2 Unix SMB/CIFS implementation.
4 Winbind cache backend functions
6 Copyright (C) Andrew Tridgell 2001
7 Copyright (C) Gerald Carter 2003
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 #define DBGC_CLASS DBGC_WINBIND
31 struct winbind_cache
{
37 uint32 sequence_number
;
42 #define WINBINDD_MAX_CACHE_SIZE (50*1024*1024)
44 static struct winbind_cache
*wcache
;
47 void wcache_flush_cache(void)
49 extern BOOL opt_nocache
;
54 tdb_close(wcache
->tdb
);
60 wcache
->tdb
= tdb_open_log(lock_path("winbindd_cache.tdb"), 5000,
61 TDB_CLEAR_IF_FIRST
, O_RDWR
|O_CREAT
, 0600);
64 DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
66 DEBUG(10,("wcache_flush_cache success\n"));
69 void winbindd_check_cache_size(time_t t
)
71 static time_t last_check_time
;
74 if (last_check_time
== (time_t)0)
77 if (t
- last_check_time
< 60 && t
- last_check_time
> 0)
80 if (wcache
== NULL
|| wcache
->tdb
== NULL
) {
81 DEBUG(0, ("Unable to check size of tdb cache - cache not open !\n"));
85 if (fstat(wcache
->tdb
->fd
, &st
) == -1) {
86 DEBUG(0, ("Unable to check size of tdb cache %s!\n", strerror(errno
) ));
90 if (st
.st_size
> WINBINDD_MAX_CACHE_SIZE
) {
91 DEBUG(10,("flushing cache due to size (%lu) > (%lu)\n",
92 (unsigned long)st
.st_size
,
93 (unsigned long)WINBINDD_MAX_CACHE_SIZE
));
98 /* get the winbind_cache structure */
99 static struct winbind_cache
*get_cache(struct winbindd_domain
*domain
)
101 struct winbind_cache
*ret
= wcache
;
103 if (!domain
->backend
) {
104 extern struct winbindd_methods msrpc_methods
;
105 switch (lp_security()) {
108 extern struct winbindd_methods ads_methods
;
109 /* always obey the lp_security parameter for our domain */
110 if (domain
->primary
) {
111 domain
->backend
= &ads_methods
;
115 /* only use ADS for native modes at the momment.
116 The problem is the correct detection of mixed
117 mode domains from NT4 BDC's --jerry */
119 if ( domain
->native_mode
) {
120 DEBUG(5,("get_cache: Setting ADS methods for domain %s\n",
122 domain
->backend
= &ads_methods
;
130 DEBUG(5,("get_cache: Setting MS-RPC methods for domain %s\n",
132 domain
->backend
= &msrpc_methods
;
139 ret
= smb_xmalloc(sizeof(*ret
));
143 wcache_flush_cache();
149 free a centry structure
151 static void centry_free(struct cache_entry
*centry
)
155 SAFE_FREE(centry
->data
);
160 pull a uint32 from a cache entry
162 static uint32
centry_uint32(struct cache_entry
*centry
)
165 if (centry
->len
- centry
->ofs
< 4) {
166 DEBUG(0,("centry corruption? needed 4 bytes, have %d\n",
167 centry
->len
- centry
->ofs
));
168 smb_panic("centry_uint32");
170 ret
= IVAL(centry
->data
, centry
->ofs
);
176 pull a uint8 from a cache entry
178 static uint8
centry_uint8(struct cache_entry
*centry
)
181 if (centry
->len
- centry
->ofs
< 1) {
182 DEBUG(0,("centry corruption? needed 1 bytes, have %d\n",
183 centry
->len
- centry
->ofs
));
184 smb_panic("centry_uint32");
186 ret
= CVAL(centry
->data
, centry
->ofs
);
191 /* pull a string from a cache entry, using the supplied
194 static char *centry_string(struct cache_entry
*centry
, TALLOC_CTX
*mem_ctx
)
199 len
= centry_uint8(centry
);
202 /* a deliberate NULL string */
206 if (centry
->len
- centry
->ofs
< len
) {
207 DEBUG(0,("centry corruption? needed %d bytes, have %d\n",
208 len
, centry
->len
- centry
->ofs
));
209 smb_panic("centry_string");
212 ret
= talloc(mem_ctx
, len
+1);
214 smb_panic("centry_string out of memory\n");
216 memcpy(ret
,centry
->data
+ centry
->ofs
, len
);
222 /* pull a string from a cache entry, using the supplied
225 static DOM_SID
*centry_sid(struct cache_entry
*centry
, TALLOC_CTX
*mem_ctx
)
230 sid
= talloc(mem_ctx
, sizeof(*sid
));
234 sid_string
= centry_string(centry
, mem_ctx
);
235 if (!string_to_sid(sid
, sid_string
)) {
241 /* the server is considered down if it can't give us a sequence number */
242 static BOOL
wcache_server_down(struct winbindd_domain
*domain
)
249 ret
= (domain
->sequence_number
== DOM_SEQUENCE_NONE
);
252 DEBUG(10,("wcache_server_down: server for Domain %s down\n",
257 static NTSTATUS
fetch_cache_seqnum( struct winbindd_domain
*domain
, time_t now
)
264 DEBUG(10,("fetch_cache_seqnum: tdb == NULL\n"));
265 return NT_STATUS_UNSUCCESSFUL
;
