search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r535: Another memleak fix from kawasa_r@itg.hitachi.co.jp
[Samba/gebeck_regimport.git] / source / nsswitch / winbindd_cache.c
blob877fa2d995c15d4f940c94495e56884b4766db4f
1 /*
2 Unix SMB/CIFS implementation.
3
4 Winbind cache backend functions
5
6 Copyright (C) Andrew Tridgell 2001
7 Copyright (C) Gerald Carter 2003
8
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 */
24
25 #include "includes.h"
26 #include "winbindd.h"
27
28 #undef DBGC_CLASS
29 #define DBGC_CLASS DBGC_WINBIND
30
31 struct winbind_cache {
32 TDB_CONTEXT *tdb;
33 };
34
35 struct cache_entry {
36 NTSTATUS status;
37 uint32 sequence_number;
38 uint8 *data;
39 uint32 len, ofs;
40 };
41
42 #define WINBINDD_MAX_CACHE_SIZE (50*1024*1024)
43
44 static struct winbind_cache *wcache;
45
46 /* flush the cache */
47 void wcache_flush_cache(void)
48 {
49 extern BOOL opt_nocache;
50
51 if (!wcache)
52 return;
53 if (wcache->tdb) {
54 tdb_close(wcache->tdb);
55 wcache->tdb = NULL;
56 }
57 if (opt_nocache)
58 return;
59
60 wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"), 5000,
61 TDB_CLEAR_IF_FIRST, O_RDWR|O_CREAT, 0600);
62
63 if (!wcache->tdb) {
64 DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
65 }
66 DEBUG(10,("wcache_flush_cache success\n"));
67 }
68
69 void winbindd_check_cache_size(time_t t)
70 {
71 static time_t last_check_time;
72 struct stat st;
73
74 if (last_check_time == (time_t)0)
75 last_check_time = t;
76
77 if (t - last_check_time < 60 && t - last_check_time > 0)
78 return;
79
80 if (wcache == NULL || wcache->tdb == NULL) {
81 DEBUG(0, ("Unable to check size of tdb cache - cache not open !\n"));
82 return;
83 }
84
85 if (fstat(wcache->tdb->fd, &st) == -1) {
86 DEBUG(0, ("Unable to check size of tdb cache %s!\n", strerror(errno) ));
87 return;
88 }
89
90 if (st.st_size > WINBINDD_MAX_CACHE_SIZE) {
91 DEBUG(10,("flushing cache due to size (%lu) > (%lu)\n",
92 (unsigned long)st.st_size,
93 (unsigned long)WINBINDD_MAX_CACHE_SIZE));
94 wcache_flush_cache();
95 }
96 }
97
98 /* get the winbind_cache structure */
99 static struct winbind_cache *get_cache(struct winbindd_domain *domain)
100 {
101 struct winbind_cache *ret = wcache;
102
103 if (!domain->backend) {
104 extern struct winbindd_methods msrpc_methods;
105 switch (lp_security()) {
106 #ifdef HAVE_ADS
107 case SEC_ADS: {
108 extern struct winbindd_methods ads_methods;
109 /* always obey the lp_security parameter for our domain */
110 if (domain->primary) {
111 domain->backend = &ads_methods;
112 break;
113 }
114
115 /* only use ADS for native modes at the momment.
