in the hope that it will be useful,
18 but WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 GNU General Public License for more details.
21
22 You should have received a copy of the GNU General Public License
23 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 */
25
26 #include "includes.h"
27 #include "winbindd.h"
28 #include "tdb_validate.h"
29 #include "../libcli/auth/libcli_auth.h"
30
31 #undef DBGC_CLASS
32 #define DBGC_CLASS DBGC_WINBIND
33
34 #define WINBINDD_CACHE_VERSION 1
35 #define WINBINDD_CACHE_VERSION_KEYSTR "WINBINDD_CACHE_VERSION"
36
37 extern struct winbindd_methods reconnect_methods;
38 #ifdef HAVE_ADS
39 extern struct winbindd_methods ads_methods;
40 #endif
41 extern struct winbindd_methods builtin_passdb_methods;
42
43 /*
44 * JRA. KEEP THIS LIST UP TO DATE IF YOU ADD CACHE ENTRIES.
45 * Here are the list of entry types that are *not* stored
46 * as form struct cache_entry in the cache.
47 */
48
49 static const char *non_centry_keys[] = {
50 "SEQNUM/",
51 "DR/",
52 "DE/",
53 "WINBINDD_OFFLINE",
54 WINBINDD_CACHE_VERSION_KEYSTR,
55 NULL
56 };
57
58 /************************************************************************
59 Is this key a non-centry type ?
60 ************************************************************************/
61
62 static bool is_non_centry_key(TDB_DATA kbuf)
63 {
64 int i;
65
66 if (kbuf.dptr == NULL || kbuf.dsize == 0) {
67 return false;
68 }
69 for (i = 0; non_centry_keys[i] != NULL; i++) {
70 size_t namelen = strlen(non_centry_keys[i]);
71 if (kbuf.dsize < namelen) {
72 continue;
73 }
74 if (strncmp(non_centry_keys[i], (const char *)kbuf.dptr, namelen) == 0) {
75 return true;
76 }
77 }
78 return false;
79 }
80
81 /* Global online/offline state - False when online. winbindd starts up online
82 and sets this to true if the first query fails and there's an entry in
83 the cache tdb telling us to stay offline. */
84
85 static bool global_winbindd_offline_state;
86
87 struct winbind_cache {
88 TDB_CONTEXT *tdb;
89 };
90
91 struct cache_entry {
92 NTSTATUS status;
93 uint32 sequence_number;
94 uint8 *data;
95 uint32 len, ofs;
96 };
97
98 void (*smb_panic_fn)(const char *const why) = smb_panic;
99
100 #define WINBINDD_MAX_CACHE_SIZE (50*1024*1024)
101
102 static struct winbind_cache *wcache;
103
104 void winbindd_check_cache_size(time_t t)
105 {
106 static time_t last_check_time;
107 struct stat st;
108
109 if (last_check_time == (time_t)0)
110 last_check_time = t;
111
112 if (t - last_check_time < 60 && t - last_check_time > 0)
113 return;
114
115 if (wcache == NULL || wcache->tdb == NULL) {
116 DEBUG(0, ("Unable to check size of tdb cache - cache not open !\n"));
117 return;
118 }
119
120 if (fstat(tdb_fd(wcache->tdb), &st) == -1) {
121 DEBUG(0, ("Unable to check size of tdb cache %s!\n", strerror(errno) ));
122 return;
123 }
124
125 if (st.st_size > WINBINDD_MAX_CACHE_SIZE) {
126 DEBUG(10,("flushing cache due to size (%lu) > (%lu)\n",
127 (unsigned long)st.st_size,
128 (unsigned long)WINBINDD_MAX_CACHE_SIZE));
129 wcache_flush_cache();
130 }
131 }
132
133 /* get the winbind_cache structure */
134 static struct winbind_cache *get_cache(struct winbindd_domain *domain)
135 {
136 struct winbind_cache *ret = wcache;
137
138 /* We have to know what type of domain we are dealing with first. */
139
140 if (domain->internal) {
141 domain->backend = &builtin_passdb_methods;
142 domain->initialized = True;
143 }
144 if ( !domain->initialized ) {
145 init_dc_connection( domain );
146 }
147
148 /*
149 OK. listen up becasue I'm only going to say this once.
150 We have the following scenarios to consider
151 (a) trusted AD domains on a Samba DC,
152 (b) trusted AD domains and we are joined to a non-kerberos domain
153 (c) trusted AD domains and we are joined to a kerberos (AD) domain
154
155 For (a) we can always contact the trusted domain using krb5
156 since we have the domain trust account password
157
158 For (b) we can only use RPC since we have no way of
159 getting a krb5 ticket in our own domain
160
161 For (c) we can always use krb5 since we have a kerberos trust
162
163 --jerry
164 */
165
166 if (!domain->backend) {
167 #ifdef HAVE_ADS
168 struct winbindd_domain *our_domain = domain;
169
170 /* find our domain first so we can figure out if we
171 are joined to a kerberized domain */
172
173 if ( !domain->primary )
174 our_domain = find_our_domain();
175
176 if ((our_domain->active_directory || IS_DC)
177 && domain->active_directory
178 && !lp_winbind_rpc_only()) {
179 DEBUG(5,("get_cache: Setting ADS methods for domain %s\n", domain->name));
180 domain->backend = &ads_methods;
181 } else {
182 #endif /* HAVE_ADS */
183 DEBUG(5,("get_cache: Setting MS-RPC methods for domain %s\n", domain->name));
184 domain->backend = &reconnect_methods;
185 #ifdef HAVE_ADS
186 }
187 #endif /* HAVE_ADS */
188 }
189
190 if (ret)
191 return ret;
192
193 ret = SMB_XMALLOC_P(struct winbind_cache);
194 ZERO_STRUCTP(ret);
195
196 wcache = ret;
197 wcache_flush_cache();
198
199 return ret;
200 }
201
202 /*
203 free a centry structure
204 */
205 static void centry_free(struct cache_entry *centry)
206 {
207 if (!centry)
208 return;
209 SAFE_FREE(centry->data);
210 free(centry);
211 }
212
213 static bool centry_check_bytes(struct cache_entry *centry, size_t nbytes)
214 {
215 if (centry->len - centry->ofs < nbytes) {
216 DEBUG(0,("centry corruption? needed %u bytes, have %d\n",
217 (unsigned int)nbytes,
218 centry->len - centry->ofs));
219 return false;
220 }
221 return true;
222 }
223
224 /*
225 pull a uint32 from a cache entry
226 */
227 static uint32 centry_uint32(struct cache_entry *centry)
228 {
229 uint32 ret;
230
231 if (!centry_check_bytes(centry, 4)) {
232 smb_panic_fn("centry_uint32");
233 }
234 ret = IVAL(centry->data, centry->ofs);
235 centry->ofs += 4;
236 return ret;
237 }
238
239 /*
240 pull a uint16 from a cache entry
241 */
242 static uint16 centry_uint16(struct cache_entry *centry)
243 {
244 uint16 ret;
245 if (!centry_check_bytes(centry, 2)) {
246 smb_panic_fn("centry_uint16");
247 }
248 ret = CVAL(centry->data, centry->ofs);
249 centry->ofs += 2;
250 return ret;
251 }
252
253 /*
254 pull a uint8 from a cache entry
255 */
256 static uint8 centry_uint8(struct cache_entry *centry)
257 {
258 uint8 ret;
259 if (!centry_check_bytes(centry, 1)) {
260 smb_panic_fn("centry_uint8");
261 }
262 ret = CVAL(centry->data, centry->ofs);
263 centry->ofs += 1;
264 return ret;
265 }
266
267 /*
268 pull a NTTIME from a cache entry
269 */
270 static NTTIME centry_nttime(struct cache_entry *centry)
271 {
272 NTTIME ret;
273 if (!centry_check_bytes(centry, 8)) {
274 smb_panic_fn("centry_nttime");
275 }
276 ret = IVAL(centry->data, centry->ofs);
277 centry->ofs += 4;
278 ret += (uint64_t)IVAL(centry->data, centry->ofs) << 32;
279 centry->ofs += 4;
280 return ret;
281 }
282
283 /*
284 pull a time_t from a cache entry. time_t stored portably as a 64-bit time.
285 */
286 static time_t centry_time(struct cache_entry *centry)
287 {
288 return (time_t)centry_nttime(centry);
289 }
290
291 /* pull a string from a cache entry, using the supplied
292 talloc context
293 */
294 static char *centry_string(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
295 {
296 uint32 len;
297 char *ret;
298
299 len = centry_uint8(centry);
300
301 if (len == 0xFF) {
302 /* a deliberate NULL string */
303 return NULL;
304 }
305
306 if (!centry_check_bytes(centry, (size_t)len)) {
307 smb_panic_fn("centry_string");
308 }
309
310 ret = TALLOC_ARRAY(mem_ctx, char, len+1);
311 if (!ret) {
312 smb_panic_fn("centry_string out of memory\n");
313 }
314 memcpy(ret,centry->data + centry->ofs, len);
315 ret[len] = 0;
316 centry->ofs += len;
317 return ret;
318 }
319
320 /* pull a hash16 from a cache entry, using the supplied
321 talloc context
322 */
323 static char *centry_hash16(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
324 {
325 uint32 len;
326 char *ret;
327
328 len = centry_uint8(centry);
329
330 if (len != 16) {
331 DEBUG(0,("centry corruption? hash len (%u) != 16\n",
332 len ));
333 return NULL;
334 }
335
336 if (!centry_check_bytes(centry, 16)) {
337 return NULL;
338 }
339
340 ret = TALLOC_ARRAY(mem_ctx, char, 16);
341 if (!ret) {
342 smb_panic_fn("centry_hash out of memory\n");
343 }
344 memcpy(ret,centry->data + centry->ofs, 16);
345 centry->ofs += 16;
346 return ret;
347 }
348
349 /* pull a sid from a cache entry, using the supplied
350 talloc context
351 */
352 static bool centry_sid(struct cache_entry *centry, struct dom_sid *sid)
353 {
354 char *sid_string;
355 bool ret;
356
357 sid_string = centry_string(centry, talloc_tos());
358 if (sid_string == NULL) {
359 return false;
360 }
361 ret = string_to_sid(sid, sid_string);
362 TALLOC_FREE(sid_string);
363 return ret;
364 }
365
366
367 /*
368 pull a NTSTATUS from a cache entry
369 */
370 static NTSTATUS centry_ntstatus(struct cache_entry *centry)
371 {
372 NTSTATUS status;
373
374 status = NT_STATUS(centry_uint32(centry));
375 return status;
376 }
377
378
379 /* the server is considered down if it can't give us a sequence number */
380 static bool wcache_server_down(struct winbindd_domain *domain)
381 {
382 bool ret;
383
384 if (!wcache->tdb)
385 return false;
386
387 ret = (domain->sequence_number == DOM_SEQUENCE_NONE);
388
389 if (ret)
390 DEBUG(10,("wcache_server_down: server for Domain %s down\n",
391 domain->name ));
392 return ret;
393 }
394
395 static bool wcache_fetch_seqnum(const char *domain_name, uint32_t *seqnum,
396 uint32_t *last_seq_check)
397 {
398 char *key;
399 TDB_DATA data;
400
401 if (wcache->tdb == NULL) {
402 DEBUG(10,("wcache_fetch_seqnum: tdb == NULL\n"));
403 return false;
404 }
405
406 key = talloc_asprintf(talloc_tos(), "SEQNUM/%s", domain_name);
407 if (key == NULL) {
408 DEBUG(10, ("talloc failed\n"));
409 return false;
410 }
411
412 data = tdb_fetch_bystring(wcache->tdb, key);
413 TALLOC_FREE(key);
414
415 if (data.dptr == NULL) {
416 DEBUG(10, ("wcache_fetch_seqnum: %s not found\n",
417 domain_name));
418 return false;
419 }
420 if (data.dsize != 8) {
421 DEBUG(10, ("wcache_fetch_seqnum: invalid data size %d\n",
422 (int)data.dsize));
423 SAFE_FREE(data.dptr);
424 return false;
425 }
426
427 *seqnum = IVAL(data.dptr, 0);
428 *last_seq_check = IVAL(data.dptr, 4);
429 SAFE_FREE(data.dptr);
430
431 return true;
432 }
433
434 static NTSTATUS fetch_cache_seqnum( struct winbindd_domain *domain, time_t now )
435 {
436 uint32 last_check, time_diff;
437
438 if (!wcache_fetch_seqnum(domain->name, &domain->sequence_number,
439 &last_check)) {
440 return NT_STATUS_UNSUCCESSFUL;
441 }
442 domain->last_seq_check = last_check;
443
444 /* have we expired? */
445
446 time_diff = now - domain->last_seq_check;
447 if ( time_diff > lp_winbind_cache_time() ) {
448 DEBUG(10,("fetch_cache_seqnum: timeout [%s][%u @ %u]\n",
449 domain->name, domain->sequence_number,
450 (uint32)domain->last_seq_check));
451 return NT_STATUS_UNSUCCESSFUL;
452 }
453
454 DEBUG(10,("fetch_cache_seqnum: success [%s][%u @ %u]\n",
455 domain->name, domain->sequence_number,
456 (uint32)domain->last_seq_check));
457
458 return NT_STATUS_OK;
459 }
460
461 bool wcache_store_seqnum(const char *domain_name, uint32_t seqnum,
462 time_t last_seq_check)
463 {
464 char *key_str;
465 uint8_t buf[8];
466 int ret;
467
468 if (wcache->tdb == NULL) {
469 DEBUG(10, ("wcache_store_seqnum: wcache->tdb == NULL\n"));
470 return false;
471 }
472
473 key_str = talloc_asprintf(talloc_tos(), "SEQNUM/%s", domain_name);
474 if (key_str == NULL) {
475 DEBUG(10, ("talloc_asprintf failed\n"));
476 return false;
477 }
478
479 SIVAL(buf, 0, seqnum);
480 SIVAL(buf, 4, last_seq_check);
481
482 ret = tdb_store_bystring(wcache->tdb, key_str,
483 make_tdb_data(buf, sizeof(buf)), TDB_REPLACE);
484 TALLOC_FREE(key_str);
485 if (ret == -1) {
486 DEBUG(10, ("tdb_store_bystring failed: %s\n",
487 tdb_errorstr(wcache->tdb)));
488 TALLOC_FREE(key_str);
489 return false;
490 }
491
492 DEBUG(10, ("wcache_store_seqnum: success [%s][%u @ %u]\n",
493 domain_name, seqnum, (unsigned)last_seq_check));
494
495 return true;
496 }
497
498 static bool store_cache_seqnum( struct winbindd_domain *domain )
499 {
500 return wcache_store_seqnum(domain->name, domain->sequence_number,
501 domain->last_seq_check);
502 }
503
504 /*
505 refresh the domain sequence number. If force is true
506 then always refresh it, no matter how recently we fetched it
507 */
508
509 static void refresh_sequence_number(struct winbindd_domain *domain, bool force)
510 {
511 NTSTATUS status;
512 unsigned time_diff;
513 time_t t = time(NULL);
514 unsigned cache_time = lp_winbind_cache_time();
515
516 if ( IS_DOMAIN_OFFLINE(domain) ) {
517 return;
518 }
519
520 get_cache( domain );
521
522 #if 0 /* JERRY -- disable as the default cache time is now 5 minutes */
523 /* trying to reconnect is expensive, don't do it too often */
524 if (domain->sequence_number == DOM_SEQUENCE_NONE) {
525 cache_time *= 8;
526 }
527 #endif
528
529 time_diff = t - domain->last_seq_check;
530
531 /* see if we have to refetch the domain sequence number */
532 if (!force && (time_diff < cache_time) &&
533 (domain->sequence_number != DOM_SEQUENCE_NONE) &&
534 NT_STATUS_IS_OK(domain->last_status)) {
535 DEBUG(10, ("refresh_sequence_number: %s time ok\n", domain->name));
536 goto done;
537 }
538
539 /* try to get the sequence number from the tdb cache first */
540 /* this will update the timestamp as well */
541
542 status = fetch_cache_seqnum( domain, t );
543 if (NT_STATUS_IS_OK(status) &&
544 (domain->sequence_number != DOM_SEQUENCE_NONE) &&
545 NT_STATUS_IS_OK(domain->last_status)) {
546 goto done;
547 }
548
549 /* important! make sure that we know if this is a native
550 mode domain or not. And that we can contact it. */
551
552 if ( winbindd_can_contact_domain( domain ) ) {
553 status = domain->backend->sequence_number(domain,
554 &domain->sequence_number);
555 } else {
556 /* just use the current time */
557 status = NT_STATUS_OK;
558 domain->sequence_number = time(NULL);
559 }
560
561
562 /* the above call could have set our domain->backend to NULL when
563 * coming from offline to online mode, make sure to reinitialize the
564 * backend - Guenther */
565 get_cache( domain );
566
567 if (!NT_STATUS_IS_OK(status)) {
568 DEBUG(10,("refresh_sequence_number: failed with %s\n", nt_errstr(status)));
569 domain->sequence_number = DOM_SEQUENCE_NONE;
570 }
571
572 domain->last_status = status;
573 domain->last_seq_check = time(NULL);
574
575 /* save the new sequence number in the cache */
576 store_cache_seqnum( domain );
577
578 done:
579 DEBUG(10, ("refresh_sequence_number: %s seq number is now %d\n",
580 domain->name, domain->sequence_number));
581
582 return;
583 }
584
585 /*
586 decide if a cache entry has expired
587 */
588 static bool centry_expired(struct winbindd_domain *domain, const char *keystr, struct cache_entry *centry)
589 {
590 /* If we've been told to be offline - stay in that state... */
591 if (lp_winbind_offline_logon() && global_winbindd_offline_state) {
592 DEBUG(10,("centry_expired: Key %s for domain %s valid as winbindd is globally offline.\n",
593 keystr, domain->name ));
594 return false;
595 }
596
597 /* when the domain is offline return the cached entry.