268 fstr_sprintf( key
, "SEQNUM/%s", domain
->name
);
270 data
= tdb_fetch_bystring( wcache
->tdb
, key
);
271 if ( !data
.dptr
|| data
.dsize
!=8 ) {
272 DEBUG(10,("fetch_cache_seqnum: invalid data size key [%s]\n", key
));
273 return NT_STATUS_UNSUCCESSFUL
;
276 domain
->sequence_number
= IVAL(data
.dptr
, 0);
277 domain
->last_seq_check
= IVAL(data
.dptr
, 4);
279 SAFE_FREE(data
.dptr
);
281 /* have we expired? */
283 time_diff
= now
- domain
->last_seq_check
;
284 if ( time_diff
> lp_winbind_cache_time() ) {
285 DEBUG(10,("fetch_cache_seqnum: timeout [%s][%u @ %u]\n",
286 domain
->name
, domain
->sequence_number
,
287 (uint32
)domain
->last_seq_check
));
288 return NT_STATUS_UNSUCCESSFUL
;
291 DEBUG(10,("fetch_cache_seqnum: success [%s][%u @ %u]\n",
292 domain
->name
, domain
->sequence_number
,
293 (uint32
)domain
->last_seq_check
));
298 static NTSTATUS
store_cache_seqnum( struct winbindd_domain
*domain
)
305 DEBUG(10,("store_cache_seqnum: tdb == NULL\n"));
306 return NT_STATUS_UNSUCCESSFUL
;
309 fstr_sprintf( key_str
, "SEQNUM/%s", domain
->name
);
311 key
.dsize
= strlen(key_str
)+1;
313 SIVAL(buf
, 0, domain
->sequence_number
);
314 SIVAL(buf
, 4, domain
->last_seq_check
);
318 if ( tdb_store( wcache
->tdb
, key
, data
, TDB_REPLACE
) == -1 ) {
319 DEBUG(10,("store_cache_seqnum: tdb_store fail key [%s]\n", key_str
));
320 return NT_STATUS_UNSUCCESSFUL
;
323 DEBUG(10,("store_cache_seqnum: success [%s][%u @ %u]\n",
324 domain
->name
, domain
->sequence_number
,
325 (uint32
)domain
->last_seq_check
));
331 refresh the domain sequence number. If force is True
332 then always refresh it, no matter how recently we fetched it
335 static void refresh_sequence_number(struct winbindd_domain
*domain
, BOOL force
)
339 time_t t
= time(NULL
);
340 unsigned cache_time
= lp_winbind_cache_time();
344 #if 0 /* JERRY -- disable as the default cache time is now 5 minutes */
345 /* trying to reconnect is expensive, don't do it too often */
346 if (domain
->sequence_number
== DOM_SEQUENCE_NONE
) {
351 time_diff
= t
- domain
->last_seq_check
;
353 /* see if we have to refetch the domain sequence number */
354 if (!force
&& (time_diff
< cache_time
)) {
355 DEBUG(10, ("refresh_sequence_number: %s time ok\n", domain
->name
));
359 /* try to get the sequence number from the tdb cache first */
360 /* this will update the timestamp as well */
362 status
= fetch_cache_seqnum( domain
, t
);
363 if ( NT_STATUS_IS_OK(status
) )
366 status
= domain
->backend
->sequence_number(domain
, &domain
->sequence_number
);
368 if (!NT_STATUS_IS_OK(status
)) {
369 domain
->sequence_number
= DOM_SEQUENCE_NONE
;
372 domain
->last_status
= status
;
373 domain
->last_seq_check
= time(NULL
);
375 /* save the new sequence number ni the cache */
376 store_cache_seqnum( domain
);
379 DEBUG(10, ("refresh_sequence_number: %s seq number is now %d\n",
380 domain
->name
, domain
->sequence_number
));
386 decide if a cache entry has expired
388 static BOOL
centry_expired(struct winbindd_domain
*domain
, const char *keystr
, struct cache_entry
*centry
)
390 /* if the server is OK and our cache entry came from when it was down then
391 the entry is invalid */
392 if (domain
->sequence_number
!= DOM_SEQUENCE_NONE
&&
393 centry
->sequence_number
== DOM_SEQUENCE_NONE
) {
394 DEBUG(10,("centry_expired: Key %s for domain %s invalid sequence.\n",
395 keystr
, domain
->name
));
399 /* if the server is down or the cache entry is not older than the
400 current sequence number then it is OK */
401 if (wcache_server_down(domain
) ||
402 centry
->sequence_number
== domain
->sequence_number
) {
403 DEBUG(10,("centry_expired: Key %s for domain %s is good.\n",
404 keystr
, domain
->name
));
408 DEBUG(10,("centry_expired: Key %s for domain %s expired\n",
409 keystr
, domain
->name
));
416 fetch an entry from the cache, with a varargs key. auto-fetch the sequence
417 number and return status
419 static struct cache_entry
*wcache_fetch(struct winbind_cache
*cache
,
420 struct winbindd_domain
*domain
,
421 const char *format
, ...) PRINTF_ATTRIBUTE(3,4);
422 static struct cache_entry
*wcache_fetch(struct winbind_cache
*cache
,
423 struct winbindd_domain
*domain
,
424 const char *format
, ...)