116 The problem is the correct detection of mixed
117 mode domains from NT4 BDC's --jerry */
118
119 if ( domain->native_mode ) {
120 DEBUG(5,("get_cache: Setting ADS methods for domain %s\n",
121 domain->name));
122 domain->backend = &ads_methods;
123 break;
124 }
125
126 /* fall through */
127 }
128 #endif
129 default:
130 DEBUG(5,("get_cache: Setting MS-RPC methods for domain %s\n",
131 domain->name));
132 domain->backend = &msrpc_methods;
133 }
134 }
135
136 if (ret)
137 return ret;
138
139 ret = smb_xmalloc(sizeof(*ret));
140 ZERO_STRUCTP(ret);
141
142 wcache = ret;
143 wcache_flush_cache();
144
145 return ret;
146 }
147
148 /*
149 free a centry structure
150 */
151 static void centry_free(struct cache_entry *centry)
152 {
153 if (!centry)
154 return;
155 SAFE_FREE(centry->data);
156 free(centry);
157 }
158
159 /*
160 pull a uint32 from a cache entry
161 */
162 static uint32 centry_uint32(struct cache_entry *centry)
163 {
164 uint32 ret;
165 if (centry->len - centry->ofs < 4) {
166 DEBUG(0,("centry corruption? needed 4 bytes, have %d\n",
167 centry->len - centry->ofs));
168 smb_panic("centry_uint32");
169 }
170 ret = IVAL(centry->data, centry->ofs);
171 centry->ofs += 4;
172 return ret;
173 }
174
175 /*
176 pull a uint8 from a cache entry
177 */
178 static uint8 centry_uint8(struct cache_entry *centry)
179 {
180 uint8 ret;
181 if (centry->len - centry->ofs < 1) {
182 DEBUG(0,("centry corruption? needed 1 bytes, have %d\n",
183 centry->len - centry->ofs));
184 smb_panic("centry_uint32");
185 }
186 ret = CVAL(centry->data, centry->ofs);
187 centry->ofs += 1;
188 return ret;
189 }
190
191 /* pull a string from a cache entry, using the supplied
192 talloc context
193 */
194 static char *centry_string(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
195 {
196 uint32 len;
197 char *ret;
198
199 len = centry_uint8(centry);
200
201 if (len == 0xFF) {
202 /* a deliberate NULL string */
203 return NULL;
204 }
205
206 if (centry->len - centry->ofs < len) {
207 DEBUG(0,("centry corruption? needed %d bytes, have %d\n",
208 len, centry->len - centry->ofs));
209 smb_panic("centry_string");
210 }
211
212 ret = talloc(mem_ctx, len+1);
213 if (!ret) {
214 smb_panic("centry_string out of memory\n");
215 }
216 memcpy(ret,centry->data + centry->ofs, len);
217 ret[len] = 0;
218 centry->ofs += len;
219 return ret;
220 }
221
222 /* pull a string from a cache entry, using the supplied
223 talloc context
224 */
225 static DOM_SID *centry_sid(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
226 {
227 DOM_SID *sid;
228 char *sid_string;
229
230 sid = talloc(mem_ctx, sizeof(*sid));
231 if (!sid)
232 return NULL;
233
234 sid_string = centry_string(centry, mem_ctx);
235 if (!string_to_sid(sid, sid_string)) {
236 return NULL;
237 }
238 return sid;
239 }
240
241 /* the server is considered down if it can't give us a sequence number */
242 static BOOL wcache_server_down(struct winbindd_domain *domain)
243 {
244 BOOL ret;
245
246 if (!wcache->tdb)
247 return False;
248
249 ret = (domain->sequence_number == DOM_SEQUENCE_NONE);
250
251 if (ret)
252 DEBUG(10,("wcache_server_down: server for Domain %s down\n",
253 domain->name ));
254 return ret;
255 }
256
257 static NTSTATUS fetch_cache_seqnum( struct winbindd_domain *domain, time_t now )
258 {
259 TDB_DATA data;
260 fstring key;
261 uint32 time_diff;
262
263 if (!wcache->tdb) {
264 DEBUG(10,("fetch_cache_seqnum: tdb == NULL\n"));
265 return NT_STATUS_UNSUCCESSFUL;
266 }
267
268 fstr_sprintf( key, "SEQNUM/%s", domain->name );
269
270 data = tdb_fetch_bystring( wcache->tdb, key );
271 if ( !data.dptr || data.dsize!=8 ) {
272 DEBUG(10,("fetch_cache_seqnum: invalid data size key [%s]\n", key ));
273 return NT_STATUS_UNSUCCESSFUL;
274 }
275
276 domain->sequence_number = IVAL(data.dptr, 0);
277 domain->last_seq_check = IVAL(data.dptr, 4);
278
279 SAFE_FREE(data.dptr);
280
281 /* have we expired? */
282
283 time_diff = now - domain->last_seq_check;
284 if ( time_diff > lp_winbind_cache_time() ) {
285 DEBUG(10,("fetch_cache_seqnum: timeout [%s][%u @ %u]\n",
286 domain->name, domain->sequence_number,
287 (uint32)domain->last_seq_check));
