source3/winbindd/idmap_cache.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    ID Mapping Cache
   4
   5    Copyright (C) Volker Lendecke        2008
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 3 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program.  If not, see <http://www.gnu.org/licenses/>.*/
  19
  20 #include "includes.h"
  21 #include "winbindd.h"
  22
  23 /**
  24  * Find a sid2uid mapping
  25  * @param[in] sid               the sid to map
  26  * @param[out] puid             where to put the result
  27  * @param[out] expired          is the cache entry expired?
  28  * @retval Was anything in the cache at all?
  29  *
  30  * If *puid == -1 this was a negative mapping.
  31  */
  32
  33 bool idmap_cache_find_sid2uid(const struct dom_sid *sid, uid_t *puid,
  34                               bool *expired)
  35 {
  36         fstring sidstr;
  37         char *key;
  38         char *value;
  39         char *endptr;
  40         time_t timeout;
  41         uid_t uid;
  42         bool ret;
  43
  44         key = talloc_asprintf(talloc_tos(), "IDMAP/SID2UID/%s",
  45                               sid_to_fstring(sidstr, sid));
  46         if (key == NULL) {
  47                 return false;
  48         }
  49         ret = gencache_get(key, &value, &timeout);
  50         TALLOC_FREE(key);
  51         if (!ret) {
  52                 return false;
  53         }
  54         uid = strtol(value, &endptr, 10);
  55         ret = (*endptr == '\0');
  56         SAFE_FREE(value);
  57         if (ret) {
  58                 *puid = uid;
  59                 *expired = (timeout <= time(NULL));
  60         }
  61         return ret;
  62 }
  63
  64 /**
  65  * Find a uid2sid mapping
  66  * @param[in] uid               the uid to map
  67  * @param[out] sid              where to put the result
  68  * @param[out] expired          is the cache entry expired?
  69  * @retval Was anything in the cache at all?
  70  *
  71  * If "is_null_sid(sid)", this was a negative mapping.
  72  */
  73
  74 bool idmap_cache_find_uid2sid(uid_t uid, struct dom_sid *sid, bool *expired)
  75 {
  76         char *key;
  77         char *value;
  78         time_t timeout;
  79         bool ret = true;
  80
  81         key = talloc_asprintf(talloc_tos(), "IDMAP/UID2SID/%d", (int)uid);
  82         if (key == NULL) {
  83                 return false;
  84         }
  85         ret = gencache_get(key, &value, &timeout);
  86         TALLOC_FREE(key);
  87         if (!ret) {
  88                 return false;
  89         }
  90         ZERO_STRUCTP(sid);
  91         if (value[0] != '-') {
  92                 ret = string_to_sid(sid, value);
  93         }
  94         SAFE_FREE(value);
  95         if (ret) {
  96                 *expired = (timeout <= time(NULL));
  97         }
  98         return ret;
  99 }
 100
 101 /**
 102  * Store a mapping in the idmap cache
 103  * @param[in] sid               the sid to map
 104  * @param[in] uid               the uid to map
 105  *
 106  * If both parameters are valid values, then a positive mapping in both
 107  * directions is stored. If "is_null_sid(sid)" is true, then this will be a
 108  * negative mapping of uid, we want to cache that for this uid we could not
 109  * find anything. Likewise if "uid==-1", then we want to cache that we did not
 110  * find a mapping for the sid passed here.
 111  */
 112
 113 void idmap_cache_set_sid2uid(const struct dom_sid *sid, uid_t uid)
 114 {
 115         time_t now = time(NULL);
 116         time_t timeout;
 117         fstring sidstr, key, value;
 118
 119         if (!is_null_sid(sid)) {
 120                 fstr_sprintf(key, "IDMAP/SID2UID/%s",
 121                              sid_to_fstring(sidstr, sid));
 122                 fstr_sprintf(value, "%d", (int)uid);
 123                 timeout = (uid == -1)
 124                         ? lp_idmap_negative_cache_time()
 125                         : lp_idmap_cache_time();
 126                 gencache_set(key, value, now + timeout);
 127         }
 128         if (uid != -1) {
 129                 fstr_sprintf(key, "IDMAP/UID2SID/%d", (int)uid);
 130                 if (is_null_sid(sid)) {
 131                         /* negative uid mapping */
 132                         fstrcpy(value, "-");
 133                         timeout = lp_idmap_negative_cache_time();
 134                 }
 135                 else {
 136                         sid_to_fstring(value, sid);
 137                         timeout = lp_idmap_cache_time();
 138                 }
 139                 gencache_set(key, value, now + timeout);
 140         }
 141 }
 142
 143 /**
 144  * Find a sid2gid mapping
 145  * @param[in] sid               the sid to map
 146  * @param[out] pgid             where to put the result
 147  * @param[out] expired          is the cache entry expired?