598 * This deals with transient offline states... */
599
600 if (!domain->online) {
601 DEBUG(10,("centry_expired: Key %s for domain %s valid as domain is offline.\n",
602 keystr, domain->name ));
603 return false;
604 }
605
606 /* if the server is OK and our cache entry came from when it was down then
607 the entry is invalid */
608 if ((domain->sequence_number != DOM_SEQUENCE_NONE) &&
609 (centry->sequence_number == DOM_SEQUENCE_NONE)) {
610 DEBUG(10,("centry_expired: Key %s for domain %s invalid sequence.\n",
611 keystr, domain->name ));
612 return true;
613 }
614
615 /* if the server is down or the cache entry is not older than the
616 current sequence number then it is OK */
617 if (wcache_server_down(domain) ||
618 centry->sequence_number == domain->sequence_number) {
619 DEBUG(10,("centry_expired: Key %s for domain %s is good.\n",
620 keystr, domain->name ));
621 return false;
622 }
623
624 DEBUG(10,("centry_expired: Key %s for domain %s expired\n",
625 keystr, domain->name ));
626
627 /* it's expired */
628 return true;
629 }
630
631 static struct cache_entry *wcache_fetch_raw(char *kstr)
632 {
633 TDB_DATA data;
634 struct cache_entry *centry;
635 TDB_DATA key;
636
637 key = string_tdb_data(kstr);
638 data = tdb_fetch(wcache->tdb, key);
639 if (!data.dptr) {
640 /* a cache miss */
641 return NULL;
642 }
643
644 centry = SMB_XMALLOC_P(struct cache_entry);
645 centry->data = (unsigned char *)data.dptr;
646 centry->len = data.dsize;
647 centry->ofs = 0;
648
649 if (centry->len < 8) {
650 /* huh? corrupt cache? */
651 DEBUG(10,("wcache_fetch_raw: Corrupt cache for key %s (len < 8) ?\n", kstr));
652 centry_free(centry);
653 return NULL;
654 }
655
656 centry->status = centry_ntstatus(centry);
657 centry->sequence_number = centry_uint32(centry);
658
659 return centry;
660 }
661
662 /*
663 fetch an entry from the cache, with a varargs key. auto-fetch the sequence
664 number and return status
665 */
666 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
667 struct winbindd_domain *domain,
668 const char *format, ...) PRINTF_ATTRIBUTE(3,4);
669 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
670 struct winbindd_domain *domain,
671 const char *format, ...)
672 {
673 va_list ap;
674 char *kstr;
675 struct cache_entry *centry;
676
677 if (!winbindd_use_cache()) {
678 return NULL;
679 }
680
681 refresh_sequence_number(domain, false);
682
683 va_start(ap, format);
684 smb_xvasprintf(&kstr, format, ap);
685 va_end(ap);
686
687 centry = wcache_fetch_raw(kstr);
688 if (centry == NULL) {
689 free(kstr);
690 return NULL;
691 }
692
693 if (centry_expired(domain, kstr, centry)) {
694
695 DEBUG(10,("wcache_fetch: entry %s expired for domain %s\n",
696 kstr, domain->name ));
697
698 centry_free(centry);
699 free(kstr);
700 return NULL;
701 }
702
703 DEBUG(10,("wcache_fetch: returning entry %s for domain %s\n",
704 kstr, domain->name ));
705
706 free(kstr);
707 return centry;
708 }
709
710 static void wcache_delete(const char *format, ...) PRINTF_ATTRIBUTE(1,2);
711 static void wcache_delete(const char *format, ...)
712 {
713 va_list ap;
714 char *kstr;
715 TDB_DATA key;
716
717 va_start(ap, format);
718 smb_xvasprintf(&kstr, format, ap);
719 va_end(ap);
720
721 key = string_tdb_data(kstr);
722
723 tdb_delete(wcache->tdb, key);
724 free(kstr);
725 }
726
727 /*
728 make sure we have at least len bytes available in a centry
729 */
730 static void centry_expand(struct cache_entry *centry, uint32 len)
731 {
732 if (centry->len - centry->ofs >= len)
733 return;
734 centry->len *= 2;
735 centry->data = SMB_REALLOC_ARRAY(centry->data, unsigned char,
736 centry->len);
737 if (!centry->data) {
738 DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len));
739 smb_panic_fn("out of memory in centry_expand");
740 }
741 }
742
743 /*
744 push a uint32 into a centry
745 */
746 static void centry_put_uint32(struct cache_entry *centry, uint32 v)
747 {
748 centry_expand(centry, 4);
749 SIVAL(centry->data, centry->ofs, v);
750 centry->ofs += 4;
751 }
752
753 /*
754 push a uint16 into a centry
755 */
756 static void centry_put_uint16(struct cache_entry *centry, uint16 v)
757 {
758 centry_expand(centry, 2);
759 SIVAL(centry->data, centry->ofs, v);
760 centry->ofs += 2;
761 }
762
763 /*
764 push a uint8 into a centry
765 */
766 static void centry_put_uint8(struct cache_entry *centry, uint8 v)
767 {
768 centry_expand(centry, 1);
769 SCVAL(centry->data, centry->ofs, v);
770 centry->ofs += 1;
771 }
772
773 /*
774 push a string into a centry
775 */
776 static void centry_put_string(struct cache_entry *centry, const char *s)
777 {
778 int len;
779
780 if (!s) {
781 /* null strings are marked as len 0xFFFF */
782 centry_put_uint8(centry, 0xFF);
783 return;
784 }
785
786 len = strlen(s);
787 /* can't handle more than 254 char strings. Truncating is probably best */
788 if (len > 254) {
789 DEBUG(10,("centry_put_string: truncating len (%d) to: 254\n", len));
790 len = 254;
791 }
792 centry_put_uint8(centry, len);
793 centry_expand(centry, len);
794 memcpy(centry->data + centry->ofs, s, len);
795 centry->ofs += len;
796 }
797
798 /*
799 push a 16 byte hash into a centry - treat as 16 byte string.
800 */
801 static void centry_put_hash16(struct cache_entry *centry, const uint8 val[16])
802 {
803 centry_put_uint8(centry, 16);
804 centry_expand(centry, 16);
805 memcpy(centry->data + centry->ofs, val, 16);
806 centry->ofs += 16;
807 }
808
809 static void centry_put_sid(struct cache_entry *centry, const DOM_SID *sid)
810 {
811 fstring sid_string;
812 centry_put_string(centry, sid_to_fstring(sid_string, sid));
813 }
814
815
816 /*
817 put NTSTATUS into a centry
818 */
819 static void centry_put_ntstatus(struct cache_entry *centry, NTSTATUS status)
820 {
821 uint32 status_value = NT_STATUS_V(status);
822 centry_put_uint32(centry, status_value);
823 }
824
825
826 /*
827 push a NTTIME into a centry
828 */
829 static void centry_put_nttime(struct cache_entry *centry, NTTIME nt)
830 {
831 centry_expand(centry, 8);
832 SIVAL(centry->data, centry->ofs, nt & 0xFFFFFFFF);
833 centry->ofs += 4;
834 SIVAL(centry->data, centry->ofs, nt >> 32);
835 centry->ofs += 4;
836 }
837
838 /*
839 push a time_t into a centry - use a 64 bit size.
840 NTTIME here is being used as a convenient 64-bit size.
841 */
842 static void centry_put_time(struct cache_entry *centry, time_t t)
843 {
844 NTTIME nt = (NTTIME)t;
845 centry_put_nttime(centry, nt);
846 }
847
848 /*
849 start a centry for output. When finished, call centry_end()
850 */
851 struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status)
852 {
853 struct cache_entry *centry;
854
855 if (!wcache->tdb)
856 return NULL;
857
858 centry = SMB_XMALLOC_P(struct cache_entry);
859
860 centry->len = 8192; /* reasonable default */
861 centry->data = SMB_XMALLOC_ARRAY(uint8, centry->len);
862 centry->ofs = 0;
863 centry->sequence_number = domain->sequence_number;
864 centry_put_ntstatus(centry, status);
865 centry_put_uint32(centry, centry->sequence_number);
866 return centry;
867 }
868
869 /*
870 finish a centry and write it to the tdb
871 */
872 static void centry_end(struct cache_entry *centry, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
873 static void centry_end(struct cache_entry *centry, const char *format, ...)
874 {
875 va_list ap;
876 char *kstr;
877 TDB_DATA key, data;
878
879 if (!winbindd_use_cache()) {
880 return;
881 }
882
883 va_start(ap, format);
884 smb_xvasprintf(&kstr, format, ap);
885 va_end(ap);
886
887 key = string_tdb_data(kstr);
888 data.dptr = centry->data;
889 data.dsize = centry->ofs;
890
891 tdb_store(wcache->tdb, key, data, TDB_REPLACE);
892 free(kstr);
893 }
894
895 static void wcache_save_name_to_sid(struct winbindd_domain *domain,
896 NTSTATUS status, const char *domain_name,
897 const char *name, const DOM_SID *sid,
898 enum lsa_SidType type)
899 {
900 struct cache_entry *centry;
901 fstring uname;
902
903 centry = centry_start(domain, status);
904 if (!centry)
905 return;
906 centry_put_uint32(centry, type);
907 centry_put_sid(centry, sid);
908 fstrcpy(uname, name);
909 strupper_m(uname);
910 centry_end(centry, "NS/%s/%s", domain_name, uname);
911 DEBUG(10,("wcache_save_name_to_sid: %s\\%s -> %s (%s)\n", domain_name,
912 uname, sid_string_dbg(sid), nt_errstr(status)));
913 centry_free(centry);
914 }
915
916 static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS status,
917 const DOM_SID *sid, const char *domain_name, const char *name, enum lsa_SidType type)
918 {
919 struct cache_entry *centry;
920 fstring sid_string;
921
922 centry = centry_start(domain, status);
923 if (!centry)
924 return;
925
926 if (NT_STATUS_IS_OK(status)) {
927 centry_put_uint32(centry, type);
928 centry_put_string(centry, domain_name);
929 centry_put_string(centry, name);
930 }
931
932 centry_end(centry, "SN/%s", sid_to_fstring(sid_string, sid));
933 DEBUG(10,("wcache_save_sid_to_name: %s -> %s (%s)\n", sid_string,
934 name, nt_errstr(status)));
935 centry_free(centry);
936 }
937
938
939 static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status,
940 struct wbint_userinfo *info)
941 {
942 struct cache_entry *centry;
943 fstring sid_string;
944
945 if (is_null_sid(&info->user_sid)) {
946 return;
947 }
948
949 centry = centry_start(domain, status);
950 if (!centry)
951 return;
952 centry_put_string(centry, info->acct_name);
953 centry_put_string(centry, info->full_name);
954 centry_put_string(centry, info->homedir);
955 centry_put_string(centry, info->shell);
956 centry_put_uint32(centry, info->primary_gid);
957 centry_put_sid(centry, &info->user_sid);
958 centry_put_sid(centry, &info->group_sid);
959 centry_end(centry, "U/%s", sid_to_fstring(sid_string,
960 &info->user_sid));
961 DEBUG(10,("wcache_save_user: %s (acct_name %s)\n", sid_string, info->acct_name));
962 centry_free(centry);
963 }
964
965 static void wcache_save_lockout_policy(struct winbindd_domain *domain,
966 NTSTATUS status,
967 struct samr_DomInfo12 *lockout_policy)
968 {
969 struct cache_entry *centry;
970
971 centry = centry_start(domain, status);
972 if (!centry)
973 return;
974
975 centry_put_nttime(centry, lockout_policy->lockout_duration);
976 centry_put_nttime(centry, lockout_policy->lockout_window);
977 centry_put_uint16(centry, lockout_policy->lockout_threshold);
978
979 centry_end(centry, "LOC_POL/%s", domain->name);
980
981 DEBUG(10,("wcache_save_lockout_policy: %s\n", domain->name));
982
983 centry_free(centry);
984 }
985
986
987
988 static void wcache_save_password_policy(struct winbindd_domain *domain,
989 NTSTATUS status,
990 struct samr_DomInfo1 *policy)
991 {
992 struct cache_entry *centry;
993
994 centry = centry_start(domain, status);
995 if (!centry)
996 return;
997
998 centry_put_uint16(centry, policy->min_password_length);
999 centry_put_uint16(centry, policy->password_history_length);
1000 centry_put_uint32(centry, policy->password_properties);
1001 centry_put_nttime(centry, policy->max_password_age);
1002 centry_put_nttime(centry, policy->min_password_age);
1003
1004 centry_end(centry, "PWD_POL/%s", domain->name);
1005
1006 DEBUG(10,("wcache_save_password_policy: %s\n", domain->name));
1007
1008 centry_free(centry);
1009 }
1010
1011 /***************************************************************************
1012 ***************************************************************************/
1013
1014 static void wcache_save_username_alias(struct winbindd_domain *domain,
1015 NTSTATUS status,
1016 const char *name, const char *alias)
1017 {
1018 struct cache_entry *centry;
1019 fstring uname;
1020
1021 if ( (centry = centry_start(domain, status)) == NULL )
1022 return;
1023
1024 centry_put_string( centry, alias );
1025
1026 fstrcpy(uname, name);
1027 strupper_m(uname);
1028 centry_end(centry, "NSS/NA/%s", uname);
1029
1030 DEBUG(10,("wcache_save_username_alias: %s -> %s\n", name, alias ));
1031
1032 centry_free(centry);
1033 }
1034
1035 static void wcache_save_alias_username(struct winbindd_domain *domain,
1036 NTSTATUS status,
1037 const char *alias, const char *name)
1038 {
1039 struct cache_entry *centry;
1040 fstring uname;
1041
1042 if ( (centry = centry_start(domain, status)) == NULL )
1043 return;
1044
1045 centry_put_string( centry, name );
1046
1047 fstrcpy(uname, alias);
1048 strupper_m(uname);
1049 centry_end(centry, "NSS/AN/%s", uname);
1050
1051 DEBUG(10,("wcache_save_alias_username: %s -> %s\n", alias, name ));
1052
1053 centry_free(centry);
1054 }
1055
1056 /***************************************************************************
1057 ***************************************************************************/
1058
1059 NTSTATUS resolve_username_to_alias( TALLOC_CTX *mem_ctx,
1060 struct winbindd_domain *domain,
1061 const char *name, char **alias )
1062 {
1063 struct winbind_cache *cache = get_cache(domain);
1064 struct cache_entry *centry = NULL;
1065 NTSTATUS status;
1066 char *upper_name;
1067
1068 if ( domain->internal )
1069 return NT_STATUS_NOT_SUPPORTED;
1070
1071 if (!cache->tdb)
1072 goto do_query;
1073
1074 if ( (upper_name = SMB_STRDUP(name)) == NULL )
1075 return NT_STATUS_NO_MEMORY;
1076 strupper_m(upper_name);
1077
1078 centry = wcache_fetch(cache, domain, "NSS/NA/%s", upper_name);
1079
1080 SAFE_FREE( upper_name );
1081
1082 if (!centry)
1083 goto do_query;
1084
1085 status = centry->status;
1086
1087 if (!NT_STATUS_IS_OK(status)) {
1088 centry_free(centry);
1089 return status;
1090 }
1091
1092 *alias = centry_string( centry, mem_ctx );
1093
1094 centry_free(centry);
1095
1096 DEBUG(10,("resolve_username_to_alias: [Cached] - mapped %s to %s\n",
1097 name, *alias ? *alias : "(none)"));
1098
1099 return (*alias) ? NT_STATUS_OK : NT_STATUS_OBJECT_NAME_NOT_FOUND;
1100
1101 do_query:
1102
1103 /* If its not in cache and we are offline, then fail */
1104
1105 if ( get_global_winbindd_state_offline() || !domain->online ) {
1106 DEBUG(8,("resolve_username_to_alias: rejecting query "
1107 "in offline mode\n"));
1108 return NT_STATUS_NOT_FOUND;
1109 }
1110
1111 status = nss_map_to_alias( mem_ctx, domain->name, name, alias );
1112
1113 if ( NT_STATUS_IS_OK( status ) ) {
1114 wcache_save_username_alias(domain, status, name, *alias);
1115 }
1116
1117 if ( NT_STATUS_EQUAL( status, NT_STATUS_NONE_MAPPED ) ) {
1118 wcache_save_username_alias(domain, status, name, "(NULL)");
1119 }
1120
1121 DEBUG(5,("resolve_username_to_alias: backend query returned %s\n",
1122 nt_errstr(status)));
1123
1124 if ( NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) ) {
1125 set_domain_offline( domain );
1126 }
1127
1128 return status;
1129 }
1130
1131 /***************************************************************************
1132 ***************************************************************************/
1133
1134 NTSTATUS resolve_alias_to_username( TALLOC_CTX *mem_ctx,
1135 struct winbindd_domain *domain,
1136 const char *alias, char **name )
1137 {
1138 struct winbind_cache *cache = get_cache(domain);
1139 struct cache_entry *centry = NULL;
1140 NTSTATUS status;
1141 char *upper_name;
1142
1143 if ( domain->internal )
1144 return NT_STATUS_NOT_SUPPORTED;
1145
1146 if (!cache->tdb)
1147 goto do_query;
1148
1149 if ( (upper_name = SMB_STRDUP(alias)) == NULL )
1150 return NT_STATUS_NO_MEMORY;
1151 strupper_m(upper_name);
1152
1153 centry = wcache_fetch(cache, domain, "NSS/AN/%s", upper_name);
1154
1155 SAFE_FREE( upper_name );
1156
1157 if (!centry)
1158 goto do_query;