288 return NT_STATUS_UNSUCCESSFUL;
289 }
290
291 DEBUG(10,("fetch_cache_seqnum: success [%s][%u @ %u]\n",
292 domain->name, domain->sequence_number,
293 (uint32)domain->last_seq_check));
294
295 return NT_STATUS_OK;
296 }
297
298 static NTSTATUS store_cache_seqnum( struct winbindd_domain *domain )
299 {
300 TDB_DATA data, key;
301 fstring key_str;
302 char buf[8];
303
304 if (!wcache->tdb) {
305 DEBUG(10,("store_cache_seqnum: tdb == NULL\n"));
306 return NT_STATUS_UNSUCCESSFUL;
307 }
308
309 fstr_sprintf( key_str, "SEQNUM/%s", domain->name );
310 key.dptr = key_str;
311 key.dsize = strlen(key_str)+1;
312
313 SIVAL(buf, 0, domain->sequence_number);
314 SIVAL(buf, 4, domain->last_seq_check);
315 data.dptr = buf;
316 data.dsize = 8;
317
318 if ( tdb_store( wcache->tdb, key, data, TDB_REPLACE) == -1 ) {
319 DEBUG(10,("store_cache_seqnum: tdb_store fail key [%s]\n", key_str ));
320 return NT_STATUS_UNSUCCESSFUL;
321 }
322
323 DEBUG(10,("store_cache_seqnum: success [%s][%u @ %u]\n",
324 domain->name, domain->sequence_number,
325 (uint32)domain->last_seq_check));
326
327 return NT_STATUS_OK;
328 }
329
330 /*
331 refresh the domain sequence number. If force is True
332 then always refresh it, no matter how recently we fetched it
333 */
334
335 static void refresh_sequence_number(struct winbindd_domain *domain, BOOL force)
336 {
337 NTSTATUS status;
338 unsigned time_diff;
339 time_t t = time(NULL);
340 unsigned cache_time = lp_winbind_cache_time();
341
342 get_cache( domain );
343
344 #if 0 /* JERRY -- disable as the default cache time is now 5 minutes */
345 /* trying to reconnect is expensive, don't do it too often */
346 if (domain->sequence_number == DOM_SEQUENCE_NONE) {
347 cache_time *= 8;
348 }
349 #endif
350
351 time_diff = t - domain->last_seq_check;
352
353 /* see if we have to refetch the domain sequence number */
354 if (!force && (time_diff < cache_time)) {
355 DEBUG(10, ("refresh_sequence_number: %s time ok\n", domain->name));
356 goto done;
357 }
358
359 /* try to get the sequence number from the tdb cache first */
360 /* this will update the timestamp as well */
361
362 status = fetch_cache_seqnum( domain, t );
363 if ( NT_STATUS_IS_OK(status) )
364 goto done;
365
366 status = domain->backend->sequence_number(domain, &domain->sequence_number);
367
368 if (!NT_STATUS_IS_OK(status)) {
369 domain->sequence_number = DOM_SEQUENCE_NONE;
370 }
371
372 domain->last_status = status;
373 domain->last_seq_check = time(NULL);
374
375 /* save the new sequence number ni the cache */
376 store_cache_seqnum( domain );
377
378 done:
379 DEBUG(10, ("refresh_sequence_number: %s seq number is now %d\n",
380 domain->name, domain->sequence_number));
381
382 return;
383 }
384
385 /*
386 decide if a cache entry has expired
387 */
388 static BOOL centry_expired(struct winbindd_domain *domain, const char *keystr, struct cache_entry *centry)
389 {
390 /* if the server is OK and our cache entry came from when it was down then
391 the entry is invalid */
392 if (domain->sequence_number != DOM_SEQUENCE_NONE &&
393 centry->sequence_number == DOM_SEQUENCE_NONE) {
394 DEBUG(10,("centry_expired: Key %s for domain %s invalid sequence.\n",
395 keystr, domain->name ));
396 return True;
397 }
398
399 /* if the server is down or the cache entry is not older than the
400 current sequence number then it is OK */
401 if (wcache_server_down(domain) ||
402 centry->sequence_number == domain->sequence_number) {
403 DEBUG(10,("centry_expired: Key %s for domain %s is good.\n",
404 keystr, domain->name ));
405 return False;
406 }
407
408 DEBUG(10,("centry_expired: Key %s for domain %s expired\n",
409 keystr, domain->name ));
410
411 /* it's expired */
412 return True;
413 }
414
415 /*
416 fetch an entry from the cache, with a varargs key. auto-fetch the sequence
417 number and return status
418 */
419 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
420 struct winbindd_domain *domain,
421 const char *format, ...) PRINTF_ATTRIBUTE(3,4);
422 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
423 struct winbindd_domain *domain,
424 const char *format, ...)