429 struct cache_entry
*centry
;
432 refresh_sequence_number(domain
, False
);
434 va_start(ap
, format
);
435 smb_xvasprintf(&kstr
, format
, ap
);
439 key
.dsize
= strlen(kstr
);
440 data
= tdb_fetch(wcache
->tdb
, key
);
447 centry
= smb_xmalloc(sizeof(*centry
));
448 centry
->data
= (unsigned char *)data
.dptr
;
449 centry
->len
= data
.dsize
;
452 if (centry
->len
< 8) {
453 /* huh? corrupt cache? */
454 DEBUG(10,("wcache_fetch: Corrupt cache for key %s domain %s (len < 8) ?\n",
455 kstr
, domain
->name
));
461 centry
->status
= NT_STATUS(centry_uint32(centry
));
462 centry
->sequence_number
= centry_uint32(centry
);
464 if (centry_expired(domain
, kstr
, centry
)) {
465 extern BOOL opt_dual_daemon
;
467 DEBUG(10,("wcache_fetch: entry %s expired for domain %s\n",
468 kstr
, domain
->name
));
470 if (opt_dual_daemon
) {
471 extern BOOL background_process
;
472 background_process
= True
;
473 DEBUG(10,("wcache_fetch: background processing expired entry %s for domain %s\n",
474 kstr
, domain
->name
));
482 DEBUG(10,("wcache_fetch: returning entry %s for domain %s\n",
483 kstr
, domain
->name
));
490 make sure we have at least len bytes available in a centry
492 static void centry_expand(struct cache_entry
*centry
, uint32 len
)
495 if (centry
->len
- centry
->ofs
>= len
)
498 p
= realloc(centry
->data
, centry
->len
);
500 DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry
->len
));
501 smb_panic("out of memory in centry_expand");
507 push a uint32 into a centry
509 static void centry_put_uint32(struct cache_entry
*centry
, uint32 v
)
511 centry_expand(centry
, 4);
512 SIVAL(centry
->data
, centry
->ofs
, v
);
517 push a uint8 into a centry
519 static void centry_put_uint8(struct cache_entry
*centry
, uint8 v
)
521 centry_expand(centry
, 1);
522 SCVAL(centry
->data
, centry
->ofs
, v
);
527 push a string into a centry
529 static void centry_put_string(struct cache_entry
*centry
, const char *s
)
534 /* null strings are marked as len 0xFFFF */
535 centry_put_uint8(centry
, 0xFF);
540 /* can't handle more than 254 char strings. Truncating is probably best */
543 centry_put_uint8(centry
, len
);
544 centry_expand(centry
, len
);
545 memcpy(centry
->data
+ centry
->ofs
, s
, len
);
549 static void centry_put_sid(struct cache_entry
*centry
, const DOM_SID
*sid
)
552 centry_put_string(centry
, sid_to_string(sid_string
, sid
));
556 start a centry for output. When finished, call centry_end()
558 struct cache_entry
*centry_start(struct winbindd_domain
*domain
, NTSTATUS status
)
560 struct cache_entry
*centry
;
565 centry
= smb_xmalloc(sizeof(*centry
));
567 centry
->len
= 8192; /* reasonable default */
568 centry
->data
= smb_xmalloc(centry
->len
);
570 centry
->sequence_number
= domain
->sequence_number
;
571 centry_put_uint32(centry
, NT_STATUS_V(status
));
572 centry_put_uint32(centry
, centry
->sequence_number
);
577 finish a centry and write it to the tdb
579 static void centry_end(struct cache_entry
*centry
, const char *format
, ...) PRINTF_ATTRIBUTE(2,3);
580 static void centry_end(struct cache_entry
*centry
, const char *format
, ...)