1159
1160 status = centry->status;
1161
1162 if (!NT_STATUS_IS_OK(status)) {
1163 centry_free(centry);
1164 return status;
1165 }
1166
1167 *name = centry_string( centry, mem_ctx );
1168
1169 centry_free(centry);
1170
1171 DEBUG(10,("resolve_alias_to_username: [Cached] - mapped %s to %s\n",
1172 alias, *name ? *name : "(none)"));
1173
1174 return (*name) ? NT_STATUS_OK : NT_STATUS_OBJECT_NAME_NOT_FOUND;
1175
1176 do_query:
1177
1178 /* If its not in cache and we are offline, then fail */
1179
1180 if ( get_global_winbindd_state_offline() || !domain->online ) {
1181 DEBUG(8,("resolve_alias_to_username: rejecting query "
1182 "in offline mode\n"));
1183 return NT_STATUS_NOT_FOUND;
1184 }
1185
1186 /* an alias cannot contain a domain prefix or '@' */
1187
1188 if (strchr(alias, '\\') || strchr(alias, '@')) {
1189 DEBUG(10,("resolve_alias_to_username: skipping fully "
1190 "qualified name %s\n", alias));
1191 return NT_STATUS_OBJECT_NAME_INVALID;
1192 }
1193
1194 status = nss_map_from_alias( mem_ctx, domain->name, alias, name );
1195
1196 if ( NT_STATUS_IS_OK( status ) ) {
1197 wcache_save_alias_username( domain, status, alias, *name );
1198 }
1199
1200 if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
1201 wcache_save_alias_username(domain, status, alias, "(NULL)");
1202 }
1203
1204 DEBUG(5,("resolve_alias_to_username: backend query returned %s\n",
1205 nt_errstr(status)));
1206
1207 if ( NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) ) {
1208 set_domain_offline( domain );
1209 }
1210
1211 return status;
1212 }
1213
1214 NTSTATUS wcache_cached_creds_exist(struct winbindd_domain *domain, const DOM_SID *sid)
1215 {
1216 struct winbind_cache *cache = get_cache(domain);
1217 TDB_DATA data;
1218 fstring key_str, tmp;
1219 uint32 rid;
1220
1221 if (!cache->tdb) {
1222 return NT_STATUS_INTERNAL_DB_ERROR;
1223 }
1224
1225 if (is_null_sid(sid)) {
1226 return NT_STATUS_INVALID_SID;
1227 }
1228
1229 if (!(sid_peek_rid(sid, &rid)) || (rid == 0)) {
1230 return NT_STATUS_INVALID_SID;
1231 }
1232
1233 fstr_sprintf(key_str, "CRED/%s", sid_to_fstring(tmp, sid));
1234
1235 data = tdb_fetch(cache->tdb, string_tdb_data(key_str));
1236 if (!data.dptr) {
1237 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1238 }
1239
1240 SAFE_FREE(data.dptr);
1241 return NT_STATUS_OK;
1242 }
1243
1244 /* Lookup creds for a SID - copes with old (unsalted) creds as well
1245 as new salted ones. */
1246
1247 NTSTATUS wcache_get_creds(struct winbindd_domain *domain,
1248 TALLOC_CTX *mem_ctx,
1249 const DOM_SID *sid,
1250 const uint8 **cached_nt_pass,
1251 const uint8 **cached_salt)
1252 {
1253 struct winbind_cache *cache = get_cache(domain);
1254 struct cache_entry *centry = NULL;
1255 NTSTATUS status;
1256 time_t t;
1257 uint32 rid;
1258 fstring tmp;
1259
1260 if (!cache->tdb) {
1261 return NT_STATUS_INTERNAL_DB_ERROR;
1262 }
1263
1264 if (is_null_sid(sid)) {
1265 return NT_STATUS_INVALID_SID;
1266 }
1267
1268 if (!(sid_peek_rid(sid, &rid)) || (rid == 0)) {
1269 return NT_STATUS_INVALID_SID;
1270 }
1271
1272 /* Try and get a salted cred first. If we can't
1273 fall back to an unsalted cred. */
1274
1275 centry = wcache_fetch(cache, domain, "CRED/%s",
1276 sid_to_fstring(tmp, sid));
1277 if (!centry) {
1278 DEBUG(10,("wcache_get_creds: entry for [CRED/%s] not found\n",
1279 sid_string_dbg(sid)));
1280 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1281 }
1282
1283 t = centry_time(centry);
1284
1285 /* In the salted case this isn't actually the nt_hash itself,
1286 but the MD5 of the salt + nt_hash. Let the caller
1287 sort this out. It can tell as we only return the cached_salt
1288 if we are returning a salted cred. */
1289
1290 *cached_nt_pass = (const uint8 *)centry_hash16(centry, mem_ctx);
1291 if (*cached_nt_pass == NULL) {
1292 fstring sidstr;
1293
1294 sid_to_fstring(sidstr, sid);
1295
1296 /* Bad (old) cred cache. Delete and pretend we
1297 don't have it. */
1298 DEBUG(0,("wcache_get_creds: bad entry for [CRED/%s] - deleting\n",
1299 sidstr));
1300 wcache_delete("CRED/%s", sidstr);
1301 centry_free(centry);
1302 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1303 }
1304
1305 /* We only have 17 bytes more data in the salted cred case. */
1306 if (centry->len - centry->ofs == 17) {
1307 *cached_salt = (const uint8 *)centry_hash16(centry, mem_ctx);
1308 } else {
1309 *cached_salt = NULL;
1310 }
1311
1312 dump_data_pw("cached_nt_pass", *cached_nt_pass, NT_HASH_LEN);
1313 if (*cached_salt) {
1314 dump_data_pw("cached_salt", *cached_salt, NT_HASH_LEN);
1315 }
1316
1317 status = centry->status;
1318
1319 DEBUG(10,("wcache_get_creds: [Cached] - cached creds for user %s status: %s\n",
1320 sid_string_dbg(sid), nt_errstr(status) ));
1321
1322 centry_free(centry);
1323 return status;
1324 }
1325
1326 /* Store creds for a SID - only writes out new salted ones. */
1327
1328 NTSTATUS wcache_save_creds(struct winbindd_domain *domain,
1329 TALLOC_CTX *mem_ctx,
1330 const DOM_SID *sid,
1331 const uint8 nt_pass[NT_HASH_LEN])
1332 {
1333 struct cache_entry *centry;
1334 fstring sid_string;
1335 uint32 rid;
1336 uint8 cred_salt[NT_HASH_LEN];
1337 uint8 salted_hash[NT_HASH_LEN];
1338
1339 if (is_null_sid(sid)) {
1340 return NT_STATUS_INVALID_SID;
1341 }
1342
1343 if (!(sid_peek_rid(sid, &rid)) || (rid == 0)) {
1344 return NT_STATUS_INVALID_SID;
1345 }
1346
1347 centry = centry_start(domain, NT_STATUS_OK);
1348 if (!centry) {
1349 return NT_STATUS_INTERNAL_DB_ERROR;
1350 }
1351
1352 dump_data_pw("nt_pass", nt_pass, NT_HASH_LEN);
1353
1354 centry_put_time(centry, time(NULL));
1355
1356 /* Create a salt and then salt the hash. */
1357 generate_random_buffer(cred_salt, NT_HASH_LEN);
1358 E_md5hash(cred_salt, nt_pass, salted_hash);
1359
1360 centry_put_hash16(centry, salted_hash);
1361 centry_put_hash16(centry, cred_salt);
1362 centry_end(centry, "CRED/%s", sid_to_fstring(sid_string, sid));
1363
1364 DEBUG(10,("wcache_save_creds: %s\n", sid_string));
1365
1366 centry_free(centry);
1367
1368 return NT_STATUS_OK;
1369 }
1370
1371
1372 /* Query display info. This is the basic user list fn */
1373 static NTSTATUS query_user_list(struct winbindd_domain *domain,
1374 TALLOC_CTX *mem_ctx,
1375 uint32 *num_entries,
1376 struct wbint_userinfo **info)
1377 {
1378 struct winbind_cache *cache = get_cache(domain);
1379 struct cache_entry *centry = NULL;
1380 NTSTATUS status;
1381 unsigned int i, retry;
1382
1383 if (!cache->tdb)
1384 goto do_query;
1385
1386 centry = wcache_fetch(cache, domain, "UL/%s", domain->name);
1387 if (!centry)
1388 goto do_query;
1389
1390 *num_entries = centry_uint32(centry);
1391
1392 if (*num_entries == 0)
1393 goto do_cached;
1394
1395 (*info) = TALLOC_ARRAY(mem_ctx, struct wbint_userinfo, *num_entries);
1396 if (! (*info)) {
1397 smb_panic_fn("query_user_list out of memory");
1398 }
1399 for (i=0; i<(*num_entries); i++) {
1400 (*info)[i].acct_name = centry_string(centry, mem_ctx);
1401 (*info)[i].full_name = centry_string(centry, mem_ctx);
1402 (*info)[i].homedir = centry_string(centry, mem_ctx);
1403 (*info)[i].shell = centry_string(centry, mem_ctx);
1404 centry_sid(centry, &(*info)[i].user_sid);
1405 centry_sid(centry, &(*info)[i].group_sid);
1406 }
1407
1408 do_cached:
1409 status = centry->status;
1410
1411 DEBUG(10,("query_user_list: [Cached] - cached list for domain %s status: %s\n",
1412 domain->name, nt_errstr(status) ));
1413
1414 centry_free(centry);
1415 return status;
1416
1417 do_query:
1418 *num_entries = 0;
1419 *info = NULL;
1420
1421 /* Return status value returned by seq number check */
1422
1423 if (!NT_STATUS_IS_OK(domain->last_status))
1424 return domain->last_status;
1425
1426 /* Put the query_user_list() in a retry loop. There appears to be
1427 * some bug either with Windows 2000 or Samba's handling of large
1428 * rpc replies. This manifests itself as sudden disconnection
1429 * at a random point in the enumeration of a large (60k) user list.
1430 * The retry loop simply tries the operation again. )-: It's not
1431 * pretty but an acceptable workaround until we work out what the
1432 * real problem is. */
1433
1434 retry = 0;
1435 do {
1436
1437 DEBUG(10,("query_user_list: [Cached] - doing backend query for list for domain %s\n",
1438 domain->name ));
1439
1440 status = domain->backend->query_user_list(domain, mem_ctx, num_entries, info);
1441 if (!NT_STATUS_IS_OK(status)) {
1442 DEBUG(3, ("query_user_list: returned 0x%08x, "
1443 "retrying\n", NT_STATUS_V(status)));
1444 }
1445 if (NT_STATUS_EQUAL(status, NT_STATUS_UNSUCCESSFUL)) {
1446 DEBUG(3, ("query_user_list: flushing "
1447 "connection cache\n"));
1448 invalidate_cm_connection(&domain->conn);
1449 }
1450
1451 } while (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) &&
1452 (retry++ < 5));
1453
1454 /* and save it */
1455 refresh_sequence_number(domain, false);
1456 centry = centry_start(domain, status);
1457 if (!centry)
1458 goto skip_save;
1459 centry_put_uint32(centry, *num_entries);
1460 for (i=0; i<(*num_entries); i++) {
1461 centry_put_string(centry, (*info)[i].acct_name);
1462 centry_put_string(centry, (*info)[i].full_name);
1463 centry_put_string(centry, (*info)[i].homedir);
1464 centry_put_string(centry, (*info)[i].shell);
1465 centry_put_sid(centry, &(*info)[i].user_sid);
1466 centry_put_sid(centry, &(*info)[i].group_sid);
1467 if (domain->backend && domain->backend->consistent) {
1468 /* when the backend is consistent we can pre-prime some mappings */
1469 wcache_save_name_to_sid(domain, NT_STATUS_OK,
1470 domain->name,
1471 (*info)[i].acct_name,
1472 &(*info)[i].user_sid,
1473 SID_NAME_USER);
1474 wcache_save_sid_to_name(domain, NT_STATUS_OK,
1475 &(*info)[i].user_sid,
1476 domain->name,
1477 (*info)[i].acct_name,
1478 SID_NAME_USER);
1479 wcache_save_user(domain, NT_STATUS_OK, &(*info)[i]);
1480 }
1481 }
1482 centry_end(centry, "UL/%s", domain->name);
1483 centry_free(centry);
1484
1485 skip_save:
1486 return status;
1487 }
1488
1489 /* list all domain groups */
1490 static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
1491 TALLOC_CTX *mem_ctx,
1492 uint32 *num_entries,
1493 struct acct_info **info)
1494 {
1495 struct winbind_cache *cache = get_cache(domain);
1496 struct cache_entry *centry = NULL;
1497 NTSTATUS status;
1498 unsigned int i;
1499
1500 if (!cache->tdb)
1501 goto do_query;
1502
1503 centry = wcache_fetch(cache, domain, "GL/%s/domain", domain->name);
1504 if (!centry)
1505 goto do_query;
1506
1507 *num_entries = centry_uint32(centry);
1508
1509 if (*num_entries == 0)
1510 goto do_cached;
1511
1512 (*info) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_entries);
1513 if (! (*info)) {
1514 smb_panic_fn("enum_dom_groups out of memory");
1515 }
1516 for (i=0; i<(*num_entries); i++) {
1517 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
1518 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
1519 (*info)[i].rid = centry_uint32(centry);
1520 }
1521
1522 do_cached:
1523 status = centry->status;
1524
1525 DEBUG(10,("enum_dom_groups: [Cached] - cached list for domain %s status: %s\n",
1526 domain->name, nt_errstr(status) ));
1527
1528 centry_free(centry);
1529 return status;
1530
1531 do_query:
1532 *num_entries = 0;
1533 *info = NULL;
1534
1535 /* Return status value returned by seq number check */
1536
1537 if (!NT_STATUS_IS_OK(domain->last_status))
1538 return domain->last_status;
1539
1540 DEBUG(10,("enum_dom_groups: [Cached] - doing backend query for list for domain %s\n",
1541 domain->name ));
1542
1543 status = domain->backend->enum_dom_groups(domain, mem_ctx, num_entries, info);
1544
1545 /* and save it */
1546 refresh_sequence_number(domain, false);
1547 centry = centry_start(domain, status);
1548 if (!centry)
1549 goto skip_save;
1550 centry_put_uint32(centry, *num_entries);
1551 for (i=0; i<(*num_entries); i++) {
1552 centry_put_string(centry, (*info)[i].acct_name);
1553 centry_put_string(centry, (*info)[i].acct_desc);
1554 centry_put_uint32(centry, (*info)[i].rid);
1555 }
1556 centry_end(centry, "GL/%s/domain", domain->name);
1557 centry_free(centry);
1558
1559 skip_save:
1560 return status;
1561 }
1562
1563 /* list all domain groups */
1564 static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
1565 TALLOC_CTX *mem_ctx,
1566 uint32 *num_entries,
1567 struct acct_info **info)
1568 {
1569 struct winbind_cache *cache = get_cache(domain);
1570 struct cache_entry *centry = NULL;
1571 NTSTATUS status;
1572 unsigned int i;
1573
1574 if (!cache->tdb)
1575 goto do_query;
1576
1577 centry = wcache_fetch(cache, domain, "GL/%s/local", domain->name);
1578 if (!centry)
1579 goto do_query;
1580
1581 *num_entries = centry_uint32(centry);
1582
1583 if (*num_entries == 0)
1584 goto do_cached;
1585
1586 (*info) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_entries);
1587 if (! (*info)) {
1588 smb_panic_fn("enum_dom_groups out of memory");
1589 }
1590 for (i=0; i<(*num_entries); i++) {
1591 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
1592 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
1593 (*info)[i].rid = centry_uint32(centry);
1594 }
1595
1596 do_cached:
1597
1598 /* If we are returning cached data and the domain controller
1599 is down then we don't know whether the data is up to date
1600 or not. Return NT_STATUS_MORE_PROCESSING_REQUIRED to
1601 indicate this. */
1602
1603 if (wcache_server_down(domain)) {
1604 DEBUG(10, ("enum_local_groups: returning cached user list and server was down\n"));
1605 status = NT_STATUS_MORE_PROCESSING_REQUIRED;
1606 } else
1607 status = centry->status;
1608
1609 DEBUG(10,("enum_local_groups: [Cached] - cached list for domain %s status: %s\n",
1610 domain->name, nt_errstr(status) ));
1611
1612 centry_free(centry);
1613 return status;
1614
1615 do_query:
1616 *num_entries = 0;
1617 *info = NULL;
1618
1619 /* Return status value returned by seq number check */
1620
1621 if (!NT_STATUS_IS_OK(domain->last_status))
1622 return domain->last_status;
1623
1624 DEBUG(10,("enum_local_groups: [Cached] - doing backend query for list for domain %s\n",
1625 domain->name ));
1626
1627 status = domain->backend->enum_local_groups(domain, mem_ctx, num_entries, info);
1628
1629 /* and save it */
1630 refresh_sequence_number(domain, false);
1631 centry = centry_start(domain, status);
1632 if (!centry)
1633 goto skip_save;
1634 centry_put_uint32(centry, *num_entries);
1635 for (i=0; i<(*num_entries); i++) {
1636 centry_put_string(centry, (*info)[i].acct_name);
1637 centry_put_string(centry, (*info)[i].acct_desc);
1638 centry_put_uint32(centry, (*info)[i].rid);
1639 }
1640 centry_end(centry, "GL/%s/local", domain->name);
1641 centry_free(centry);
1642
1643 skip_save:
1644 return status;
1645 }
1646
1647 NTSTATUS wcache_name_to_sid(struct winbindd_domain *domain,
1648 const char *domain_name,
1649 const char *name,
1650 struct dom_sid *sid,
1651 enum lsa_SidType *type)
1652 {
1653 struct winbind_cache *cache = get_cache(domain);
1654 struct cache_entry *centry;
1655 NTSTATUS status;
1656 char *uname;
1657
1658 if (cache->tdb == NULL) {
1659 return NT_STATUS_NOT_FOUND;
1660 }
1661
1662 uname = talloc_strdup_upper(talloc_tos(), name);
1663 if (uname == NULL) {
1664 return NT_STATUS_NO_MEMORY;
1665 }
1666
1667 centry = wcache_fetch(cache, domain, "NS/%s/%s", domain_name, uname);
1668 TALLOC_FREE(uname);
1669 if (centry == NULL) {
1670 return NT_STATUS_NOT_FOUND;
1671 }
1672
1673 status = centry->status;
1674 if (NT_STATUS_IS_OK(status)) {