425 {
426 va_list ap;
427 char *kstr;
428 TDB_DATA data;
429 struct cache_entry *centry;
430 TDB_DATA key;
431
432 refresh_sequence_number(domain, False);
433
434 va_start(ap, format);
435 smb_xvasprintf(&kstr, format, ap);
436 va_end(ap);
437
438 key.dptr = kstr;
439 key.dsize = strlen(kstr);
440 data = tdb_fetch(wcache->tdb, key);
441 if (!data.dptr) {
442 /* a cache miss */
443 free(kstr);
444 return NULL;
445 }
446
447 centry = smb_xmalloc(sizeof(*centry));
448 centry->data = (unsigned char *)data.dptr;
449 centry->len = data.dsize;
450 centry->ofs = 0;
451
452 if (centry->len < 8) {
453 /* huh? corrupt cache? */
454 DEBUG(10,("wcache_fetch: Corrupt cache for key %s domain %s (len < 8) ?\n",
455 kstr, domain->name ));
456 centry_free(centry);
457 free(kstr);
458 return NULL;
459 }
460
461 centry->status = NT_STATUS(centry_uint32(centry));
462 centry->sequence_number = centry_uint32(centry);
463
464 if (centry_expired(domain, kstr, centry)) {
465 extern BOOL opt_dual_daemon;
466
467 DEBUG(10,("wcache_fetch: entry %s expired for domain %s\n",
468 kstr, domain->name ));
469
470 if (opt_dual_daemon) {
471 extern BOOL background_process;
472 background_process = True;
473 DEBUG(10,("wcache_fetch: background processing expired entry %s for domain %s\n",
474 kstr, domain->name ));
475 } else {
476 centry_free(centry);
477 free(kstr);
478 return NULL;
479 }
480 }
481
482 DEBUG(10,("wcache_fetch: returning entry %s for domain %s\n",
483 kstr, domain->name ));
484
485 free(kstr);
486 return centry;
487 }
488
489 /*
490 make sure we have at least len bytes available in a centry
491 */
492 static void centry_expand(struct cache_entry *centry, uint32 len)
493 {
494 uint8 *p;
495 if (centry->len - centry->ofs >= len)
496 return;
497 centry->len *= 2;
498 p = realloc(centry->data, centry->len);
499 if (!p) {
500 DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len));
501 smb_panic("out of memory in centry_expand");
502 }
503 centry->data = p;
504 }
505
506 /*
507 push a uint32 into a centry
508 */
509 static void centry_put_uint32(struct cache_entry *centry, uint32 v)
510 {
511 centry_expand(centry, 4);
512 SIVAL(centry->data, centry->ofs, v);
513 centry->ofs += 4;
514 }
515
516 /*
517 push a uint8 into a centry
518 */
519 static void centry_put_uint8(struct cache_entry *centry, uint8 v)
520 {
521 centry_expand(centry, 1);
522 SCVAL(centry->data, centry->ofs, v);
523 centry->ofs += 1;
524 }
525
526 /*
527 push a string into a centry
528 */
529 static void centry_put_string(struct cache_entry *centry, const char *s)
530 {
531 int len;
532
533 if (!s) {
534 /* null strings are marked as len 0xFFFF */
535 centry_put_uint8(centry, 0xFF);
536 return;
537 }
538
539 len = strlen(s);
540 /* can't handle more than 254 char strings. Truncating is probably best */
541 if (len > 254)
542 len = 254;
543 centry_put_uint8(centry, len);
544 centry_expand(centry, len);
545 memcpy(centry->data + centry->ofs, s, len);
546 centry->ofs += len;
547 }
548
549 static void centry_put_sid(struct cache_entry *centry, const DOM_SID *sid)
550 {
551 fstring sid_string;
552 centry_put_string(centry, sid_to_string(sid_string, sid));
553 }
554
555 /*
556 start a centry for output. When finished, call centry_end()
557 */
558 struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status)
559 {
560 struct cache_entry *centry;
561
562 if (!wcache->tdb)
563 return NULL;
564
565 centry = smb_xmalloc(sizeof(*centry));
566
567 centry->len = 8192; /* reasonable default */
568 centry->data = smb_xmalloc(centry->len);
569 centry->ofs = 0;
570 centry->sequence_number = domain->sequence_number;
571 centry_put_uint32(centry, NT_STATUS_V(status));
572 centry_put_uint32(centry, centry->sequence_number);
573 return centry;
574 }
575
576 /*
577 finish a centry and write it to the tdb
578 */
579 static void centry_end(struct cache_entry *centry, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
580 static void centry_end(struct cache_entry *centry, const char *format, ...)