 148  * @retval Was anything in the cache at all?
 149  *
 150  * If *pgid == -1 this was a negative mapping.
 151  */
 152
 153 bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid,
 154                               bool *expired)
 155 {
 156         fstring sidstr;
 157         char *key;
 158         char *value;
 159         char *endptr;
 160         time_t timeout;
 161         gid_t gid;
 162         bool ret;
 163
 164         key = talloc_asprintf(talloc_tos(), "IDMAP/SID2GID/%s",
 165                               sid_to_fstring(sidstr, sid));
 166         if (key == NULL) {
 167                 return false;
 168         }
 169         ret = gencache_get(key, &value, &timeout);
 170         TALLOC_FREE(key);
 171         if (!ret) {
 172                 return false;
 173         }
 174         gid = strtol(value, &endptr, 10);
 175         ret = (*endptr == '\0');
 176         SAFE_FREE(value);
 177         if (ret) {
 178                 *pgid = gid;
 179                 *expired = (timeout <= time(NULL));
 180         }
 181         return ret;
 182 }
 183
 184 /**
 185  * Find a gid2sid mapping
 186  * @param[in] gid               the gid to map
 187  * @param[out] sid              where to put the result
 188  * @param[out] expired          is the cache entry expired?
 189  * @retval Was anything in the cache at all?
 190  *
 191  * If "is_null_sid(sid)", this was a negative mapping.
 192  */
 193
 194 bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired)
 195 {
 196         char *key;
 197         char *value;
 198         time_t timeout;
 199         bool ret = true;
 200
 201         key = talloc_asprintf(talloc_tos(), "IDMAP/GID2SID/%d", (int)gid);
 202         if (key == NULL) {
 203                 return false;
 204         }
 205         ret = gencache_get(key, &value, &timeout);
 206         TALLOC_FREE(key);
 207         if (!ret) {
 208                 return false;
 209         }
 210         ZERO_STRUCTP(sid);
 211         if (value[0] != '-') {
 212                 ret = string_to_sid(sid, value);
 213         }
 214         SAFE_FREE(value);
 215         if (ret) {
 216                 *expired = (timeout <= time(NULL));
 217         }
 218         return ret;
 219 }
 220
 221 /**
 222  * Store a mapping in the idmap cache
 223  * @param[in] sid               the sid to map
 224  * @param[in] gid               the gid to map
 225  *
 226  * If both parameters are valid values, then a positive mapping in both
 227  * directions is stored. If "is_null_sid(sid)" is true, then this will be a
 228  * negative mapping of gid, we want to cache that for this gid we could not
 229  * find anything. Likewise if "gid==-1", then we want to cache that we did not
 230  * find a mapping for the sid passed here.
 231  */
 232
 233 void idmap_cache_set_sid2gid(const struct dom_sid *sid, gid_t gid)
 234 {
 235         time_t now = time(NULL);
 236         time_t timeout;
 237         fstring sidstr, key, value;
 238
 239         if (!is_null_sid(sid)) {
 240                 fstr_sprintf(key, "IDMAP/SID2GID/%s",
 241                              sid_to_fstring(sidstr, sid));
 242                 fstr_sprintf(value, "%d", (int)gid);
 243                 timeout = (gid == -1)
 244                         ? lp_idmap_negative_cache_time()
 245                         : lp_idmap_cache_time();
 246                 gencache_set(key, value, now + timeout);
 247         }
 248         if (gid != -1) {
 249                 fstr_sprintf(key, "IDMAP/GID2SID/%d", (int)gid);
 250                 if (is_null_sid(sid)) {
 251                         /* negative gid mapping */
 252                         fstrcpy(value, "-");
 253                         timeout = lp_idmap_negative_cache_time();
 254                 }
 255                 else {
 256                         sid_to_fstring(value, sid);
 257                         timeout = lp_idmap_cache_time();
 258                 }
 259                 gencache_set(key, value, now + timeout);
 260         }
 261 }