586 va_start(ap
, format
);
587 smb_xvasprintf(&kstr
, format
, ap
);
591 key
.dsize
= strlen(kstr
);
592 data
.dptr
= (char *)centry
->data
;
593 data
.dsize
= centry
->ofs
;
595 tdb_store(wcache
->tdb
, key
, data
, TDB_REPLACE
);
599 static void wcache_save_name_to_sid(struct winbindd_domain
*domain
,
600 NTSTATUS status
, const char *domain_name
,
601 const char *name
, const DOM_SID
*sid
,
602 enum SID_NAME_USE type
)
604 struct cache_entry
*centry
;
608 centry
= centry_start(domain
, status
);
611 centry_put_uint32(centry
, type
);
612 centry_put_sid(centry
, sid
);
613 fstrcpy(uname
, name
);
615 centry_end(centry
, "NS/%s/%s", domain_name
, uname
);
616 DEBUG(10,("wcache_save_name_to_sid: %s -> %s\n", uname
, sid_string
));
620 static void wcache_save_sid_to_name(struct winbindd_domain
*domain
, NTSTATUS status
,
621 const DOM_SID
*sid
, const char *domain_name
, const char *name
, enum SID_NAME_USE type
)
623 struct cache_entry
*centry
;
626 centry
= centry_start(domain
, status
);
629 if (NT_STATUS_IS_OK(status
)) {
630 centry_put_uint32(centry
, type
);
631 centry_put_string(centry
, domain_name
);
632 centry_put_string(centry
, name
);
634 centry_end(centry
, "SN/%s", sid_to_string(sid_string
, sid
));
635 DEBUG(10,("wcache_save_sid_to_name: %s -> %s\n", sid_string
, name
));
640 static void wcache_save_user(struct winbindd_domain
*domain
, NTSTATUS status
, WINBIND_USERINFO
*info
)
642 struct cache_entry
*centry
;
645 centry
= centry_start(domain
, status
);
648 centry_put_string(centry
, info
->acct_name
);
649 centry_put_string(centry
, info
->full_name
);
650 centry_put_sid(centry
, info
->user_sid
);
651 centry_put_sid(centry
, info
->group_sid
);
652 centry_end(centry
, "U/%s", sid_to_string(sid_string
, info
->user_sid
));
653 DEBUG(10,("wcache_save_user: %s (acct_name %s)\n", sid_string
, info
->acct_name
));
658 /* Query display info. This is the basic user list fn */
659 static NTSTATUS
query_user_list(struct winbindd_domain
*domain
,
662 WINBIND_USERINFO
**info
)
664 struct winbind_cache
*cache
= get_cache(domain
);
665 struct cache_entry
*centry
= NULL
;
667 unsigned int i
, retry
;
672 centry
= wcache_fetch(cache
, domain
, "UL/%s", domain
->name
);
676 *num_entries
= centry_uint32(centry
);
678 if (*num_entries
== 0)
681 (*info
) = talloc(mem_ctx
, sizeof(**info
) * (*num_entries
));
683 smb_panic("query_user_list out of memory");
684 for (i
=0; i
<(*num_entries
); i
++) {
685 (*info
)[i
].acct_name
= centry_string(centry
, mem_ctx
);
686 (*info
)[i
].full_name
= centry_string(centry
, mem_ctx
);
687 (*info
)[i
].user_sid
= centry_sid(centry
, mem_ctx
);
688 (*info
)[i
].group_sid
= centry_sid(centry
, mem_ctx
);
692 status
= centry
->status
;
694 DEBUG(10,("query_user_list: [Cached] - cached list for domain %s status %s\n",
695 domain
->name
, get_friendly_nt_error_msg(status
) ));
704 /* Return status value returned by seq number check */
706 if (!NT_STATUS_IS_OK(domain
->last_status
))
707 return domain
->last_status
;
709 /* Put the query_user_list() in a retry loop. There appears to be
710 * some bug either with Windows 2000 or Samba's handling of large
711 * rpc replies. This manifests itself as sudden disconnection
712 * at a random point in the enumeration of a large (60k) user list.