581 {
582 va_list ap;
583 char *kstr;
584 TDB_DATA key, data;
585
586 va_start(ap, format);
587 smb_xvasprintf(&kstr, format, ap);
588 va_end(ap);
589
590 key.dptr = kstr;
591 key.dsize = strlen(kstr);
592 data.dptr = (char *)centry->data;
593 data.dsize = centry->ofs;
594
595 tdb_store(wcache->tdb, key, data, TDB_REPLACE);
596 free(kstr);
597 }
598
599 static void wcache_save_name_to_sid(struct winbindd_domain *domain,
600 NTSTATUS status, const char *domain_name,
601 const char *name, const DOM_SID *sid,
602 enum SID_NAME_USE type)
603 {
604 struct cache_entry *centry;
605 fstring uname;
606 fstring sid_string;
607
608 centry = centry_start(domain, status);
609 if (!centry)
610 return;
611 centry_put_uint32(centry, type);
612 centry_put_sid(centry, sid);
613 fstrcpy(uname, name);
614 strupper_m(uname);
615 centry_end(centry, "NS/%s/%s", domain_name, uname);
616 DEBUG(10,("wcache_save_name_to_sid: %s -> %s\n", uname, sid_string));
617 centry_free(centry);
618 }
619
620 static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS status,
621 const DOM_SID *sid, const char *domain_name, const char *name, enum SID_NAME_USE type)
622 {
623 struct cache_entry *centry;
624 fstring sid_string;
625
626 centry = centry_start(domain, status);
627 if (!centry)
628 return;
629 if (NT_STATUS_IS_OK(status)) {
630 centry_put_uint32(centry, type);
631 centry_put_string(centry, domain_name);
632 centry_put_string(centry, name);
633 }
634 centry_end(centry, "SN/%s", sid_to_string(sid_string, sid));
635 DEBUG(10,("wcache_save_sid_to_name: %s -> %s\n", sid_string, name));
636 centry_free(centry);
637 }
638
639
640 static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WINBIND_USERINFO *info)
641 {
642 struct cache_entry *centry;
643 fstring sid_string;
644
645 centry = centry_start(domain, status);
646 if (!centry)
647 return;
648 centry_put_string(centry, info->acct_name);
649 centry_put_string(centry, info->full_name);
650 centry_put_sid(centry, info->user_sid);
651 centry_put_sid(centry, info->group_sid);
652 centry_end(centry, "U/%s", sid_to_string(sid_string, info->user_sid));
653 DEBUG(10,("wcache_save_user: %s (acct_name %s)\n", sid_string, info->acct_name));
654 centry_free(centry);
655 }
656
657
658 /* Query display info. This is the basic user list fn */
659 static NTSTATUS query_user_list(struct winbindd_domain *domain,
660 TALLOC_CTX *mem_ctx,
661 uint32 *num_entries,
662 WINBIND_USERINFO **info)
663 {
664 struct winbind_cache *cache = get_cache(domain);
665 struct cache_entry *centry = NULL;
666 NTSTATUS status;
667 unsigned int i, retry;
668
669 if (!cache->tdb)
670 goto do_query;
671
672 centry = wcache_fetch(cache, domain, "UL/%s", domain->name);
673 if (!centry)
674 goto do_query;
675
676 *num_entries = centry_uint32(centry);
677
678 if (*num_entries == 0)
679 goto do_cached;
680
681 (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
682 if (! (*info))
683 smb_panic("query_user_list out of memory");
684 for (i=0; i<(*num_entries); i++) {
685 (*info)[i].acct_name = centry_string(centry, mem_ctx);
686 (*info)[i].full_name = centry_string(centry, mem_ctx);
687 (*info)[i].user_sid = centry_sid(centry, mem_ctx);
688 (*info)[i].group_sid = centry_sid(centry, mem_ctx);
689 }
690
691 do_cached:
692 status = centry->status;
693
694 DEBUG(10,("query_user_list: [Cached] - cached list for domain %s status %s\n",
695 domain->name, get_friendly_nt_error_msg(status) ));
696