1675 *type = (enum lsa_SidType)centry_uint32(centry);
1676 centry_sid(centry, sid);
1677 }
1678
1679 DEBUG(10,("name_to_sid: [Cached] - cached name for domain %s status: "
1680 "%s\n", domain->name, nt_errstr(status) ));
1681
1682 centry_free(centry);
1683 return status;
1684 }
1685
1686 /* convert a single name to a sid in a domain */
1687 static NTSTATUS name_to_sid(struct winbindd_domain *domain,
1688 TALLOC_CTX *mem_ctx,
1689 const char *domain_name,
1690 const char *name,
1691 uint32_t flags,
1692 DOM_SID *sid,
1693 enum lsa_SidType *type)
1694 {
1695 NTSTATUS status;
1696
1697 status = wcache_name_to_sid(domain, domain_name, name, sid, type);
1698 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
1699 return status;
1700 }
1701
1702 ZERO_STRUCTP(sid);
1703
1704 /* If the seq number check indicated that there is a problem
1705 * with this DC, then return that status... except for
1706 * access_denied. This is special because the dc may be in
1707 * "restrict anonymous = 1" mode, in which case it will deny
1708 * most unauthenticated operations, but *will* allow the LSA
1709 * name-to-sid that we try as a fallback. */
1710
1711 if (!(NT_STATUS_IS_OK(domain->last_status)
1712 || NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)))
1713 return domain->last_status;
1714
1715 DEBUG(10,("name_to_sid: [Cached] - doing backend query for name for domain %s\n",
1716 domain->name ));
1717
1718 status = domain->backend->name_to_sid(domain, mem_ctx, domain_name,
1719 name, flags, sid, type);
1720
1721 /* and save it */
1722 refresh_sequence_number(domain, false);
1723
1724 if (domain->online &&
1725 (NT_STATUS_IS_OK(status) || NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED))) {
1726 wcache_save_name_to_sid(domain, status, domain_name, name, sid, *type);
1727
1728 /* Only save the reverse mapping if this was not a UPN */
1729 if (!strchr(name, '@')) {
1730 strupper_m(CONST_DISCARD(char *,domain_name));
1731 strlower_m(CONST_DISCARD(char *,name));
1732 wcache_save_sid_to_name(domain, status, sid, domain_name, name, *type);
1733 }
1734 }
1735
1736 return status;
1737 }
1738
1739 NTSTATUS wcache_sid_to_name(struct winbindd_domain *domain,
1740 const struct dom_sid *sid,
1741 TALLOC_CTX *mem_ctx,
1742 char **domain_name,
1743 char **name,
1744 enum lsa_SidType *type)
1745 {
1746 struct winbind_cache *cache = get_cache(domain);
1747 struct cache_entry *centry;
1748 char *sid_string;
1749 NTSTATUS status;
1750
1751 if (cache->tdb == NULL) {
1752 return NT_STATUS_NOT_FOUND;
1753 }
1754
1755 sid_string = sid_string_tos(sid);
1756 if (sid_string == NULL) {
1757 return NT_STATUS_NO_MEMORY;
1758 }
1759
1760 centry = wcache_fetch(cache, domain, "SN/%s", sid_string);
1761 TALLOC_FREE(sid_string);
1762 if (centry == NULL) {
1763 return NT_STATUS_NOT_FOUND;
1764 }
1765
1766 if (NT_STATUS_IS_OK(centry->status)) {
1767 *type = (enum lsa_SidType)centry_uint32(centry);
1768 *domain_name = centry_string(centry, mem_ctx);
1769 *name = centry_string(centry, mem_ctx);
1770 }
1771
1772 status = centry->status;
1773 centry_free(centry);
1774
1775 DEBUG(10,("sid_to_name: [Cached] - cached name for domain %s status: "
1776 "%s\n", domain->name, nt_errstr(status) ));
1777
1778 return status;
1779 }
1780
1781 /* convert a sid to a user or group name. The sid is guaranteed to be in the domain
1782 given */
1783 static NTSTATUS sid_to_name(struct winbindd_domain *domain,
1784 TALLOC_CTX *mem_ctx,
1785 const DOM_SID *sid,
1786 char **domain_name,
1787 char **name,
1788 enum lsa_SidType *type)
1789 {
1790 NTSTATUS status;
1791
1792 status = wcache_sid_to_name(domain, sid, mem_ctx, domain_name, name,
1793 type);
1794 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
1795 return status;
1796 }
1797
1798 *name = NULL;
1799 *domain_name = NULL;
1800
1801 /* If the seq number check indicated that there is a problem
1802 * with this DC, then return that status... except for
1803 * access_denied. This is special because the dc may be in
1804 * "restrict anonymous = 1" mode, in which case it will deny
1805 * most unauthenticated operations, but *will* allow the LSA
1806 * sid-to-name that we try as a fallback. */
1807
1808 if (!(NT_STATUS_IS_OK(domain->last_status)
1809 || NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)))
1810 return domain->last_status;
1811
1812 DEBUG(10,("sid_to_name: [Cached] - doing backend query for name for domain %s\n",
1813 domain->name ));
1814
1815 status = domain->backend->sid_to_name(domain, mem_ctx, sid, domain_name, name, type);
1816
1817 /* and save it */
1818 refresh_sequence_number(domain, false);
1819 wcache_save_sid_to_name(domain, status, sid, *domain_name, *name, *type);
1820
1821 /* We can't save the name to sid mapping here, as with sid history a
1822 * later name2sid would give the wrong sid. */
1823
1824 return status;
1825 }
1826
1827 static NTSTATUS rids_to_names(struct winbindd_domain *domain,
1828 TALLOC_CTX *mem_ctx,
1829 const DOM_SID *domain_sid,
1830 uint32 *rids,
1831 size_t num_rids,
1832 char **domain_name,
1833 char ***names,
1834 enum lsa_SidType **types)
1835 {
1836 struct winbind_cache *cache = get_cache(domain);
1837 size_t i;
1838 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1839 bool have_mapped;
1840 bool have_unmapped;
1841
1842 *domain_name = NULL;
1843 *names = NULL;
1844 *types = NULL;
1845
1846 if (!cache->tdb) {
1847 goto do_query;
1848 }
1849
1850 if (num_rids == 0) {
1851 return NT_STATUS_OK;
1852 }
1853
1854 *names = TALLOC_ARRAY(mem_ctx, char *, num_rids);
1855 *types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_rids);
1856
1857 if ((*names == NULL) || (*types == NULL)) {
1858 result = NT_STATUS_NO_MEMORY;
1859 goto error;
1860 }
1861
1862 have_mapped = have_unmapped = false;
1863
1864 for (i=0; i<num_rids; i++) {
1865 DOM_SID sid;
1866 struct cache_entry *centry;
1867 fstring tmp;
1868
1869 if (!sid_compose(&sid, domain_sid, rids[i])) {
1870 result = NT_STATUS_INTERNAL_ERROR;
1871 goto error;
1872 }
1873
1874 centry = wcache_fetch(cache, domain, "SN/%s",
1875 sid_to_fstring(tmp, &sid));
1876 if (!centry) {
1877 goto do_query;
1878 }
1879
1880 (*types)[i] = SID_NAME_UNKNOWN;
1881 (*names)[i] = talloc_strdup(*names, "");
1882
1883 if (NT_STATUS_IS_OK(centry->status)) {
1884 char *dom;
1885 have_mapped = true;
1886 (*types)[i] = (enum lsa_SidType)centry_uint32(centry);
1887
1888 dom = centry_string(centry, mem_ctx);
1889 if (*domain_name == NULL) {
1890 *domain_name = dom;
1891 } else {
1892 talloc_free(dom);
1893 }
1894
1895 (*names)[i] = centry_string(centry, *names);
1896
1897 } else if (NT_STATUS_EQUAL(centry->status, NT_STATUS_NONE_MAPPED)) {
1898 have_unmapped = true;
1899
1900 } else {
1901 /* something's definitely wrong */
1902 result = centry->status;
1903 goto error;
1904 }
1905
1906 centry_free(centry);
1907 }
1908
1909 if (!have_mapped) {
1910 return NT_STATUS_NONE_MAPPED;
1911 }
1912 if (!have_unmapped) {
1913 return NT_STATUS_OK;
1914 }
1915 return STATUS_SOME_UNMAPPED;
1916
1917 do_query:
1918
1919 TALLOC_FREE(*names);
1920 TALLOC_FREE(*types);
1921
1922 result = domain->backend->rids_to_names(domain, mem_ctx, domain_sid,
1923 rids, num_rids, domain_name,
1924 names, types);
1925
1926 /*
1927 None of the queried rids has been found so save all negative entries
1928 */
1929 if (NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED)) {
1930 for (i = 0; i < num_rids; i++) {
1931 DOM_SID sid;
1932 const char *name = "";
1933 const enum lsa_SidType type = SID_NAME_UNKNOWN;
1934 NTSTATUS status = NT_STATUS_NONE_MAPPED;
1935
1936 if (!sid_compose(&sid, domain_sid, rids[i])) {
1937 return NT_STATUS_INTERNAL_ERROR;
1938 }
1939
1940 wcache_save_sid_to_name(domain, status, &sid, *domain_name,
1941 name, type);
1942 }
1943
1944 return result;
1945 }
1946
1947 /*
1948 Some or all of the queried rids have been found.
1949 */
1950 if (!NT_STATUS_IS_OK(result) &&
1951 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
1952 return result;
1953 }
1954
1955 refresh_sequence_number(domain, false);
1956
1957 for (i=0; i<num_rids; i++) {
1958 DOM_SID sid;
1959 NTSTATUS status;
1960
1961 if (!sid_compose(&sid, domain_sid, rids[i])) {
1962 result = NT_STATUS_INTERNAL_ERROR;
1963 goto error;
1964 }
1965
1966 status = (*types)[i] == SID_NAME_UNKNOWN ?
1967 NT_STATUS_NONE_MAPPED : NT_STATUS_OK;
1968
1969 wcache_save_sid_to_name(domain, status, &sid, *domain_name,
1970 (*names)[i], (*types)[i]);
1971 }
1972
1973 return result;
1974
1975 error:
1976 TALLOC_FREE(*names);
1977 TALLOC_FREE(*types);
1978 return result;
1979 }
1980
1981 NTSTATUS wcache_query_user(struct winbindd_domain *domain,
1982 TALLOC_CTX *mem_ctx,
1983 const struct dom_sid *user_sid,
1984 struct wbint_userinfo *info)
1985 {
1986 struct winbind_cache *cache = get_cache(domain);
1987 struct cache_entry *centry = NULL;
1988 NTSTATUS status;
1989 char *sid_string;
1990
1991 if (cache->tdb == NULL) {
1992 return NT_STATUS_NOT_FOUND;
1993 }
1994
1995 sid_string = sid_string_tos(user_sid);
1996 if (sid_string == NULL) {
1997 return NT_STATUS_NO_MEMORY;
1998 }
1999
2000 centry = wcache_fetch(cache, domain, "U/%s", sid_string);
2001 TALLOC_FREE(sid_string);
2002 if (centry == NULL) {
2003 return NT_STATUS_NOT_FOUND;
2004 }
2005
2006 /*
2007 * If we have an access denied cache entry and a cached info3
2008 * in the samlogon cache then do a query. This will force the
2009 * rpc back end to return the info3 data.
2010 */
2011
2012 if (NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED) &&
2013 netsamlogon_cache_have(user_sid)) {
2014 DEBUG(10, ("query_user: cached access denied and have cached "
2015 "info3\n"));
2016 domain->last_status = NT_STATUS_OK;
2017 centry_free(centry);
2018 return NT_STATUS_NOT_FOUND;
2019 }
2020
2021 /* if status is not ok then this is a negative hit
2022 and the rest of the data doesn't matter */
2023 status = centry->status;
2024 if (NT_STATUS_IS_OK(status)) {
2025 info->acct_name = centry_string(centry, mem_ctx);
2026 info->full_name = centry_string(centry, mem_ctx);
2027 info->homedir = centry_string(centry, mem_ctx);
2028 info->shell = centry_string(centry, mem_ctx);
2029 info->primary_gid = centry_uint32(centry);
2030 centry_sid(centry, &info->user_sid);
2031 centry_sid(centry, &info->group_sid);
2032 }
2033
2034 DEBUG(10,("query_user: [Cached] - cached info for domain %s status: "
2035 "%s\n", domain->name, nt_errstr(status) ));
2036
2037 centry_free(centry);
2038 return status;
2039 }
2040
2041 /* Lookup user information from a rid */
2042 static NTSTATUS query_user(struct winbindd_domain *domain,
2043 TALLOC_CTX *mem_ctx,
2044 const DOM_SID *user_sid,
2045 struct wbint_userinfo *info)
2046 {
2047 NTSTATUS status;
2048
2049 status = wcache_query_user(domain, mem_ctx, user_sid, info);
2050 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
2051 return status;
2052 }
2053
2054 ZERO_STRUCTP(info);
2055
2056 /* Return status value returned by seq number check */
2057
2058 if (!NT_STATUS_IS_OK(domain->last_status))
2059 return domain->last_status;
2060
2061 DEBUG(10,("query_user: [Cached] - doing backend query for info for domain %s\n",
2062 domain->name ));
2063
2064 status = domain->backend->query_user(domain, mem_ctx, user_sid, info);
2065
2066 /* and save it */
2067 refresh_sequence_number(domain, false);
2068 wcache_save_user(domain, status, info);
2069
2070 return status;
2071 }
2072
2073 NTSTATUS wcache_lookup_usergroups(struct winbindd_domain *domain,
2074 TALLOC_CTX *mem_ctx,
2075 const struct dom_sid *user_sid,
2076 uint32_t *pnum_sids,
2077 struct dom_sid **psids)
2078 {
2079 struct winbind_cache *cache = get_cache(domain);
2080 struct cache_entry *centry = NULL;
2081 NTSTATUS status;
2082 uint32_t i, num_sids;
2083 struct dom_sid *sids;
2084 fstring sid_string;
2085
2086 if (cache->tdb == NULL) {
2087 return NT_STATUS_NOT_FOUND;
2088 }
2089
2090 centry = wcache_fetch(cache, domain, "UG/%s",
2091 sid_to_fstring(sid_string, user_sid));
2092 if (centry == NULL) {
2093 return NT_STATUS_NOT_FOUND;
2094 }
2095
2096 /* If we have an access denied cache entry and a cached info3 in the
2097 samlogon cache then do a query. This will force the rpc back end
2098 to return the info3 data. */
2099
2100 if (NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)
2101 && netsamlogon_cache_have(user_sid)) {
2102 DEBUG(10, ("lookup_usergroups: cached access denied and have "
2103 "cached info3\n"));
2104 domain->last_status = NT_STATUS_OK;
2105 centry_free(centry);
2106 return NT_STATUS_NOT_FOUND;
2107 }
2108
2109 num_sids = centry_uint32(centry);
2110 sids = talloc_array(mem_ctx, struct dom_sid, num_sids);
2111 if (sids == NULL) {
2112 return NT_STATUS_NO_MEMORY;
2113 }
2114
2115 for (i=0; i<num_sids; i++) {
2116 centry_sid(centry, &sids[i]);
2117 }
2118
2119 status = centry->status;
2120
2121 DEBUG(10,("lookup_usergroups: [Cached] - cached info for domain %s "
2122 "status: %s\n", domain->name, nt_errstr(status)));
2123
2124 centry_free(centry);
2125
2126 *pnum_sids = num_sids;
2127 *psids = sids;
2128 return status;
2129 }
2130
2131 /* Lookup groups a user is a member of. */
2132 static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
2133 TALLOC_CTX *mem_ctx,
2134 const DOM_SID *user_sid,
2135 uint32 *num_groups, DOM_SID **user_gids)
2136 {
2137 struct cache_entry *centry = NULL;
2138 NTSTATUS status;
2139 unsigned int i;
2140 fstring sid_string;
2141
2142 status = wcache_lookup_usergroups(domain, mem_ctx, user_sid,
2143 num_groups, user_gids);
2144 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
2145 return status;
2146 }
2147
2148 (*num_groups) = 0;
2149 (*user_gids) = NULL;
2150
2151 /* Return status value returned by seq number check */
2152
2153 if (!NT_STATUS_IS_OK(domain->last_status))
2154 return domain->last_status;
2155
2156 DEBUG(10,("lookup_usergroups: [Cached] - doing backend query for info for domain %s\n",
2157 domain->name ));
2158
2159 status = domain->backend->lookup_usergroups(domain, mem_ctx, user_sid, num_groups, user_gids);
2160
2161 if ( NT_STATUS_EQUAL(status, NT_STATUS_SYNCHRONIZATION_REQUIRED) )
2162 goto skip_save;
2163
2164 /* and save it */
2165 refresh_sequence_number(domain, false);
2166 centry = centry_start(domain, status);
2167 if (!centry)
2168 goto skip_save;
2169
2170 centry_put_uint32(centry, *num_groups);
2171 for (i=0; i<(*num_groups); i++) {
2172 centry_put_sid(centry, &(*user_gids)[i]);
2173 }
2174
2175 centry_end(centry, "UG/%s", sid_to_fstring(sid_string, user_sid));
2176 centry_free(centry);
2177
2178 skip_save:
2179 return status;
2180 }
2181
2182 static char *wcache_make_sidlist(TALLOC_CTX *mem_ctx, uint32_t num_sids,
2183 const struct dom_sid *sids)
2184 {
2185 uint32_t i;
2186 char *sidlist;
2187
2188 sidlist = talloc_strdup(mem_ctx, "");
2189 if (sidlist == NULL) {
2190 return NULL;
2191 }
2192 for (i=0; i<num_sids; i++) {
2193 fstring tmp;
2194 sidlist = talloc_asprintf_append_buffer(
2195 sidlist, "/%s", sid_to_fstring(tmp, &sids[i]));
2196 if (sidlist == NULL) {
2197 return NULL;
2198 }
2199 }
2200 return sidlist;
2201 }
2202
2203 NTSTATUS wcache_lookup_useraliases(struct winbindd_domain *domain,
2204 TALLOC_CTX *mem_ctx, uint32_t num_sids,
2205 const struct dom_sid *sids,
2206 uint32_t *pnum_aliases, uint32_t **paliases)
2207 {
2208 struct winbind_cache *cache = get_cache(domain);
2209 struct cache_entry *centry = NULL;
2210 uint32_t num_aliases;