713 * The retry loop simply tries the operation again. )-: It's not
714 * pretty but an acceptable workaround until we work out what the
715 * real problem is. */
720 DEBUG(10,("query_user_list: [Cached] - doing backend query for list for domain %s\n",
723 status
= domain
->backend
->query_user_list(domain
, mem_ctx
, num_entries
, info
);
724 if (!NT_STATUS_IS_OK(status
))
725 DEBUG(3, ("query_user_list: returned 0x%08x, retrying\n", NT_STATUS_V(status
)));
726 if (NT_STATUS_V(status
) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL
)) {
727 DEBUG(3, ("query_user_list: flushing connection cache\n"));
731 } while (NT_STATUS_V(status
) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL
) &&
735 refresh_sequence_number(domain
, False
);
736 centry
= centry_start(domain
, status
);
739 centry_put_uint32(centry
, *num_entries
);
740 for (i
=0; i
<(*num_entries
); i
++) {
741 centry_put_string(centry
, (*info
)[i
].acct_name
);
742 centry_put_string(centry
, (*info
)[i
].full_name
);
743 centry_put_sid(centry
, (*info
)[i
].user_sid
);
744 centry_put_sid(centry
, (*info
)[i
].group_sid
);
745 if (domain
->backend
->consistent
) {
746 /* when the backend is consistent we can pre-prime some mappings */
747 wcache_save_name_to_sid(domain
, NT_STATUS_OK
,
748 (*info
)[i
].acct_name
,
752 wcache_save_sid_to_name(domain
, NT_STATUS_OK
,
755 (*info
)[i
].acct_name
,
757 wcache_save_user(domain
, NT_STATUS_OK
, &(*info
)[i
]);
760 centry_end(centry
, "UL/%s", domain
->name
);
767 /* list all domain groups */
768 static NTSTATUS
enum_dom_groups(struct winbindd_domain
*domain
,
771 struct acct_info
**info
)
773 struct winbind_cache
*cache
= get_cache(domain
);
774 struct cache_entry
*centry
= NULL
;
781 centry
= wcache_fetch(cache
, domain
, "GL/%s/domain", domain
->name
);
785 *num_entries
= centry_uint32(centry
);
787 if (*num_entries
== 0)
790 (*info
) = talloc(mem_ctx
, sizeof(**info
) * (*num_entries
));
792 smb_panic("enum_dom_groups out of memory");
793 for (i
=0; i
<(*num_entries
); i
++) {
794 fstrcpy((*info
)[i
].acct_name
, centry_string(centry
, mem_ctx
));
795 fstrcpy((*info
)[i
].acct_desc
, centry_string(centry
, mem_ctx
));
796 (*info
)[i
].rid
= centry_uint32(centry
);
800 status
= centry
->status
;
802 DEBUG(10,("enum_dom_groups: [Cached] - cached list for domain %s status %s\n",
803 domain
->name
, get_friendly_nt_error_msg(status
) ));
812 /* Return status value returned by seq number check */
814 if (!NT_STATUS_IS_OK(domain
->last_status
))
815 return domain
->last_status
;
817 DEBUG(10,("enum_dom_groups: [Cached] - doing backend query for list for domain %s\n",
820 status
= domain
->backend
->enum_dom_groups(domain
, mem_ctx
, num_entries
, info
);
823 refresh_sequence_number(domain
, False
);
824 centry
= centry_start(domain
, status
);
827 centry_put_uint32(centry
, *num_entries
);
828 for (i
=0; i
<(*num_entries
); i
++) {
829 centry_put_string(centry
, (*info
)[i
].acct_name
);
830 centry_put_string(centry
, (*info
)[i
].acct_desc
);
831 centry_put_uint32(centry
, (*info
)[i
].rid
);
833 centry_end(centry
, "GL/%s/domain", domain
->name
);
840 /* list all domain groups */
841 static NTSTATUS
enum_local_groups(struct winbindd_domain
*domain
,
844 struct acct_info
**info
)
846 struct winbind_cache
*cache
= get_cache(domain
);
847 struct cache_entry
*centry
= NULL
;
854 centry
= wcache_fetch(cache
, domain
, "GL/%s/local", domain
->name
);
858 *num_entries
= centry_uint32(centry
);
860 if (*num_entries
== 0)
863 (*info
) = talloc(mem_ctx
, sizeof(**info
) * (*num_entries
));
865 smb_panic("enum_dom_groups out of memory");
866 for (i
=0; i
<(*num_entries
); i
++) {
867 fstrcpy((*info
)[i
].acct_name
, centry_string(centry
, mem_ctx
));
868 fstrcpy((*info
)[i
].acct_desc
, centry_string(centry
, mem_ctx
));
869 (*info
)[i
].rid
= centry_uint32(centry
);
874 /* If we are returning cached data and the domain controller
875 is down then we don't know whether the data is up to date
876 or not. Return NT_STATUS_MORE_PROCESSING_REQUIRED to
879 if (wcache_server_down(domain
)) {
880 DEBUG(10, ("enum_local_groups: returning cached user list and server was down\n"));