697 centry_free(centry);
698 return status;
699
700 do_query:
701 *num_entries = 0;
702 *info = NULL;
703
704 /* Return status value returned by seq number check */
705
706 if (!NT_STATUS_IS_OK(domain->last_status))
707 return domain->last_status;
708
709 /* Put the query_user_list() in a retry loop. There appears to be
710 * some bug either with Windows 2000 or Samba's handling of large
711 * rpc replies. This manifests itself as sudden disconnection
712 * at a random point in the enumeration of a large (60k) user list.
713 * The retry loop simply tries the operation again. )-: It's not
714 * pretty but an acceptable workaround until we work out what the
715 * real problem is. */
716
717 retry = 0;
718 do {
719
720 DEBUG(10,("query_user_list: [Cached] - doing backend query for list for domain %s\n",
721 domain->name ));
722
723 status = domain->backend->query_user_list(domain, mem_ctx, num_entries, info);
724 if (!NT_STATUS_IS_OK(status))
725 DEBUG(3, ("query_user_list: returned 0x%08x, retrying\n", NT_STATUS_V(status)));
726 if (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL)) {
727 DEBUG(3, ("query_user_list: flushing connection cache\n"));
728 winbindd_cm_flush();
729 }
730
731 } while (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) &&
732 (retry++ < 5));
733
734 /* and save it */
735 refresh_sequence_number(domain, False);
736 centry = centry_start(domain, status);
737 if (!centry)
738 goto skip_save;
739 centry_put_uint32(centry, *num_entries);
740 for (i=0; i<(*num_entries); i++) {
741 centry_put_string(centry, (*info)[i].acct_name);
742 centry_put_string(centry, (*info)[i].full_name);
743 centry_put_sid(centry, (*info)[i].user_sid);
744 centry_put_sid(centry, (*info)[i].group_sid);
745 if (domain->backend->consistent) {
746 /* when the backend is consistent we can pre-prime some mappings */
747 wcache_save_name_to_sid(domain, NT_STATUS_OK,
748 (*info)[i].acct_name,
749 domain->name,
750 (*info)[i].user_sid,
751 SID_NAME_USER);
752 wcache_save_sid_to_name(domain, NT_STATUS_OK,
753 (*info)[i].user_sid,
754 domain->name,
755 (*info)[i].acct_name,
756 SID_NAME_USER);
757 wcache_save_user(domain, NT_STATUS_OK, &(*info)[i]);
758 }
759 }
760 centry_end(centry, "UL/%s", domain->name);
761 centry_free(centry);
762
763 skip_save:
764 return status;
765 }
766
767 /* list all domain groups */
768 static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
769 TALLOC_CTX *mem_ctx,
770 uint32 *num_entries,
771 struct acct_info **info)
772 {
773 struct winbind_cache *cache = get_cache(domain);
774 struct cache_entry *centry = NULL;
775 NTSTATUS status;
776 unsigned int i;
777
778 if (!cache->tdb)
779 goto do_query;
780
781 centry = wcache_fetch(cache, domain, "GL/%s/domain", domain->name);
782 if (!centry)
783 goto do_query;
784
785 *num_entries = centry_uint32(centry);
786
787 if (*num_entries == 0)
788 goto do_cached;
789
790 (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
791 if (! (*info))
792 smb_panic("enum_dom_groups out of memory");
793 for (i=0; i<(*num_entries); i++) {
794 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
795 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
796 (*info)[i].rid = centry_uint32(centry);
797 }
798
799 do_cached:
800 status = centry->status;
801
802 DEBUG(10,("enum_dom_groups: [Cached] - cached list for domain %s status %s\n",
803 domain->name, get_friendly_nt_error_msg(status) ));
804
805 centry_free(centry);