2211 uint32_t *aliases;
2212 NTSTATUS status;
2213 char *sidlist;
2214 int i;
2215
2216 if (cache->tdb == NULL) {
2217 return NT_STATUS_NOT_FOUND;
2218 }
2219
2220 if (num_sids == 0) {
2221 *pnum_aliases = 0;
2222 *paliases = NULL;
2223 return NT_STATUS_OK;
2224 }
2225
2226 /* We need to cache indexed by the whole list of SIDs, the aliases
2227 * resulting might come from any of the SIDs. */
2228
2229 sidlist = wcache_make_sidlist(talloc_tos(), num_sids, sids);
2230 if (sidlist == NULL) {
2231 return NT_STATUS_NO_MEMORY;
2232 }
2233
2234 centry = wcache_fetch(cache, domain, "UA%s", sidlist);
2235 TALLOC_FREE(sidlist);
2236 if (centry == NULL) {
2237 return NT_STATUS_NOT_FOUND;
2238 }
2239
2240 num_aliases = centry_uint32(centry);
2241 aliases = talloc_array(mem_ctx, uint32_t, num_aliases);
2242 if (aliases == NULL) {
2243 centry_free(centry);
2244 return NT_STATUS_NO_MEMORY;
2245 }
2246
2247 for (i=0; i<num_aliases; i++) {
2248 aliases[i] = centry_uint32(centry);
2249 }
2250
2251 status = centry->status;
2252
2253 DEBUG(10,("lookup_useraliases: [Cached] - cached info for domain: %s "
2254 "status %s\n", domain->name, nt_errstr(status)));
2255
2256 centry_free(centry);
2257
2258 *pnum_aliases = num_aliases;
2259 *paliases = aliases;
2260
2261 return status;
2262 }
2263
2264 static NTSTATUS lookup_useraliases(struct winbindd_domain *domain,
2265 TALLOC_CTX *mem_ctx,
2266 uint32 num_sids, const DOM_SID *sids,
2267 uint32 *num_aliases, uint32 **alias_rids)
2268 {
2269 struct cache_entry *centry = NULL;
2270 NTSTATUS status;
2271 char *sidlist;
2272 int i;
2273
2274 status = wcache_lookup_useraliases(domain, mem_ctx, num_sids, sids,
2275 num_aliases, alias_rids);
2276 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
2277 return status;
2278 }
2279
2280 (*num_aliases) = 0;
2281 (*alias_rids) = NULL;
2282
2283 if (!NT_STATUS_IS_OK(domain->last_status))
2284 return domain->last_status;
2285
2286 DEBUG(10,("lookup_usergroups: [Cached] - doing backend query for info "
2287 "for domain %s\n", domain->name ));
2288
2289 sidlist = wcache_make_sidlist(talloc_tos(), num_sids, sids);
2290 if (sidlist == NULL) {
2291 return NT_STATUS_NO_MEMORY;
2292 }
2293
2294 status = domain->backend->lookup_useraliases(domain, mem_ctx,
2295 num_sids, sids,
2296 num_aliases, alias_rids);
2297
2298 /* and save it */
2299 refresh_sequence_number(domain, false);
2300 centry = centry_start(domain, status);
2301 if (!centry)
2302 goto skip_save;
2303 centry_put_uint32(centry, *num_aliases);
2304 for (i=0; i<(*num_aliases); i++)
2305 centry_put_uint32(centry, (*alias_rids)[i]);
2306 centry_end(centry, "UA%s", sidlist);
2307 centry_free(centry);
2308
2309 skip_save:
2310 return status;
2311 }
2312
2313 NTSTATUS wcache_lookup_groupmem(struct winbindd_domain *domain,
2314 TALLOC_CTX *mem_ctx,
2315 const struct dom_sid *group_sid,
2316 uint32_t *num_names,
2317 struct dom_sid **sid_mem, char ***names,
2318 uint32_t **name_types)
2319 {
2320 struct winbind_cache *cache = get_cache(domain);
2321 struct cache_entry *centry = NULL;
2322 NTSTATUS status;
2323 unsigned int i;
2324 char *sid_string;
2325
2326 if (cache->tdb == NULL) {
2327 return NT_STATUS_NOT_FOUND;
2328 }
2329
2330 sid_string = sid_string_tos(group_sid);
2331 if (sid_string == NULL) {
2332 return NT_STATUS_NO_MEMORY;
2333 }
2334
2335 centry = wcache_fetch(cache, domain, "GM/%s", sid_string);
2336 TALLOC_FREE(sid_string);
2337 if (centry == NULL) {
2338 return NT_STATUS_NOT_FOUND;
2339 }
2340
2341 *sid_mem = NULL;
2342 *names = NULL;
2343 *name_types = NULL;
2344
2345 *num_names = centry_uint32(centry);
2346 if (*num_names == 0) {
2347 centry_free(centry);
2348 return NT_STATUS_OK;
2349 }
2350
2351 *sid_mem = talloc_array(mem_ctx, DOM_SID, *num_names);
2352 *names = talloc_array(mem_ctx, char *, *num_names);
2353 *name_types = talloc_array(mem_ctx, uint32, *num_names);
2354
2355 if ((*sid_mem == NULL) || (*names == NULL) || (*name_types == NULL)) {
2356 TALLOC_FREE(*sid_mem);
2357 TALLOC_FREE(*names);
2358 TALLOC_FREE(*name_types);
2359 centry_free(centry);
2360 return NT_STATUS_NO_MEMORY;
2361 }
2362
2363 for (i=0; i<(*num_names); i++) {
2364 centry_sid(centry, &(*sid_mem)[i]);
2365 (*names)[i] = centry_string(centry, mem_ctx);
2366 (*name_types)[i] = centry_uint32(centry);
2367 }
2368
2369 status = centry->status;
2370
2371 DEBUG(10,("lookup_groupmem: [Cached] - cached info for domain %s "
2372 "status: %s\n", domain->name, nt_errstr(status)));
2373
2374 centry_free(centry);
2375 return status;
2376 }
2377
2378 static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
2379 TALLOC_CTX *mem_ctx,
2380 const DOM_SID *group_sid, uint32 *num_names,
2381 DOM_SID **sid_mem, char ***names,
2382 uint32 **name_types)
2383 {
2384 struct cache_entry *centry = NULL;
2385 NTSTATUS status;
2386 unsigned int i;
2387 fstring sid_string;
2388
2389 status = wcache_lookup_groupmem(domain, mem_ctx, group_sid, num_names,
2390 sid_mem, names, name_types);
2391 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
2392 return status;
2393 }
2394
2395 (*num_names) = 0;
2396 (*sid_mem) = NULL;
2397 (*names) = NULL;
2398 (*name_types) = NULL;
2399
2400 /* Return status value returned by seq number check */
2401
2402 if (!NT_STATUS_IS_OK(domain->last_status))
2403 return domain->last_status;
2404
2405 DEBUG(10,("lookup_groupmem: [Cached] - doing backend query for info for domain %s\n",
2406 domain->name ));
2407
2408 status = domain->backend->lookup_groupmem(domain, mem_ctx, group_sid, num_names,
2409 sid_mem, names, name_types);
2410
2411 /* and save it */
2412 refresh_sequence_number(domain, false);
2413 centry = centry_start(domain, status);
2414 if (!centry)
2415 goto skip_save;
2416 centry_put_uint32(centry, *num_names);
2417 for (i=0; i<(*num_names); i++) {
2418 centry_put_sid(centry, &(*sid_mem)[i]);
2419 centry_put_string(centry, (*names)[i]);
2420 centry_put_uint32(centry, (*name_types)[i]);
2421 }
2422 centry_end(centry, "GM/%s", sid_to_fstring(sid_string, group_sid));
2423 centry_free(centry);
2424
2425 skip_save:
2426 return status;
2427 }
2428
2429 /* find the sequence number for a domain */
2430 static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
2431 {
2432 refresh_sequence_number(domain, false);
2433
2434 *seq = domain->sequence_number;
2435
2436 return NT_STATUS_OK;
2437 }
2438
2439 /* enumerate trusted domains
2440 * (we need to have the list of trustdoms in the cache when we go offline) -
2441 * Guenther */
2442 static NTSTATUS trusted_domains(struct winbindd_domain *domain,
2443 TALLOC_CTX *mem_ctx,
2444 uint32 *num_domains,
2445 char ***names,
2446 char ***alt_names,
2447 DOM_SID **dom_sids)
2448 {
2449 struct winbind_cache *cache = get_cache(domain);
2450 struct cache_entry *centry = NULL;
2451 NTSTATUS status;
2452 int i;
2453
2454 if (!cache->tdb)
2455 goto do_query;
2456
2457 centry = wcache_fetch(cache, domain, "TRUSTDOMS/%s", domain->name);
2458
2459 if (!centry) {
2460 goto do_query;
2461 }
2462
2463 *num_domains = centry_uint32(centry);
2464
2465 if (*num_domains) {
2466 (*names) = TALLOC_ARRAY(mem_ctx, char *, *num_domains);
2467 (*alt_names) = TALLOC_ARRAY(mem_ctx, char *, *num_domains);
2468 (*dom_sids) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_domains);
2469
2470 if (! (*dom_sids) || ! (*names) || ! (*alt_names)) {
2471 smb_panic_fn("trusted_domains out of memory");
2472 }
2473 } else {
2474 (*names) = NULL;
2475 (*alt_names) = NULL;
2476 (*dom_sids) = NULL;
2477 }
2478
2479 for (i=0; i<(*num_domains); i++) {
2480 (*names)[i] = centry_string(centry, mem_ctx);
2481 (*alt_names)[i] = centry_string(centry, mem_ctx);
2482 if (!centry_sid(centry, &(*dom_sids)[i])) {
2483 sid_copy(&(*dom_sids)[i], &global_sid_NULL);
2484 }
2485 }
2486
2487 status = centry->status;
2488
2489 DEBUG(10,("trusted_domains: [Cached] - cached info for domain %s (%d trusts) status: %s\n",
2490 domain->name, *num_domains, nt_errstr(status) ));
2491
2492 centry_free(centry);
2493 return status;
2494
2495 do_query:
2496 (*num_domains) = 0;
2497 (*dom_sids) = NULL;
2498 (*names) = NULL;
2499 (*alt_names) = NULL;
2500
2501 /* Return status value returned by seq number check */
2502
2503 if (!NT_STATUS_IS_OK(domain->last_status))
2504 return domain->last_status;
2505
2506 DEBUG(10,("trusted_domains: [Cached] - doing backend query for info for domain %s\n",
2507 domain->name ));
2508
2509 status = domain->backend->trusted_domains(domain, mem_ctx, num_domains,
2510 names, alt_names, dom_sids);
2511
2512 /* no trusts gives NT_STATUS_NO_MORE_ENTRIES resetting to NT_STATUS_OK
2513 * so that the generic centry handling still applies correctly -
2514 * Guenther*/
2515
2516 if (!NT_STATUS_IS_ERR(status)) {
2517 status = NT_STATUS_OK;
2518 }
2519
2520
2521 #if 0 /* Disabled as we want the trust dom list to be managed by
2522 the main parent and always to make the query. --jerry */
2523
2524 /* and save it */
2525 refresh_sequence_number(domain, false);
2526
2527 centry = centry_start(domain, status);
2528 if (!centry)
2529 goto skip_save;
2530
2531 centry_put_uint32(centry, *num_domains);
2532
2533 for (i=0; i<(*num_domains); i++) {
2534 centry_put_string(centry, (*names)[i]);
2535 centry_put_string(centry, (*alt_names)[i]);
2536 centry_put_sid(centry, &(*dom_sids)[i]);
2537 }
2538
2539 centry_end(centry, "TRUSTDOMS/%s", domain->name);
2540
2541 centry_free(centry);
2542
2543 skip_save:
2544 #endif
2545
2546 return status;
2547 }
2548
2549 /* get lockout policy */
2550 static NTSTATUS lockout_policy(struct winbindd_domain *domain,
2551 TALLOC_CTX *mem_ctx,
2552 struct samr_DomInfo12 *policy)
2553 {
2554 struct winbind_cache *cache = get_cache(domain);
2555 struct cache_entry *centry = NULL;
2556 NTSTATUS status;
2557
2558 if (!cache->tdb)
2559 goto do_query;
2560
2561 centry = wcache_fetch(cache, domain, "LOC_POL/%s", domain->name);
2562
2563 if (!centry)
2564 goto do_query;
2565
2566 policy->lockout_duration = centry_nttime(centry);
2567 policy->lockout_window = centry_nttime(centry);
2568 policy->lockout_threshold = centry_uint16(centry);
2569
2570 status = centry->status;
2571
2572 DEBUG(10,("lockout_policy: [Cached] - cached info for domain %s status: %s\n",
2573 domain->name, nt_errstr(status) ));
2574
2575 centry_free(centry);
2576 return status;
2577
2578 do_query:
2579 ZERO_STRUCTP(policy);
2580
2581 /* Return status value returned by seq number check */
2582
2583 if (!NT_STATUS_IS_OK(domain->last_status))
2584 return domain->last_status;
2585
2586 DEBUG(10,("lockout_policy: [Cached] - doing backend query for info for domain %s\n",
2587 domain->name ));
2588
2589 status = domain->backend->lockout_policy(domain, mem_ctx, policy);
2590
2591 /* and save it */
2592 refresh_sequence_number(domain, false);
2593 wcache_save_lockout_policy(domain, status, policy);
2594
2595 return status;
2596 }
2597
2598 /* get password policy */
2599 static NTSTATUS password_policy(struct winbindd_domain *domain,
2600 TALLOC_CTX *mem_ctx,
2601 struct samr_DomInfo1 *policy)
2602 {
2603 struct winbind_cache *cache = get_cache(domain);
2604 struct cache_entry *centry = NULL;
2605 NTSTATUS status;
2606
2607 if (!cache->tdb)
2608 goto do_query;
2609
2610 centry = wcache_fetch(cache, domain, "PWD_POL/%s", domain->name);
2611
2612 if (!centry)
2613 goto do_query;
2614
2615 policy->min_password_length = centry_uint16(centry);
2616 policy->password_history_length = centry_uint16(centry);
2617 policy->password_properties = centry_uint32(centry);
2618 policy->max_password_age = centry_nttime(centry);
2619 policy->min_password_age = centry_nttime(centry);
2620
2621 status = centry->status;
2622
2623 DEBUG(10,("lockout_policy: [Cached] - cached info for domain %s status: %s\n",
2624 domain->name, nt_errstr(status) ));
2625
2626 centry_free(centry);
2627 return status;
2628
2629 do_query:
2630 ZERO_STRUCTP(policy);
2631
2632 /* Return status value returned by seq number check */
2633
2634 if (!NT_STATUS_IS_OK(domain->last_status))
2635 return domain->last_status;
2636
2637 DEBUG(10,("password_policy: [Cached] - doing backend query for info for domain %s\n",
2638 domain->name ));
2639
2640 status = domain->backend->password_policy(domain, mem_ctx, policy);
2641
2642 /* and save it */
2643 refresh_sequence_number(domain, false);
2644 if (NT_STATUS_IS_OK(status)) {
2645 wcache_save_password_policy(domain, status, policy);
2646 }
2647
2648 return status;
2649 }
2650
2651
2652 /* Invalidate cached user and group lists coherently */
2653
2654 static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
2655 void *state)
2656 {
2657 if (strncmp((const char *)kbuf.dptr, "UL/", 3) == 0 ||
2658 strncmp((const char *)kbuf.dptr, "GL/", 3) == 0)
2659 tdb_delete(the_tdb, kbuf);
2660
2661 return 0;
2662 }
2663
2664 /* Invalidate the getpwnam and getgroups entries for a winbindd domain */
2665
2666 void wcache_invalidate_samlogon(struct winbindd_domain *domain,
2667 struct netr_SamInfo3 *info3)
2668 {
2669 DOM_SID sid;
2670 fstring key_str, sid_string;
2671 struct winbind_cache *cache;
2672
2673 /* dont clear cached U/SID and UG/SID entries when we want to logon
2674 * offline - gd */
2675
2676 if (lp_winbind_offline_logon()) {
2677 return;
2678 }
2679
2680 if (!domain)
2681 return;
2682
2683 cache = get_cache(domain);
2684
2685 if (!cache->tdb) {
2686 return;
2687 }
2688
2689 sid_copy(&sid, info3->base.domain_sid);
2690 sid_append_rid(&sid, info3->base.rid);
2691
2692 /* Clear U/SID cache entry */
2693 fstr_sprintf(key_str, "U/%s", sid_to_fstring(sid_string, &sid));
2694 DEBUG(10, ("wcache_invalidate_samlogon: clearing %s\n", key_str));
2695 tdb_delete(cache->tdb, string_tdb_data(key_str));
2696
2697 /* Clear UG/SID cache entry */
2698 fstr_sprintf(key_str, "UG/%s", sid_to_fstring(sid_string, &sid));
2699 DEBUG(10, ("wcache_invalidate_samlogon: clearing %s\n", key_str));
2700 tdb_delete(cache->tdb, string_tdb_data(key_str));
2701
2702 /* Samba/winbindd never needs this. */
2703 netsamlogon_clear_cached_user(info3);
2704 }
2705
2706 bool wcache_invalidate_cache(void)
2707 {
2708 struct winbindd_domain *domain;
2709
2710 for (domain = domain_list(); domain; domain = domain->next) {
2711 struct winbind_cache *cache = get_cache(domain);
2712
2713 DEBUG(10, ("wcache_invalidate_cache: invalidating cache "
2714 "entries for %s\n", domain->name));
2715 if (cache) {
2716 if (cache->tdb) {
2717 tdb_traverse(cache->tdb, traverse_fn, NULL);
2718 } else {
2719 return false;
2720 }
2721 }
2722 }
2723 return true;
2724 }
2725
2726 bool init_wcache(void)
2727 {
2728 if (wcache == NULL) {
2729 wcache = SMB_XMALLOC_P(struct winbind_cache);
2730 ZERO_STRUCTP(wcache);
2731 }
2732
2733 if (wcache->tdb != NULL)
2734 return true;
2735
2736 /* when working offline we must not clear the cache on restart */
2737 wcache->tdb = tdb_open_log(cache_path("winbindd_cache.tdb"),
2738 WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
2739 lp_winbind_offline_logon() ? TDB_DEFAULT : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST),
2740 O_RDWR|O_CREAT, 0600);
2741
2742 if (wcache->tdb == NULL) {
2743 DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
2744 return false;
2745 }
2746
2747 return true;
2748 }
2749
2750 /************************************************************************
2751 This is called by the parent to initialize the cache file.
2752 We don't need sophisticated locking here as we know we're the
2753 only opener.