881 status
= NT_STATUS_MORE_PROCESSING_REQUIRED
;
883 status
= centry
->status
;
885 DEBUG(10,("enum_local_groups: [Cached] - cached list for domain %s status %s\n",
886 domain
->name
, get_friendly_nt_error_msg(status
) ));
895 /* Return status value returned by seq number check */
897 if (!NT_STATUS_IS_OK(domain
->last_status
))
898 return domain
->last_status
;
900 DEBUG(10,("enum_local_groups: [Cached] - doing backend query for list for domain %s\n",
903 status
= domain
->backend
->enum_local_groups(domain
, mem_ctx
, num_entries
, info
);
906 refresh_sequence_number(domain
, False
);
907 centry
= centry_start(domain
, status
);
910 centry_put_uint32(centry
, *num_entries
);
911 for (i
=0; i
<(*num_entries
); i
++) {
912 centry_put_string(centry
, (*info
)[i
].acct_name
);
913 centry_put_string(centry
, (*info
)[i
].acct_desc
);
914 centry_put_uint32(centry
, (*info
)[i
].rid
);
916 centry_end(centry
, "GL/%s/local", domain
->name
);
923 /* convert a single name to a sid in a domain */
924 static NTSTATUS
name_to_sid(struct winbindd_domain
*domain
,
926 const char *domain_name
,
929 enum SID_NAME_USE
*type
)
931 struct winbind_cache
*cache
= get_cache(domain
);
932 struct cache_entry
*centry
= NULL
;
940 fstrcpy(uname
, name
);
942 centry
= wcache_fetch(cache
, domain
, "NS/%s/%s", domain_name
, uname
);
945 *type
= (enum SID_NAME_USE
)centry_uint32(centry
);
946 sid2
= centry_sid(centry
, mem_ctx
);
953 status
= centry
->status
;
955 DEBUG(10,("name_to_sid: [Cached] - cached name for domain %s status %s\n",
956 domain
->name
, get_friendly_nt_error_msg(status
) ));
964 /* If the seq number check indicated that there is a problem
965 * with this DC, then return that status... except for
966 * access_denied. This is special because the dc may be in
967 * "restrict anonymous = 1" mode, in which case it will deny
968 * most unauthenticated operations, but *will* allow the LSA
969 * name-to-sid that we try as a fallback. */
971 if (!(NT_STATUS_IS_OK(domain
->last_status
)
972 || NT_STATUS_EQUAL(domain
->last_status
, NT_STATUS_ACCESS_DENIED
)))
973 return domain
->last_status
;
975 DEBUG(10,("name_to_sid: [Cached] - doing backend query for name for domain %s\n",
978 status
= domain
->backend
->name_to_sid(domain
, mem_ctx
, domain_name
, name
, sid
, type
);
981 wcache_save_name_to_sid(domain
, status
, domain_name
, name
, sid
, *type
);
983 /* We can't save the sid to name mapping as we don't know the
984 correct case of the name without looking it up */
989 /* convert a sid to a user or group name. The sid is guaranteed to be in the domain
991 static NTSTATUS
sid_to_name(struct winbindd_domain
*domain
,
996 enum SID_NAME_USE
*type
)
998 struct winbind_cache
*cache
= get_cache(domain
);
999 struct cache_entry
*centry
= NULL
;
1006 centry
= wcache_fetch(cache
, domain
, "SN/%s", sid_to_string(sid_string
, sid
));
1009 if (NT_STATUS_IS_OK(centry
->status
)) {
1010 *type
= (enum SID_NAME_USE
)centry_uint32(centry
);
1011 *domain_name
= centry_string(centry
, mem_ctx
);
1012 *name
= centry_string(centry
, mem_ctx
);
1014 status
= centry
->status
;
1016 DEBUG(10,("sid_to_name: [Cached] - cached name for domain %s status %s\n",
1017 domain
->name
, get_friendly_nt_error_msg(status
) ));
1019 centry_free(centry
);
1024 *domain_name
= NULL
;
1026 /* If the seq number check indicated that there is a problem
1027 * with this DC, then return that status... except for
1028 * access_denied. This is special because the dc may be in
1029 * "restrict anonymous = 1" mode, in which case it will deny
1030 * most unauthenticated operations, but *will* allow the LSA
1031 * sid-to-name that we try as a fallback. */
1033 if (!(NT_STATUS_IS_OK(domain
->last_status
)
1034 || NT_STATUS_EQUAL(domain
->last_status
, NT_STATUS_ACCESS_DENIED
)))
1035 return domain
->last_status
;
1037 DEBUG(10,("sid_to_name: [Cached] - doing backend query for name for domain %s\n",
1040 status
= domain
->backend
->sid_to_name(domain
, mem_ctx
, sid
, domain_name
, name
, type
);
1043 refresh_sequence_number(domain
, False
);
1044 wcache_save_sid_to_name(domain