806 return status;
807
808 do_query:
809 *num_entries = 0;
810 *info = NULL;
811
812 /* Return status value returned by seq number check */
813
814 if (!NT_STATUS_IS_OK(domain->last_status))
815 return domain->last_status;
816
817 DEBUG(10,("enum_dom_groups: [Cached] - doing backend query for list for domain %s\n",
818 domain->name ));
819
820 status = domain->backend->enum_dom_groups(domain, mem_ctx, num_entries, info);
821
822 /* and save it */
823 refresh_sequence_number(domain, False);
824 centry = centry_start(domain, status);
825 if (!centry)
826 goto skip_save;
827 centry_put_uint32(centry, *num_entries);
828 for (i=0; i<(*num_entries); i++) {
829 centry_put_string(centry, (*info)[i].acct_name);
830 centry_put_string(centry, (*info)[i].acct_desc);
831 centry_put_uint32(centry, (*info)[i].rid);
832 }
833 centry_end(centry, "GL/%s/domain", domain->name);
834 centry_free(centry);
835
836 skip_save:
837 return status;
838 }
839
840 /* list all domain groups */
841 static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
842 TALLOC_CTX *mem_ctx,
843 uint32 *num_entries,
844 struct acct_info **info)
845 {
846 struct winbind_cache *cache = get_cache(domain);
847 struct cache_entry *centry = NULL;
848 NTSTATUS status;
849 unsigned int i;
850
851 if (!cache->tdb)
852 goto do_query;
853
854 centry = wcache_fetch(cache, domain, "GL/%s/local", domain->name);
855 if (!centry)
856 goto do_query;
857
858 *num_entries = centry_uint32(centry);
859
860 if (*num_entries == 0)
861 goto do_cached;
862
863 (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
864 if (! (*info))
865 smb_panic("enum_dom_groups out of memory");
866 for (i=0; i<(*num_entries); i++) {
867 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
868 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
869 (*info)[i].rid = centry_uint32(centry);
870 }
871
872 do_cached:
873
874 /* If we are returning cached data and the domain controller
875 is down then we don't know whether the data is up to date
876 or not. Return NT_STATUS_MORE_PROCESSING_REQUIRED to
877 indicate this. */
878
879 if (wcache_server_down(domain)) {
880 DEBUG(10, ("enum_local_groups: returning cached user list and server was down\n"));
881 status = NT_STATUS_MORE_PROCESSING_REQUIRED;
882 } else
883 status = centry->status;
884
885 DEBUG(10,("enum_local_groups: [Cached] - cached list for domain %s status %s\n",
886 domain->name, get_friendly_nt_error_msg(status) ));
887
888 centry_free(centry);
889 return status;
890
891 do_query:
892 *num_entries = 0;
893 *info = NULL;
894
895 /* Return status value returned by seq number check */
896
897 if (!NT_STATUS_IS_OK(domain->last_status))
898 return domain->last_status;
899
900 DEBUG(10,("enum_local_groups: [Cached] - doing backend query for list for domain %s\n",
901 domain->name ));
902
903 status = domain->backend->enum_local_groups(domain, mem_ctx, num_entries, info);
904
905 /* and save it */
906 refresh_sequence_number(domain, False);
907 centry = centry_start(domain, status);
908 if (!centry)
909 goto skip_save;
910 centry_put_uint32(centry, *num_entries);
911 for (i=0; i<(*num_entries); i++) {
912 centry_put_string(centry, (*info)[i].acct_name);
913 centry_put_string(centry, (*info)[i].acct_desc);
914 centry_put_uint32(centry, (*info)[i].rid);
915 }
916 centry_end(centry, "GL/%s/local", domain->name);
917 centry_free(centry);
918
919 skip_save:
920 return status;
921 }
922
923 /* convert a single name to a sid in a domain */