2754 ************************************************************************/
2755
2756 bool initialize_winbindd_cache(void)
2757 {
2758 bool cache_bad = true;
2759 uint32 vers;
2760
2761 if (!init_wcache()) {
2762 DEBUG(0,("initialize_winbindd_cache: init_wcache failed.\n"));
2763 return false;
2764 }
2765
2766 /* Check version number. */
2767 if (tdb_fetch_uint32(wcache->tdb, WINBINDD_CACHE_VERSION_KEYSTR, &vers) &&
2768 vers == WINBINDD_CACHE_VERSION) {
2769 cache_bad = false;
2770 }
2771
2772 if (cache_bad) {
2773 DEBUG(0,("initialize_winbindd_cache: clearing cache "
2774 "and re-creating with version number %d\n",
2775 WINBINDD_CACHE_VERSION ));
2776
2777 tdb_close(wcache->tdb);
2778 wcache->tdb = NULL;
2779
2780 if (unlink(cache_path("winbindd_cache.tdb")) == -1) {
2781 DEBUG(0,("initialize_winbindd_cache: unlink %s failed %s ",
2782 cache_path("winbindd_cache.tdb"),
2783 strerror(errno) ));
2784 return false;
2785 }
2786 if (!init_wcache()) {
2787 DEBUG(0,("initialize_winbindd_cache: re-initialization "
2788 "init_wcache failed.\n"));
2789 return false;
2790 }
2791
2792 /* Write the version. */
2793 if (!tdb_store_uint32(wcache->tdb, WINBINDD_CACHE_VERSION_KEYSTR, WINBINDD_CACHE_VERSION)) {
2794 DEBUG(0,("initialize_winbindd_cache: version number store failed %s\n",
2795 tdb_errorstr(wcache->tdb) ));
2796 return false;
2797 }
2798 }
2799
2800 tdb_close(wcache->tdb);
2801 wcache->tdb = NULL;
2802 return true;
2803 }
2804
2805 void close_winbindd_cache(void)
2806 {
2807 if (!wcache) {
2808 return;
2809 }
2810 if (wcache->tdb) {
2811 tdb_close(wcache->tdb);
2812 wcache->tdb = NULL;
2813 }
2814 }
2815
2816 bool lookup_cached_sid(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
2817 char **domain_name, char **name,
2818 enum lsa_SidType *type)
2819 {
2820 struct winbindd_domain *domain;
2821 NTSTATUS status;
2822
2823 domain = find_lookup_domain_from_sid(sid);
2824 if (domain == NULL) {
2825 return false;
2826 }
2827 status = wcache_sid_to_name(domain, sid, mem_ctx, domain_name, name,
2828 type);
2829 return NT_STATUS_IS_OK(status);
2830 }
2831
2832 bool lookup_cached_name(TALLOC_CTX *mem_ctx,
2833 const char *domain_name,
2834 const char *name,
2835 DOM_SID *sid,
2836 enum lsa_SidType *type)
2837 {
2838 struct winbindd_domain *domain;
2839 NTSTATUS status;
2840 bool original_online_state;
2841
2842 domain = find_lookup_domain_from_name(domain_name);
2843 if (domain == NULL) {
2844 return false;
2845 }
2846
2847 /* If we are doing a cached logon, temporarily set the domain
2848 offline so the cache won't expire the entry */
2849
2850 original_online_state = domain->online;
2851 domain->online = false;
2852 status = wcache_name_to_sid(domain, domain_name, name, sid, type);
2853 domain->online = original_online_state;
2854
2855 return NT_STATUS_IS_OK(status);
2856 }
2857
2858 void cache_name2sid(struct winbindd_domain *domain,
2859 const char *domain_name, const char *name,
2860 enum lsa_SidType type, const DOM_SID *sid)
2861 {
2862 refresh_sequence_number(domain, false);
2863 wcache_save_name_to_sid(domain, NT_STATUS_OK, domain_name, name,
2864 sid, type);
2865 }
2866
2867 /*
2868 * The original idea that this cache only contains centries has
2869 * been blurred - now other stuff gets put in here. Ensure we
2870 * ignore these things on cleanup.
2871 */
2872
2873 static int traverse_fn_cleanup(TDB_CONTEXT *the_tdb, TDB_DATA kbuf,
2874 TDB_DATA dbuf, void *state)
2875 {
2876 struct cache_entry *centry;
2877
2878 if (is_non_centry_key(kbuf)) {
2879 return 0;
2880 }
2881
2882 centry = wcache_fetch_raw((char *)kbuf.dptr);
2883 if (!centry) {
2884 return 0;
2885 }
2886
2887 if (!NT_STATUS_IS_OK(centry->status)) {
2888 DEBUG(10,("deleting centry %s\n", (const char *)kbuf.dptr));
2889 tdb_delete(the_tdb, kbuf);
2890 }
2891
2892 centry_free(centry);
2893 return 0;
2894 }
2895
2896 /* flush the cache */
2897 void wcache_flush_cache(void)
2898 {
2899 if (!wcache)
2900 return;
2901 if (wcache->tdb) {
2902 tdb_close(wcache->tdb);
2903 wcache->tdb = NULL;
2904 }
2905 if (!winbindd_use_cache()) {
2906 return;
2907 }
2908
2909 /* when working offline we must not clear the cache on restart */
2910 wcache->tdb = tdb_open_log(cache_path("winbindd_cache.tdb"),
2911 WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
2912 lp_winbind_offline_logon() ? TDB_DEFAULT : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST),
2913 O_RDWR|O_CREAT, 0600);
2914
2915 if (!wcache->tdb) {
2916 DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
2917 return;
2918 }
2919
2920 tdb_traverse(wcache->tdb, traverse_fn_cleanup, NULL);
2921
2922 DEBUG(10,("wcache_flush_cache success\n"));
2923 }
2924
2925 /* Count cached creds */
2926
2927 static int traverse_fn_cached_creds(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
2928 void *state)
2929 {
2930 int *cred_count = (int*)state;
2931
2932 if (strncmp((const char *)kbuf.dptr, "CRED/", 5) == 0) {
2933 (*cred_count)++;
2934 }
2935 return 0;
2936 }
2937
2938 NTSTATUS wcache_count_cached_creds(struct winbindd_domain *domain, int *count)
2939 {
2940 struct winbind_cache *cache = get_cache(domain);
2941
2942 *count = 0;
2943
2944 if (!cache->tdb) {
2945 return NT_STATUS_INTERNAL_DB_ERROR;
2946 }
2947
2948 tdb_traverse(cache->tdb, traverse_fn_cached_creds, (void *)count);
2949
2950 return NT_STATUS_OK;
2951 }
2952
2953 struct cred_list {
2954 struct cred_list *prev, *next;
2955 TDB_DATA key;
2956 fstring name;
2957 time_t created;
2958 };
2959 static struct cred_list *wcache_cred_list;
2960
2961 static int traverse_fn_get_credlist(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
2962 void *state)
2963 {
2964 struct cred_list *cred;
2965
2966 if (strncmp((const char *)kbuf.dptr, "CRED/", 5) == 0) {
2967
2968 cred = SMB_MALLOC_P(struct cred_list);
2969 if (cred == NULL) {
2970 DEBUG(0,("traverse_fn_remove_first_creds: failed to malloc new entry for list\n"));
2971 return -1;
2972 }
2973
2974 ZERO_STRUCTP(cred);
2975
2976 /* save a copy of the key */
2977
2978 fstrcpy(cred->name, (const char *)kbuf.dptr);
2979 DLIST_ADD(wcache_cred_list, cred);
2980 }
2981
2982 return 0;
2983 }
2984
2985 NTSTATUS wcache_remove_oldest_cached_creds(struct winbindd_domain *domain, const DOM_SID *sid)
2986 {
2987 struct winbind_cache *cache = get_cache(domain);
2988 NTSTATUS status;
2989 int ret;
2990 struct cred_list *cred, *oldest = NULL;
2991
2992 if (!cache->tdb) {
2993 return NT_STATUS_INTERNAL_DB_ERROR;
2994 }
2995
2996 /* we possibly already have an entry */
2997 if (sid && NT_STATUS_IS_OK(wcache_cached_creds_exist(domain, sid))) {
2998
2999 fstring key_str, tmp;
3000
3001 DEBUG(11,("we already have an entry, deleting that\n"));
3002
3003 fstr_sprintf(key_str, "CRED/%s", sid_to_fstring(tmp, sid));
3004
3005 tdb_delete(cache->tdb, string_tdb_data(key_str));
3006
3007 return NT_STATUS_OK;
3008 }
3009
3010 ret = tdb_traverse(cache->tdb, traverse_fn_get_credlist, NULL);
3011 if (ret == 0) {
3012 return NT_STATUS_OK;
3013 } else if ((ret == -1) || (wcache_cred_list == NULL)) {
3014 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
3015 }
3016
3017 ZERO_STRUCTP(oldest);
3018
3019 for (cred = wcache_cred_list; cred; cred = cred->next) {
3020
3021 TDB_DATA data;
3022 time_t t;
3023
3024 data = tdb_fetch(cache->tdb, string_tdb_data(cred->name));
3025 if (!data.dptr) {
3026 DEBUG(10,("wcache_remove_oldest_cached_creds: entry for [%s] not found\n",
3027 cred->name));
3028 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
3029 goto done;
3030 }
3031
3032 t = IVAL(data.dptr, 0);
3033 SAFE_FREE(data.dptr);
3034
3035 if (!oldest) {
3036 oldest = SMB_MALLOC_P(struct cred_list);
3037 if (oldest == NULL) {
3038 status = NT_STATUS_NO_MEMORY;
3039 goto done;
3040 }
3041
3042 fstrcpy(oldest->name, cred->name);
3043 oldest->created = t;
3044 continue;
3045 }
3046
3047 if (t < oldest->created) {
3048 fstrcpy(oldest->name, cred->name);
3049 oldest->created = t;
3050 }
3051 }
3052
3053 if (tdb_delete(cache->tdb, string_tdb_data(oldest->name)) == 0) {
3054 status = NT_STATUS_OK;
3055 } else {
3056 status = NT_STATUS_UNSUCCESSFUL;
3057 }
3058 done:
3059 SAFE_FREE(wcache_cred_list);
3060 SAFE_FREE(oldest);
3061
3062 return status;
3063 }
3064
3065 /* Change the global online/offline state. */
3066 bool set_global_winbindd_state_offline(void)
3067 {
3068 TDB_DATA data;
3069
3070 DEBUG(10,("set_global_winbindd_state_offline: offline requested.\n"));
3071
3072 /* Only go offline if someone has created
3073 the key "WINBINDD_OFFLINE" in the cache tdb. */
3074
3075 if (wcache == NULL || wcache->tdb == NULL) {
3076 DEBUG(10,("set_global_winbindd_state_offline: wcache not open yet.\n"));
3077 return false;
3078 }
3079
3080 if (!lp_winbind_offline_logon()) {
3081 DEBUG(10,("set_global_winbindd_state_offline: rejecting.\n"));
3082 return false;
3083 }
3084
3085 if (global_winbindd_offline_state) {
3086 /* Already offline. */
3087 return true;
3088 }
3089
3090 data = tdb_fetch_bystring( wcache->tdb, "WINBINDD_OFFLINE" );
3091
3092 if (!data.dptr || data.dsize != 4) {
3093 DEBUG(10,("set_global_winbindd_state_offline: offline state not set.\n"));
3094 SAFE_FREE(data.dptr);
3095 return false;
3096 } else {
3097 DEBUG(10,("set_global_winbindd_state_offline: offline state set.\n"));
3098 global_winbindd_offline_state = true;
3099 SAFE_FREE(data.dptr);
3100 return true;
3101 }
3102 }
3103
3104 void set_global_winbindd_state_online(void)
3105 {
3106 DEBUG(10,("set_global_winbindd_state_online: online requested.\n"));
3107
3108 if (!lp_winbind_offline_logon()) {
3109 DEBUG(10,("set_global_winbindd_state_online: rejecting.\n"));
3110 return;
3111 }
3112
3113 if (!global_winbindd_offline_state) {
3114 /* Already online. */
3115 return;
3116 }
3117 global_winbindd_offline_state = false;
3118
3119 if (!wcache->tdb) {
3120 return;
3121 }
3122
3123 /* Ensure there is no key "WINBINDD_OFFLINE" in the cache tdb. */
3124 tdb_delete_bystring(wcache->tdb, "WINBINDD_OFFLINE");
3125 }
3126
3127 bool get_global_winbindd_state_offline(void)
3128 {
3129 return global_winbindd_offline_state;