, status
, sid
, *domain_name
, *name
, *type
);
1045 wcache_save_name_to_sid(domain
, status
, *domain_name
, *name
, sid
, *type
);
1051 /* Lookup user information from a rid */
1052 static NTSTATUS
query_user(struct winbindd_domain
*domain
,
1053 TALLOC_CTX
*mem_ctx
,
1054 const DOM_SID
*user_sid
,
1055 WINBIND_USERINFO
*info
)
1057 struct winbind_cache
*cache
= get_cache(domain
);
1058 struct cache_entry
*centry
= NULL
;
1064 centry
= wcache_fetch(cache
, domain
, "U/%s", sid_string_static(user_sid
));
1066 /* If we have an access denied cache entry and a cached info3 in the
1067 samlogon cache then do a query. This will force the rpc back end
1068 to return the info3 data. */
1070 if (NT_STATUS_V(domain
->last_status
) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED
) &&
1071 netsamlogon_cache_have(user_sid
)) {
1072 DEBUG(10, ("query_user: cached access denied and have cached info3\n"));
1073 domain
->last_status
= NT_STATUS_OK
;
1074 centry_free(centry
);
1081 info
->acct_name
= centry_string(centry
, mem_ctx
);
1082 info
->full_name
= centry_string(centry
, mem_ctx
);
1083 info
->user_sid
= centry_sid(centry
, mem_ctx
);
1084 info
->group_sid
= centry_sid(centry
, mem_ctx
);
1085 status
= centry
->status
;
1087 DEBUG(10,("query_user: [Cached] - cached info for domain %s status %s\n",
1088 domain
->name
, get_friendly_nt_error_msg(status
) ));
1090 centry_free(centry
);
1096 /* Return status value returned by seq number check */
1098 if (!NT_STATUS_IS_OK(domain
->last_status
))
1099 return domain
->last_status
;
1101 DEBUG(10,("sid_to_name: [Cached] - doing backend query for info for domain %s\n",
1104 status
= domain
->backend
->query_user(domain
, mem_ctx
, user_sid
, info
);
1107 refresh_sequence_number(domain
, False
);
1108 wcache_save_user(domain
, status
, info
);
1114 /* Lookup groups a user is a member of. */
1115 static NTSTATUS
lookup_usergroups(struct winbindd_domain
*domain
,
1116 TALLOC_CTX
*mem_ctx
,
1117 const DOM_SID
*user_sid
,
1118 uint32
*num_groups
, DOM_SID
***user_gids
)
1120 struct winbind_cache
*cache
= get_cache(domain
);
1121 struct cache_entry
*centry
= NULL
;
1129 centry
= wcache_fetch(cache
, domain
, "UG/%s", sid_to_string(sid_string
, user_sid
));
1131 /* If we have an access denied cache entry and a cached info3 in the
1132 samlogon cache then do a query. This will force the rpc back end
1133 to return the info3 data. */
1135 if (NT_STATUS_V(domain
->last_status
) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED
) &&
1136 netsamlogon_cache_have(user_sid
)) {
1137 DEBUG(10, ("query_user: cached access denied and have cached info3\n"));
1138 domain
->last_status
= NT_STATUS_OK
;
1139 centry_free(centry
);
1146 *num_groups
= centry_uint32(centry
);
1148 if (*num_groups
== 0)
1151 (*user_gids
) = talloc(mem_ctx
, sizeof(**user_gids
) * (*num_groups
));
1153 smb_panic("lookup_usergroups out of memory");
1154 for (i
=0; i
<(*num_groups
); i
++) {
1155 (*user_gids
)[i
] = centry_sid(centry
, mem_ctx
);
1159 status
= centry
->status
;
1161 DEBUG(10,("lookup_usergroups: [Cached] - cached info for domain %s status %s\n",
1162 domain
->name
, get_friendly_nt_error_msg(status
) ));
1164 centry_free(centry
);
1169 (*user_gids
) = NULL
;
1171 /* Return status value returned by seq number check */
1173 if (!NT_STATUS_IS_OK(domain
->last_status
))
1174 return domain
->last_status
;
1176 DEBUG(10,("lookup_usergroups: [Cached] - doing backend query for info for domain %s\n",
1179 status
= domain
->backend
->lookup_usergroups(domain
, mem_ctx
, user_sid
, num_groups
, user_gids
);
1182 refresh_sequence_number(domain
, False
);
1183 centry
= centry_start(domain
, status
);
1186 centry_put_uint32(centry
, *num_groups
);
1187 for (i
=0; i
<(*num_groups
); i
++) {
1188 centry_put_sid(centry
, (*user_gids
)[i
]);
1190 centry_end(centry
, "UG/%s", sid_to_string(sid_string
, user_sid
));
1191 centry_free(centry
);
1198 static NTSTATUS
lookup_groupmem(struct winbindd_domain
*domain
,
1199 TALLOC_CTX
*mem_ctx
,
1200 const DOM_SID
*group_sid
, uint32
*num_names
,
1201 DOM_SID
***sid_mem
, char ***names
,
1202 uint32
**name_types
)