3130 }
3131
3132 /***********************************************************************
3133 Validate functions for all possible cache tdb keys.
3134 ***********************************************************************/
3135
3136 static struct cache_entry *create_centry_validate(const char *kstr, TDB_DATA data,
3137 struct tdb_validation_status *state)
3138 {
3139 struct cache_entry *centry;
3140
3141 centry = SMB_XMALLOC_P(struct cache_entry);
3142 centry->data = (unsigned char *)memdup(data.dptr, data.dsize);
3143 if (!centry->data) {
3144 SAFE_FREE(centry);
3145 return NULL;
3146 }
3147 centry->len = data.dsize;
3148 centry->ofs = 0;
3149
3150 if (centry->len < 8) {
3151 /* huh? corrupt cache? */
3152 DEBUG(0,("create_centry_validate: Corrupt cache for key %s (len < 8) ?\n", kstr));
3153 centry_free(centry);
3154 state->bad_entry = true;
3155 state->success = false;
3156 return NULL;
3157 }
3158
3159 centry->status = NT_STATUS(centry_uint32(centry));
3160 centry->sequence_number = centry_uint32(centry);
3161 return centry;
3162 }
3163
3164 static int validate_seqnum(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3165 struct tdb_validation_status *state)
3166 {
3167 if (dbuf.dsize != 8) {
3168 DEBUG(0,("validate_seqnum: Corrupt cache for key %s (len %u != 8) ?\n",
3169 keystr, (unsigned int)dbuf.dsize ));
3170 state->bad_entry = true;
3171 return 1;
3172 }
3173 return 0;
3174 }
3175
3176 static int validate_ns(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3177 struct tdb_validation_status *state)
3178 {
3179 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3180 if (!centry) {
3181 return 1;
3182 }
3183
3184 (void)centry_uint32(centry);
3185 if (NT_STATUS_IS_OK(centry->status)) {
3186 DOM_SID sid;
3187 (void)centry_sid(centry, &sid);
3188 }
3189
3190 centry_free(centry);
3191
3192 if (!(state->success)) {
3193 return 1;
3194 }
3195 DEBUG(10,("validate_ns: %s ok\n", keystr));
3196 return 0;
3197 }
3198
3199 static int validate_sn(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3200 struct tdb_validation_status *state)
3201 {
3202 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3203 if (!centry) {
3204 return 1;
3205 }
3206
3207 if (NT_STATUS_IS_OK(centry->status)) {
3208 (void)centry_uint32(centry);
3209 (void)centry_string(centry, mem_ctx);
3210 (void)centry_string(centry, mem_ctx);
3211 }
3212
3213 centry_free(centry);
3214
3215 if (!(state->success)) {
3216 return 1;
3217 }
3218 DEBUG(10,("validate_sn: %s ok\n", keystr));
3219 return 0;
3220 }
3221
3222 static int validate_u(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3223 struct tdb_validation_status *state)
3224 {
3225 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3226 DOM_SID sid;
3227
3228 if (!centry) {
3229 return 1;
3230 }
3231
3232 (void)centry_string(centry, mem_ctx);
3233 (void)centry_string(centry, mem_ctx);
3234 (void)centry_string(centry, mem_ctx);
3235 (void)centry_string(centry, mem_ctx);
3236 (void)centry_uint32(centry);
3237 (void)centry_sid(centry, &sid);
3238 (void)centry_sid(centry, &sid);
3239
3240 centry_free(centry);
3241
3242 if (!(state->success)) {
3243 return 1;
3244 }
3245 DEBUG(10,("validate_u: %s ok\n", keystr));
3246 return 0;
3247 }
3248
3249 static int validate_loc_pol(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3250 struct tdb_validation_status *state)
3251 {
3252 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3253
3254 if (!centry) {
3255 return 1;
3256 }
3257
3258 (void)centry_nttime(centry);
3259 (void)centry_nttime(centry);
3260 (void)centry_uint16(centry);
3261
3262 centry_free(centry);
3263
3264 if (!(state->success)) {
3265 return 1;
3266 }
3267 DEBUG(10,("validate_loc_pol: %s ok\n", keystr));
3268 return 0;
3269 }
3270
3271 static int validate_pwd_pol(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3272 struct tdb_validation_status *state)
3273 {
3274 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3275
3276 if (!centry) {
3277 return 1;
3278 }
3279
3280 (void)centry_uint16(centry);
3281 (void)centry_uint16(centry);
3282 (void)centry_uint32(centry);
3283 (void)centry_nttime(centry);
3284 (void)centry_nttime(centry);
3285
3286 centry_free(centry);
3287
3288 if (!(state->success)) {
3289 return 1;
3290 }
3291 DEBUG(10,("validate_pwd_pol: %s ok\n", keystr));
3292 return 0;
3293 }
3294
3295 static int validate_cred(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3296 struct tdb_validation_status *state)
3297 {
3298 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3299
3300 if (!centry) {
3301 return 1;
3302 }
3303
3304 (void)centry_time(centry);
3305 (void)centry_hash16(centry, mem_ctx);
3306
3307 /* We only have 17 bytes more data in the salted cred case. */
3308 if (centry->len - centry->ofs == 17) {
3309 (void)centry_hash16(centry, mem_ctx);
3310 }
3311
3312 centry_free(centry);
3313
3314 if (!(state->success)) {
3315 return 1;
3316 }
3317 DEBUG(10,("validate_cred: %s ok\n", keystr));
3318 return 0;
3319 }
3320
3321 static int validate_ul(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3322 struct tdb_validation_status *state)
3323 {
3324 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3325 int32 num_entries, i;
3326
3327 if (!centry) {
3328 return 1;
3329 }
3330
3331 num_entries = (int32)centry_uint32(centry);
3332
3333 for (i=0; i< num_entries; i++) {
3334 DOM_SID sid;
3335 (void)centry_string(centry, mem_ctx);
3336 (void)centry_string(centry, mem_ctx);
3337 (void)centry_string(centry, mem_ctx);
3338 (void)centry_string(centry, mem_ctx);
3339 (void)centry_sid(centry, &sid);
3340 (void)centry_sid(centry, &sid);
3341 }
3342
3343 centry_free(centry);
3344
3345 if (!(state->success)) {
3346 return 1;
3347 }
3348 DEBUG(10,("validate_ul: %s ok\n", keystr));
3349 return 0;
3350 }
3351
3352 static int validate_gl(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3353 struct tdb_validation_status *state)
3354 {
3355 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3356 int32 num_entries, i;
3357
3358 if (!centry) {
3359 return 1;
3360 }
3361
3362 num_entries = centry_uint32(centry);
3363
3364 for (i=0; i< num_entries; i++) {
3365 (void)centry_string(centry, mem_ctx);
3366 (void)centry_string(centry, mem_ctx);
3367 (void)centry_uint32(centry);
3368 }
3369
3370 centry_free(centry);
3371
3372 if (!(state->success)) {
3373 return 1;
3374 }
3375 DEBUG(10,("validate_gl: %s ok\n", keystr));
3376 return 0;
3377 }
3378
3379 static int validate_ug(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3380 struct tdb_validation_status *state)
3381 {
3382 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3383 int32 num_groups, i;
3384
3385 if (!centry) {
3386 return 1;
3387 }
3388
3389 num_groups = centry_uint32(centry);
3390
3391 for (i=0; i< num_groups; i++) {
3392 DOM_SID sid;
3393 centry_sid(centry, &sid);
3394 }
3395
3396 centry_free(centry);
3397
3398 if (!(state->success)) {
3399 return 1;
3400 }
3401 DEBUG(10,("validate_ug: %s ok\n", keystr));
3402 return 0;
3403 }
3404
3405 static int validate_ua(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3406 struct tdb_validation_status *state)
3407 {
3408 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3409 int32 num_aliases, i;
3410
3411 if (!centry) {
3412 return 1;
3413 }
3414
3415 num_aliases = centry_uint32(centry);
3416
3417 for (i=0; i < num_aliases; i++) {
3418 (void)centry_uint32(centry);
3419 }
3420
3421 centry_free(centry);
3422
3423 if (!(state->success)) {
3424 return 1;
3425 }
3426 DEBUG(10,("validate_ua: %s ok\n", keystr));
3427 return 0;
3428 }
3429
3430 static int validate_gm(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3431 struct tdb_validation_status *state)
3432 {
3433 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3434 int32 num_names, i;
3435
3436 if (!centry) {
3437 return 1;
3438 }
3439
3440 num_names = centry_uint32(centry);
3441
3442 for (i=0; i< num_names; i++) {
3443 DOM_SID sid;
3444 centry_sid(centry, &sid);
3445 (void)centry_string(centry, mem_ctx);
3446 (void)centry_uint32(centry);
3447 }
3448
3449 centry_free(centry);
3450
3451 if (!(state->success)) {
3452 return 1;
3453 }
3454 DEBUG(10,("validate_gm: %s ok\n", keystr));
3455 return 0;
3456 }
3457
3458 static int validate_dr(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3459 struct tdb_validation_status *state)
3460 {
3461 /* Can't say anything about this other than must be nonzero. */
3462 if (dbuf.dsize == 0) {
3463 DEBUG(0,("validate_dr: Corrupt cache for key %s (len == 0) ?\n",
3464 keystr));
3465 state->bad_entry = true;
3466 state->success = false;
3467 return 1;
3468 }
3469
3470 DEBUG(10,("validate_dr: %s ok\n", keystr));
3471 return 0;
3472 }
3473
3474 static int validate_de(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3475 struct tdb_validation_status *state)
3476 {
3477 /* Can't say anything about this other than must be nonzero. */
3478 if (dbuf.dsize == 0) {
3479 DEBUG(0,("validate_de: Corrupt cache for key %s (len == 0) ?\n",
3480 keystr));
3481 state->bad_entry = true;
3482 state->success = false;
3483 return 1;
3484 }
3485
3486 DEBUG(10,("validate_de: %s ok\n", keystr));
3487 return 0;
3488 }
3489
3490 static int validate_pwinfo(TALLOC_CTX *mem_ctx, const char *keystr,
3491 TDB_DATA dbuf, struct tdb_validation_status *state)
3492 {
3493 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3494
3495 if (!centry) {
3496 return 1;
3497 }
3498
3499 (void)centry_string(centry, mem_ctx);
3500 (void)centry_string(centry, mem_ctx);
3501 (void)centry_string(centry, mem_ctx);
3502 (void)centry_uint32(centry);
3503
3504 centry_free(centry);
3505
3506 if (!(state->success)) {
3507 return 1;
3508 }
3509 DEBUG(10,("validate_pwinfo: %s ok\n", keystr));
3510 return 0;
3511 }
3512
3513 static int validate_nss_an(TALLOC_CTX *mem_ctx, const char *keystr,
3514 TDB_DATA dbuf,
3515 struct tdb_validation_status *state)
3516 {
3517 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3518
3519 if (!centry) {
3520 return 1;
3521 }
3522
3523 (void)centry_string( centry, mem_ctx );
3524
3525 centry_free(centry);
3526
3527 if (!(state->success)) {
3528 return 1;
3529 }
3530 DEBUG(10,("validate_pwinfo: %s ok\n", keystr));
3531 return 0;
3532 }
3533
3534 static int validate_nss_na(TALLOC_CTX *mem_ctx, const char *keystr,
3535 TDB_DATA dbuf,
3536 struct tdb_validation_status *state)
3537 {
3538 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3539
3540 if (!centry) {
3541 return 1;
3542 }
3543
3544 (void)centry_string( centry, mem_ctx );
3545
3546 centry_free(centry);
3547
3548 if (!(state->success)) {
3549 return 1;
3550 }
3551 DEBUG(10,("validate_pwinfo: %s ok\n", keystr));
3552 return 0;
3553 }
3554
3555 static int validate_trustdoms(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3556 struct tdb_validation_status *state)
3557 {
3558 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3559 int32 num_domains, i;
3560
3561 if (!centry) {
3562 return 1;
3563 }
3564
3565 num_domains = centry_uint32(centry);
3566
3567 for (i=0; i< num_domains; i++) {
3568 DOM_SID sid;
3569 (void)centry_string(centry, mem_ctx);
3570 (void)centry_string(centry, mem_ctx);
3571 (void)centry_sid(centry, &sid);
3572 }
3573
3574 centry_free(centry);
3575
3576 if (!(state->success)) {
3577 return 1;
3578 }
3579 DEBUG(10,("validate_trustdoms: %s ok\n", keystr));
3580 return 0;
3581 }
3582
3583 static int validate_trustdomcache(TALLOC_CTX *mem_ctx, const char *keystr,
3584 TDB_DATA dbuf,
3585 struct tdb_validation_status *state)
3586 {
3587 if (dbuf.dsize == 0) {
3588 DEBUG(0, ("validate_trustdomcache: Corrupt cache for "
3589 "key %s (len ==0) ?\n", keystr));
3590 state->bad_entry = true;
3591 state->success = false;
3592 return 1;
3593 }
3594
3595 DEBUG(10, ("validate_trustdomcache: %s ok\n", keystr));
3596 DEBUGADD(10, (" Don't trust me, I am a DUMMY!\n"));
3597 return 0;
3598 }
3599
3600 static int validate_offline(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3601 struct tdb_validation_status *state)
3602 {
3603 if (dbuf.dsize != 4) {
3604 DEBUG(0,("validate_offline: Corrupt cache for key %s (len %u != 4) ?\n",
3605 keystr, (unsigned int)dbuf.dsize ));
3606 state->bad_entry = true;
3607 state->success = false;
3608 return 1;
3609 }
3610 DEBUG(10,("validate_offline: %s ok\n", keystr));
3611 return 0;
3612 }
3613
3614 static int validate_cache_version(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3615 struct tdb_validation_status *state)
3616 {
3617 if (dbuf.dsize != 4) {
3618 DEBUG(0, ("validate_cache_version: Corrupt cache for "
3619 "key %s (len %u != 4) ?\n",
3620 keystr, (unsigned int)dbuf.dsize));
3621 state->bad_entry = true;
3622 state->success = false;
3623 return 1;
3624 }
3625
3626 DEBUG(10, ("validate_cache_version: %s ok\n", keystr));
3627 return 0;
3628 }
3629
3630 /***********************************************************************
3631 A list of all possible cache tdb keys with associated validation
3632 functions.
3633 ***********************************************************************/
3634
3635 struct key_val_struct {
3636 const char *keyname;
3637 int (*validate_data_fn)(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf, struct tdb_validation_status* state);
3638 } key_val[] = {
3639 {"SEQNUM/", validate_seqnum},
3640 {"NS/", validate_ns},
3641 {"SN/", validate_sn},
3642 {"U/", validate_u},
3643 {"LOC_POL/", validate_loc_pol},
3644 {"PWD_POL/", validate_pwd_pol},
3645 {"CRED/", validate_cred},
3646 {"UL/", validate_ul},
3647 {"GL/", validate_gl},
3648 {"UG/", validate_ug},
3649 {"UA", validate_ua},
3650 {"GM/", validate_gm},
3651 {"DR/", validate_dr},
3652 {"DE/", validate_de},
3653 {"NSS/PWINFO/", validate_pwinfo},
3654 {"TRUSTDOMS/", validate_trustdoms},
3655 {"TRUSTDOMCACHE/", validate_trustdomcache},
3656 {"NSS/NA/", validate_nss_na},
3657 {"NSS/AN/", validate_nss_an},
3658 {"WINBINDD_OFFLINE", validate_offline},
3659 {WINBINDD_CACHE_VERSION_KEYSTR, validate_cache_version},
3660 {NULL, NULL}
3661 };
3662
3663 /***********************************************************************
3664 Function to look at every entry in the tdb and validate it as far as
3665 possible.
3666 ***********************************************************************/
3667
3668 static int cache_traverse_validate_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, void *state)
3669 {
3670 int i;
3671 unsigned int max_key_len = 1024;
3672 struct tdb_validation_status *v_state = (struct tdb_validation_status *)state;
3673
3674 /* Paranoia check. */
3675 if (strncmp("UA/", (const char *)kbuf.dptr, 3) == 0) {
3676 max_key_len = 1024 * 1024;
3677 }
3678 if (kbuf.dsize > max_key_len) {
3679 DEBUG(0, ("cache_traverse_validate_fn: key length too large: "
3680 "(%u) > (%u)\n\n",
3681 (unsigned int)kbuf.dsize, (unsigned int)max_key_len));
3682 return 1;
3683 }
3684
3685 for (i = 0; key_val[i].keyname; i++) {
3686 size_t namelen = strlen(key_val[i].keyname);
3687 if (kbuf.dsize >= namelen && (
3688 strncmp(key_val[i].keyname, (const char *)kbuf.dptr, namelen)) == 0) {
3689 TALLOC_CTX *mem_ctx;
3690 char *keystr;
3691 int ret;
3692
3693 keystr = SMB_MALLOC_ARRAY(char, kbuf.dsize+1);
3694 if (!keystr) {
3695 return 1;
3696 }
3697 memcpy(keystr, kbuf.dptr, kbuf.dsize);
3698 keystr[kbuf.dsize] = '\0';
3699
3700 mem_ctx = talloc_init("validate_ctx");
3701 if (!mem_ctx) {
3702 SAFE_FREE(keystr);
3703 return 1;
3704 }
3705
3706 ret = key_val[i].validate_data_fn(mem_ctx, keystr, dbuf,
3707 v_state);
3708
3709 SAFE_FREE(keystr);
3710 talloc_destroy(mem_ctx);
3711 return ret;
3712 }
3713 }
3714
3715 DEBUG(0,("cache_traverse_validate_fn: unknown cache entry\nkey :\n"));
3716 dump_data(0, (uint8 *)kbuf.dptr, kbuf.dsize);
3717 DEBUG(0,("data :\n"));
3718 dump_data(0, (uint8 *)dbuf.dptr, dbuf.dsize);
3719 v_state->unknown_key = true;
3720 v_state->success = false;
3721 return 1; /* terminate. */
3722 }
3723
3724 static void validate_panic(const char *const why)
3725 {
3726 DEBUG(0,("validating cache: would panic %s\n", why ));
3727 DEBUGADD(0, ("exiting instead (cache validation mode)\n"));
3728 exit(47);
3729 }
3730
3731 /***********************************************************************
3732 Try and validate every entry in the winbindd cache. If we fail here,
3733 delete the cache tdb and return non-zero.
3734 ***********************************************************************/
3735
3736 int winbindd_validate_cache(void)
3737 {
3738 int ret = -1;
3739 const char *tdb_path = cache_path("winbindd_cache.tdb");
3740 TDB_CONTEXT *tdb = NULL;
3741
3742 DEBUG(10, ("winbindd_validate_cache: replacing panic function\n"));
3743 smb_panic_fn = validate_panic;
3744
3745
3746 tdb = tdb_open_log(tdb_path,
3747 WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
3748 ( lp_winbind_offline_logon()
3749 ? TDB_DEFAULT
3750 : TDB_DEFAULT | TDB_CLEAR_IF_FIRST ),
3751 O_RDWR|O_CREAT,
3752 0600);
3753 if (!tdb) {
3754 DEBUG(0, ("winbindd_validate_cache: "
3755 "error opening/initializing tdb\n"));
3756 goto done;
3757 }
3758 tdb_close(tdb);
3759
3760 ret = tdb_validate_and_backup(tdb_path, cache_traverse_validate_fn);
3761
3762 if (ret != 0) {
3763 DEBUG(10, ("winbindd_validate_cache: validation not successful.\n"));
3764 DEBUGADD(10, ("removing tdb %s.\n", tdb_path));
3765 unlink(tdb_path);
3766 }
3767
3768 done:
3769 DEBUG(10, ("winbindd_validate_cache: restoring panic function\n"));
3770 smb_panic_fn = smb_panic;
3771 return ret;