1204 struct winbind_cache
*cache
= get_cache(domain
);
1205 struct cache_entry
*centry
= NULL
;
1213 centry
= wcache_fetch(cache
, domain
, "GM/%s", sid_to_string(sid_string
, group_sid
));
1217 *num_names
= centry_uint32(centry
);
1219 if (*num_names
== 0)
1222 (*sid_mem
) = talloc(mem_ctx
, sizeof(**sid_mem
) * (*num_names
));
1223 (*names
) = talloc(mem_ctx
, sizeof(**names
) * (*num_names
));
1224 (*name_types
) = talloc(mem_ctx
, sizeof(**name_types
) * (*num_names
));
1226 if (! (*sid_mem
) || ! (*names
) || ! (*name_types
)) {
1227 smb_panic("lookup_groupmem out of memory");
1230 for (i
=0; i
<(*num_names
); i
++) {
1231 (*sid_mem
)[i
] = centry_sid(centry
, mem_ctx
);
1232 (*names
)[i
] = centry_string(centry
, mem_ctx
);
1233 (*name_types
)[i
] = centry_uint32(centry
);
1237 status
= centry
->status
;
1239 DEBUG(10,("lookup_groupmem: [Cached] - cached info for domain %s status %s\n",
1240 domain
->name
, get_friendly_nt_error_msg(status
) ));
1242 centry_free(centry
);
1249 (*name_types
) = NULL
;
1251 /* Return status value returned by seq number check */
1253 if (!NT_STATUS_IS_OK(domain
->last_status
))
1254 return domain
->last_status
;
1256 DEBUG(10,("lookup_groupmem: [Cached] - doing backend query for info for domain %s\n",
1259 status
= domain
->backend
->lookup_groupmem(domain
, mem_ctx
, group_sid
, num_names
,
1260 sid_mem
, names
, name_types
);
1263 refresh_sequence_number(domain
, False
);
1264 centry
= centry_start(domain
, status
);
1267 centry_put_uint32(centry
, *num_names
);
1268 for (i
=0; i
<(*num_names
); i
++) {
1269 centry_put_sid(centry
, (*sid_mem
)[i
]);
1270 centry_put_string(centry
, (*names
)[i
]);
1271 centry_put_uint32(centry
, (*name_types
)[i
]);
1273 centry_end(centry
, "GM/%s", sid_to_string(sid_string
, group_sid
));
1274 centry_free(centry
);
1280 /* find the sequence number for a domain */
1281 static NTSTATUS
sequence_number(struct winbindd_domain
*domain
, uint32
*seq
)
1283 refresh_sequence_number(domain
, False
);
1285 *seq
= domain
->sequence_number
;
1287 return NT_STATUS_OK
;
1290 /* enumerate trusted domains */
1291 static NTSTATUS
trusted_domains(struct winbindd_domain
*domain
,
1292 TALLOC_CTX
*mem_ctx
,
1293 uint32
*num_domains
,
1300 DEBUG(10,("trusted_domains: [Cached] - doing backend query for info for domain %s\n",
1303 /* we don't cache this call */
1304 return domain
->backend
->trusted_domains(domain
, mem_ctx
, num_domains
,
1305 names
, alt_names
, dom_sids
);
1308 /* find the domain sid */
1309 static NTSTATUS
domain_sid(struct winbindd_domain
*domain
, DOM_SID
*sid
)
1313 DEBUG(10,("domain_sid: [Cached] - doing backend query for info for domain %s\n",
1316 /* we don't cache this call */
1317 return domain
->backend
->domain_sid(domain
, sid
);
1320 /* find the alternate names for the domain, if any */
1321 static NTSTATUS
alternate_name(struct winbindd_domain
*domain
)
1325 DEBUG(10,("alternate_name: [Cached] - doing backend query for info for domain %s\n",
1328 /* we don't cache this call */
1329 return domain
->backend
->alternate_name(domain
);
1332 /* Invalidate cached user and group lists coherently */
1334 static int traverse_fn(TDB_CONTEXT
*the_tdb
, TDB_DATA kbuf
, TDB_DATA dbuf
,
1337 if (strncmp(kbuf
.dptr
, "UL/", 3) == 0 ||
1338 strncmp(kbuf
.dptr
, "GL/", 3) == 0)
1339 tdb_delete(the_tdb
, kbuf
);
1344 /* Invalidate the getpwnam and getgroups entries for a winbindd domain */
1346 void wcache_invalidate_samlogon(struct winbindd_domain
*domain
,
1347 NET_USER_INFO_3
*info3
)
1349 struct winbind_cache
*cache
;
1354 cache
= get_cache(domain
);
1355 netsamlogon_clear_cached_user(cache
->tdb
, info3
);
1358 void wcache_invalidate_cache(void)
1360 struct winbindd_domain
*domain
;
1362 for (domain
= domain_list(); domain
; domain
= domain
->next
) {
1363 struct winbind_cache
*cache
= get_cache(domain
);
1365 DEBUG(10, ("wcache_invalidate_cache: invalidating cache "
1366 "entries for %s\n", domain
->name
));
1368 tdb_traverse(cache
->tdb
, traverse_fn
, NULL
);
1372 /* the ADS backend methods are exposed via this structure */
1373 struct winbindd_methods cache_methods
= {