3772 }
3773
3774 /***********************************************************************
3775 Try and validate every entry in the winbindd cache.
3776 ***********************************************************************/
3777
3778 int winbindd_validate_cache_nobackup(void)
3779 {
3780 int ret = -1;
3781 const char *tdb_path = cache_path("winbindd_cache.tdb");
3782
3783 DEBUG(10, ("winbindd_validate_cache: replacing panic function\n"));
3784 smb_panic_fn = validate_panic;
3785
3786
3787 if (wcache == NULL || wcache->tdb == NULL) {
3788 ret = tdb_validate_open(tdb_path, cache_traverse_validate_fn);
3789 } else {
3790 ret = tdb_validate(wcache->tdb, cache_traverse_validate_fn);
3791 }
3792
3793 if (ret != 0) {
3794 DEBUG(10, ("winbindd_validate_cache_nobackup: validation not "
3795 "successful.\n"));
3796 }
3797
3798 DEBUG(10, ("winbindd_validate_cache_nobackup: restoring panic "
3799 "function\n"));
3800 smb_panic_fn = smb_panic;
3801 return ret;
3802 }
3803
3804 bool winbindd_cache_validate_and_initialize(void)
3805 {
3806 close_winbindd_cache();
3807
3808 if (lp_winbind_offline_logon()) {
3809 if (winbindd_validate_cache() < 0) {
3810 DEBUG(0, ("winbindd cache tdb corrupt and no backup "
3811 "could be restored.\n"));
3812 }
3813 }
3814
3815 return initialize_winbindd_cache();
3816 }
3817
3818 /*********************************************************************
3819 ********************************************************************/
3820
3821 static bool add_wbdomain_to_tdc_array( struct winbindd_domain *new_dom,
3822 struct winbindd_tdc_domain **domains,
3823 size_t *num_domains )
3824 {
3825 struct winbindd_tdc_domain *list = NULL;
3826 size_t idx;
3827 int i;
3828 bool set_only = false;
3829
3830 /* don't allow duplicates */
3831
3832 idx = *num_domains;
3833 list = *domains;
3834
3835 for ( i=0; i< (*num_domains); i++ ) {
3836 if ( strequal( new_dom->name, list[i].domain_name ) ) {
3837 DEBUG(10,("add_wbdomain_to_tdc_array: Found existing record for %s\n",
3838 new_dom->name));
3839 idx = i;
3840 set_only = true;
3841
3842 break;
3843 }
3844 }
3845
3846 if ( !set_only ) {
3847 if ( !*domains ) {
3848 list = TALLOC_ARRAY( NULL, struct winbindd_tdc_domain, 1 );
3849 idx = 0;
3850 } else {
3851 list = TALLOC_REALLOC_ARRAY( *domains, *domains,
3852 struct winbindd_tdc_domain,
3853 (*num_domains)+1);
3854 idx = *num_domains;
3855 }
3856
3857 ZERO_STRUCT( list[idx] );
3858 }
3859
3860 if ( !list )
3861 return false;
3862
3863 list[idx].domain_name = talloc_strdup( list, new_dom->name );
3864 list[idx].dns_name = talloc_strdup( list, new_dom->alt_name );
3865
3866 if ( !is_null_sid( &new_dom->sid ) ) {
3867 sid_copy( &list[idx].sid, &new_dom->sid );
3868 } else {
3869 sid_copy(&list[idx].sid, &global_sid_NULL);
3870 }
3871
3872 if ( new_dom->domain_flags != 0x0 )
3873 list[idx].trust_flags = new_dom->domain_flags;
3874
3875 if ( new_dom->domain_type != 0x0 )
3876 list[idx].trust_type = new_dom->domain_type;
3877
3878 if ( new_dom->domain_trust_attribs != 0x0 )
3879 list[idx].trust_attribs = new_dom->domain_trust_attribs;
3880
3881 if ( !set_only ) {
3882 *domains = list;
3883 *num_domains = idx + 1;
3884 }
3885
3886 return true;
3887 }
3888
3889 /*********************************************************************
3890 ********************************************************************/
3891
3892 static TDB_DATA make_tdc_key( const char *domain_name )
3893 {
3894 char *keystr = NULL;
3895 TDB_DATA key = { NULL, 0 };
3896
3897 if ( !domain_name ) {
3898 DEBUG(5,("make_tdc_key: Keyname workgroup is NULL!\n"));
3899 return key;
3900 }
3901
3902 if (asprintf( &keystr, "TRUSTDOMCACHE/%s", domain_name ) == -1) {
3903 return key;
3904 }
3905 key = string_term_tdb_data(keystr);
3906
3907 return key;
3908 }
3909
3910 /*********************************************************************
3911 ********************************************************************/
3912
3913 static int pack_tdc_domains( struct winbindd_tdc_domain *domains,
3914 size_t num_domains,
3915 unsigned char **buf )
3916 {
3917 unsigned char *buffer = NULL;
3918 int len = 0;
3919 int buflen = 0;
3920 int i = 0;
3921
3922 DEBUG(10,("pack_tdc_domains: Packing %d trusted domains\n",
3923 (int)num_domains));
3924
3925 buflen = 0;
3926
3927 again:
3928 len = 0;
3929
3930 /* Store the number of array items first */
3931 len += tdb_pack( buffer+len, buflen-len, "d",
3932 num_domains );
3933
3934 /* now pack each domain trust record */
3935 for ( i=0; i<num_domains; i++ ) {
3936
3937 fstring tmp;
3938
3939 if ( buflen > 0 ) {
3940 DEBUG(10,("pack_tdc_domains: Packing domain %s (%s)\n",
3941 domains[i].domain_name,
3942 domains[i].dns_name ? domains[i].dns_name : "UNKNOWN" ));
3943 }
3944
3945 len += tdb_pack( buffer+len, buflen-len, "fffddd",
3946 domains[i].domain_name,
3947 domains[i].dns_name,
3948 sid_to_fstring(tmp, &domains[i].sid),
3949 domains[i].trust_flags,
3950 domains[i].trust_attribs,
3951 domains[i].trust_type );
3952 }
3953
3954 if ( buflen < len ) {
3955 SAFE_FREE(buffer);
3956 if ( (buffer = SMB_MALLOC_ARRAY(unsigned char, len)) == NULL ) {
3957 DEBUG(0,("pack_tdc_domains: failed to alloc buffer!\n"));
3958 buflen = -1;
3959 goto done;
3960 }
3961 buflen = len;
3962 goto again;
3963 }
3964
3965 *buf = buffer;
3966
3967 done:
3968 return buflen;
3969 }
3970
3971 /*********************************************************************
3972 ********************************************************************/
3973
3974 static size_t unpack_tdc_domains( unsigned char *buf, int buflen,
3975 struct winbindd_tdc_domain **domains )
3976 {
3977 fstring domain_name, dns_name, sid_string;
3978 uint32 type, attribs, flags;
3979 int num_domains;
3980 int len = 0;
3981 int i;
3982 struct winbindd_tdc_domain *list = NULL;
3983
3984 /* get the number of domains */
3985 len += tdb_unpack( buf+len, buflen-len, "d", &num_domains);
3986 if ( len == -1 ) {
3987 DEBUG(5,("unpack_tdc_domains: Failed to unpack domain array\n"));
3988 return 0;
3989 }
3990
3991 list = TALLOC_ARRAY( NULL, struct winbindd_tdc_domain, num_domains );
3992 if ( !list ) {
3993 DEBUG(0,("unpack_tdc_domains: Failed to talloc() domain list!\n"));
3994 return 0;
3995 }
3996
3997 for ( i=0; i<num_domains; i++ ) {
3998 len += tdb_unpack( buf+len, buflen-len, "fffddd",
3999 domain_name,
4000 dns_name,
4001 sid_string,
4002 &flags,
4003 &attribs,
4004 &type );
4005
4006 if ( len == -1 ) {
4007 DEBUG(5,("unpack_tdc_domains: Failed to unpack domain array\n"));
4008 TALLOC_FREE( list );
4009 return 0;
4010 }
4011
4012 DEBUG(11,("unpack_tdc_domains: Unpacking domain %s (%s) "
4013 "SID %s, flags = 0x%x, attribs = 0x%x, type = 0x%x\n",
4014 domain_name, dns_name, sid_string,
4015 flags, attribs, type));
4016
4017 list[i].domain_name = talloc_strdup( list, domain_name );
4018 list[i].dns_name = talloc_strdup( list, dns_name );
4019 if ( !string_to_sid( &(list[i].sid), sid_string ) ) {
4020 DEBUG(10,("unpack_tdc_domains: no SID for domain %s\n",
4021 domain_name));
4022 }
4023 list[i].trust_flags = flags;
4024 list[i].trust_attribs = attribs;
4025 list[i].trust_type = type;
4026 }
4027
4028 *domains = list;
4029
4030 return num_domains;
4031 }
4032
4033 /*********************************************************************
4034 ********************************************************************/
4035
4036 static bool wcache_tdc_store_list( struct winbindd_tdc_domain *domains, size_t num_domains )
4037 {
4038 TDB_DATA key = make_tdc_key( lp_workgroup() );
4039 TDB_DATA data = { NULL, 0 };
4040 int ret;
4041
4042 if ( !key.dptr )
4043 return false;
4044
4045 /* See if we were asked to delete the cache entry */
4046
4047 if ( !domains ) {
4048 ret = tdb_delete( wcache->tdb, key );
4049 goto done;
4050 }
4051
4052 data.dsize = pack_tdc_domains( domains, num_domains, &data.dptr );
4053
4054 if ( !data.dptr ) {
4055 ret = -1;
4056 goto done;
4057 }
4058
4059 ret = tdb_store( wcache->tdb, key, data, 0 );
4060
4061 done:
4062 SAFE_FREE( data.dptr );
4063 SAFE_FREE( key.dptr );
4064
4065 return ( ret != -1 );
4066 }
4067
4068 /*********************************************************************
4069 ********************************************************************/
4070
4071 bool wcache_tdc_fetch_list( struct winbindd_tdc_domain **domains, size_t *num_domains )
4072 {
4073 TDB_DATA key = make_tdc_key( lp_workgroup() );
4074 TDB_DATA data = { NULL, 0 };
4075
4076 *domains = NULL;
4077 *num_domains = 0;
4078
4079 if ( !key.dptr )
4080 return false;
4081
4082 data = tdb_fetch( wcache->tdb, key );
4083
4084 SAFE_FREE( key.dptr );
4085
4086 if ( !data.dptr )
4087 return false;
4088
4089 *num_domains = unpack_tdc_domains( data.dptr, data.dsize, domains );
4090
4091 SAFE_FREE( data.dptr );
4092
4093 if ( !*domains )
4094 return false;
4095
4096 return true;
4097 }
4098
4099 /*********************************************************************
4100 ********************************************************************/
4101
4102 bool wcache_tdc_add_domain( struct winbindd_domain *domain )
4103 {
4104 struct winbindd_tdc_domain *dom_list = NULL;
4105 size_t num_domains = 0;
4106 bool ret = false;
4107
4108 DEBUG(10,("wcache_tdc_add_domain: Adding domain %s (%s), SID %s, "
4109 "flags = 0x%x, attributes = 0x%x, type = 0x%x\n",
4110 domain->name, domain->alt_name,
4111 sid_string_dbg(&domain->sid),
4112 domain->domain_flags,
4113 domain->domain_trust_attribs,
4114 domain->domain_type));
4115
4116 if ( !init_wcache() ) {
4117 return false;
4118 }
4119
4120 /* fetch the list */
4121
4122 wcache_tdc_fetch_list( &dom_list, &num_domains );
4123
4124 /* add the new domain */
4125
4126 if ( !add_wbdomain_to_tdc_array( domain, &dom_list, &num_domains ) ) {
4127 goto done;
4128 }
4129
4130 /* pack the domain */
4131
4132 if ( !wcache_tdc_store_list( dom_list, num_domains ) ) {
4133 goto done;
4134 }
4135
4136 /* Success */
4137
4138 ret = true;
4139 done:
4140 TALLOC_FREE( dom_list );
4141
4142 return ret;
4143 }
4144
4145 /*********************************************************************
4146 ********************************************************************/
4147
4148 struct winbindd_tdc_domain * wcache_tdc_fetch_domain( TALLOC_CTX *ctx, const char *name )
4149 {
4150 struct winbindd_tdc_domain *dom_list = NULL;
4151 size_t num_domains = 0;
4152 int i;
4153 struct winbindd_tdc_domain *d = NULL;
4154
4155 DEBUG(10,("wcache_tdc_fetch_domain: Searching for domain %s\n", name));
4156
4157 if ( !init_wcache() ) {
4158 return false;
4159 }
4160
4161 /* fetch the list */
4162
4163 wcache_tdc_fetch_list( &dom_list, &num_domains );
4164
4165 for ( i=0; i<num_domains; i++ ) {
4166 if ( strequal(name, dom_list[i].domain_name) ||
4167 strequal(name, dom_list[i].dns_name) )
4168 {
4169 DEBUG(10,("wcache_tdc_fetch_domain: Found domain %s\n",
4170 name));
4171
4172 d = TALLOC_P( ctx, struct winbindd_tdc_domain );
4173 if ( !d )
4174 break;
4175
4176 d->domain_name = talloc_strdup( d, dom_list[i].domain_name );
4177 d->dns_name = talloc_strdup( d, dom_list[i].dns_name );
4178 sid_copy( &d->sid, &dom_list[i].sid );
4179 d->trust_flags = dom_list[i].trust_flags;
4180 d->trust_type = dom_list[i].trust_type;
4181 d->trust_attribs = dom_list[i].trust_attribs;
4182
4183 break;
4184 }
4185 }
4186
4187 TALLOC_FREE( dom_list );
4188
4189 return d;
4190 }
4191
4192
4193 /*********************************************************************
4194 ********************************************************************/
4195
4196 void wcache_tdc_clear( void )
4197 {
4198 if ( !init_wcache() )
4199 return;
4200
4201 wcache_tdc_store_list( NULL, 0 );
4202
4203 return;
4204 }
4205
4206
4207 /*********************************************************************
4208 ********************************************************************/
4209
4210 static void wcache_save_user_pwinfo(struct winbindd_domain *domain,
4211 NTSTATUS status,
4212 const DOM_SID *user_sid,
4213 const char *homedir,
4214 const char *shell,
4215 const char *gecos,
4216 uint32 gid)
4217 {
4218 struct cache_entry *centry;
4219 fstring tmp;
4220
4221 if ( (centry = centry_start(domain, status)) == NULL )
4222 return;
4223
4224 centry_put_string( centry, homedir );
4225 centry_put_string( centry, shell );
4226 centry_put_string( centry, gecos );
4227 centry_put_uint32( centry, gid );
4228
4229 centry_end(centry, "NSS/PWINFO/%s", sid_to_fstring(tmp, user_sid) );
4230
4231 DEBUG(10,("wcache_save_user_pwinfo: %s\n", sid_string_dbg(user_sid) ));
4232
4233 centry_free(centry);
4234 }
4235
4236 NTSTATUS nss_get_info_cached( struct winbindd_domain *domain,
4237 const DOM_SID *user_sid,
4238 TALLOC_CTX *ctx,
4239 ADS_STRUCT *ads, LDAPMessage *msg,
4240 const char **homedir, const char **shell,
4241 const char **gecos, gid_t *p_gid)
4242 {
4243 struct winbind_cache *cache = get_cache(domain);
4244 struct cache_entry *centry = NULL;
4245 NTSTATUS nt_status;
4246 fstring tmp;
4247
4248 if (!cache->tdb)
4249 goto do_query;
4250
4251 centry = wcache_fetch(cache, domain, "NSS/PWINFO/%s",
4252 sid_to_fstring(tmp, user_sid));
4253
4254 if (!centry)
4255 goto do_query;
4256
4257 *homedir = centry_string( centry, ctx );
4258 *shell = centry_string( centry, ctx );
4259 *gecos = centry_string( centry, ctx );
4260 *p_gid = centry_uint32( centry );
4261
4262 centry_free(centry);
4263
4264 DEBUG(10,("nss_get_info_cached: [Cached] - user_sid %s\n",
4265 sid_string_dbg(user_sid)));
4266
4267 return NT_STATUS_OK;
4268
4269 do_query:
4270
4271 nt_status = nss_get_info( domain->name, user_sid, ctx, ads, msg,
4272 homedir, shell, gecos, p_gid );
4273
4274 DEBUG(10, ("nss_get_info returned %s\n", nt_errstr(nt_status)));
4275
4276 if ( NT_STATUS_IS_OK(nt_status) ) {
4277 DEBUG(10, ("result:\n\thomedir = '%s'\n", *homedir));
4278 DEBUGADD(10, ("\tshell = '%s'\n", *shell));
4279 DEBUGADD(10, ("\tgecos = '%s'\n", *gecos));
4280 DEBUGADD(10, ("\tgid = '%u'\n", (unsigned int)*p_gid));
4281
4282 wcache_save_user_pwinfo( domain, nt_status, user_sid,
4283 *homedir, *shell, *gecos, *p_gid );
4284 }
4285
4286 if ( NT_STATUS_EQUAL( nt_status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND ) ) {
4287 DEBUG(5,("nss_get_info_cached: Setting domain %s offline\n",
4288 domain->name ));
4289 set_domain_offline( domain );
4290 }
4291
4292 return nt_status;
4293 }
4294
4295
4296 /* the cache backend methods are exposed via this structure */
4297 struct winbindd_methods cache_methods = {
4298 true,
4299 query_user_list,
4300 enum_dom_groups,
4301 enum_local_groups,
4302 name_to_sid,
4303 sid_to_name,
4304 rids_to_names,
4305 query_user,
4306 lookup_usergroups,
4307 lookup_useraliases,
4308 lookup_groupmem,
4309 sequence_number,
4310 lockout_policy,
4311 password_policy,
4312 trusted_domains
4313 };
4314
4315 static bool wcache_ndr_key(TALLOC_CTX *mem_ctx, char *domain_name,
4316 uint32_t opnum, const DATA_BLOB *req,
4317 TDB_DATA *pkey)
4318 {
4319 char *key;
4320 size_t keylen;
4321
4322 key = talloc_asprintf(mem_ctx, "NDR/%s/%d/", domain_name, (int)opnum);
4323 if (key == NULL) {
4324 return false;
4325 }
4326 keylen = talloc_get_size(key) - 1;
4327
4328 key = talloc_realloc(mem_ctx, key, char, keylen + req->length);
4329 if (key == NULL) {
4330 return false;
4331 }
4332 memcpy(key + keylen, req->data, req->length);
4333
4334 pkey->dptr = (uint8_t *)key;
4335 pkey->dsize = talloc_get_size(key);
4336 return true;
4337 }
4338
4339 bool wcache_fetch_ndr(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain,
4340 uint32_t opnum, const DATA_BLOB *req, DATA_BLOB *resp)
4341 {
4342 TDB_DATA key, data;
4343 bool ret = false;
4344
4345 if (wcache->tdb == NULL) {
4346 return false;
4347 }
4348
4349 if (!wcache_ndr_key(talloc_tos(), domain->name, opnum, req, &key)) {
4350 return false;
4351 }
4352 data = tdb_fetch(wcache->tdb, key);
4353 TALLOC_FREE(key.dptr);
4354
4355 if (data.dptr == NULL) {
4356 return false;
4357 }
4358 if (data.dsize < 4) {
4359 goto fail;
4360 }
4361
4362 if (IS_DOMAIN_ONLINE(domain)) {
4363 uint32_t entry_seqnum, dom_seqnum, last_check;
4364
4365 if (!wcache_fetch_seqnum(domain->name, &dom_seqnum,
4366 &last_check)) {
4367 goto fail;
4368 }
4369 entry_seqnum = IVAL(data.dptr, 0);
4370 if (entry_seqnum != dom_seqnum) {
4371 DEBUG(10, ("Entry has wrong sequence number: %d\n",
4372 (int)entry_seqnum));
4373 goto fail;
4374 }
4375 }
4376
4377 resp->data = (uint8_t *)talloc_memdup(mem_ctx, data.dptr + 4,
4378 data.dsize - 4);
4379 if (resp->data == NULL) {
4380 DEBUG(10, ("talloc failed\n"));
4381 goto fail;
4382 }
4383 resp->length = data.dsize - 4;
4384
4385 ret = true;
4386 fail:
4387 SAFE_FREE(data.dptr);
4388 return ret;
4389 }
4390
4391 void wcache_store_ndr(struct winbindd_domain *domain, uint32_t opnum,
4392 const DATA_BLOB *req, const DATA_BLOB *resp)
4393 {
4394 TDB_DATA key, data;
4395 uint32_t dom_seqnum, last_check;
4396
4397 if (wcache->tdb == NULL) {
4398 return;
4399 }
4400
4401 if (!wcache_fetch_seqnum(domain->name, &dom_seqnum, &last_check)) {
4402 DEBUG(10, ("could not fetch seqnum for domain %s\n",
4403 domain->name));
4404 return;
4405 }
4406
4407 if (!wcache_ndr_key(talloc_tos(), domain->name, opnum, req, &key)) {
4408 return;
4409 }
4410
4411 data.dsize = resp->length + 4;
4412 data.dptr = talloc_array(key.dptr, uint8_t, data.dsize);
4413 if (data.dptr == NULL) {
4414 goto done;
4415 }
4416
4417 SIVAL(data.dptr, 0, dom_seqnum);
4418 memcpy(data.dptr+4, resp->data, resp->length);
4419
4420 tdb_store(wcache->tdb, key, data, 0);
4421
4422 done:
4423 TALLOC_FREE(key.dptr);
4424 return;
4425 }
aatanasov's samba4 branch