924 static NTSTATUS name_to_sid(struct winbindd_domain *domain,
925 TALLOC_CTX *mem_ctx,
926 const char *domain_name,
927 const char *name,
928 DOM_SID *sid,
929 enum SID_NAME_USE *type)
930 {
931 struct winbind_cache *cache = get_cache(domain);
932 struct cache_entry *centry = NULL;
933 NTSTATUS status;
934 fstring uname;
935 DOM_SID *sid2;
936
937 if (!cache->tdb)
938 goto do_query;
939
940 fstrcpy(uname, name);
941 strupper_m(uname);
942 centry = wcache_fetch(cache, domain, "NS/%s/%s", domain_name, uname);
943 if (!centry)
944 goto do_query;
945 *type = (enum SID_NAME_USE)centry_uint32(centry);
946 sid2 = centry_sid(centry, mem_ctx);
947 if (!sid2) {
948 ZERO_STRUCTP(sid);
949 } else {
950 sid_copy(sid, sid2);
951 }
952
953 status = centry->status;
954
955 DEBUG(10,("name_to_sid: [Cached] - cached name for domain %s status %s\n",
956 domain->name, get_friendly_nt_error_msg(status) ));
957
958 centry_free(centry);
959 return status;
960
961 do_query:
962 ZERO_STRUCTP(sid);
963
964 /* If the seq number check indicated that there is a problem
965 * with this DC, then return that status... except for
966 * access_denied. This is special because the dc may be in
967 * "restrict anonymous = 1" mode, in which case it will deny
968 * most unauthenticated operations, but *will* allow the LSA
969 * name-to-sid that we try as a fallback. */
970
971 if (!(NT_STATUS_IS_OK(domain->last_status)
972 || NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)))
973 return domain->last_status;
974
975 DEBUG(10,("name_to_sid: [Cached] - doing backend query for name for domain %s\n",
976 domain->name ));
977
978 status = domain->backend->name_to_sid(domain, mem_ctx, domain_name, name, sid, type);
979
980 /* and save it */
981 wcache_save_name_to_sid(domain, status, domain_name, name, sid, *type);
982
983 /* We can't save the sid to name mapping as we don't know the
984 correct case of the name without looking it up */
985
986 return status;
987 }
988
989 /* convert a sid to a user or group name. The sid is guaranteed to be in the domain
990 given */
991 static NTSTATUS sid_to_name(struct winbindd_domain *domain,
992 TALLOC_CTX *mem_ctx,
993 const DOM_SID *sid,
994 char **domain_name,
995 char **name,
996 enum SID_NAME_USE *type)
997 {
998 struct winbind_cache *cache = get_cache(domain);
999 struct cache_entry *centry = NULL;
1000 NTSTATUS status;
1001 fstring sid_string;
1002
1003 if (!cache->tdb)
1004 goto do_query;
1005
1006 centry = wcache_fetch(cache, domain, "SN/%s", sid_to_string(sid_string, sid));
1007 if (!centry)
1008 goto do_query;
1009 if (NT_STATUS_IS_OK(centry->status)) {
1010 *type = (enum SID_NAME_USE)centry_uint32(centry);
1011 *domain_name = centry_string(centry, mem_ctx);
1012 *name = centry_string(centry, mem_ctx);
1013 }
1014 status = centry->status;
1015
1016 DEBUG(10,("sid_to_name: [Cached] - cached name for domain %s status %s\n",
1017 domain->name, get_friendly_nt_error_msg(status) ));
1018
1019 centry_free(centry);
1020 return status;
1021
1022 do_query:
1023 *name = NULL;
1024 *domain_name = NULL;
1025
1026 /* If the seq number check indicated that there is a problem
1027 * with this DC, then return that status... except for
1028 * access_denied. This is special because the dc may be in
1029 * "restrict anonymous = 1" mode, in which case it will deny
1030 * most unauthenticated operations, but *will* allow the LSA
1031 * sid-to-name that we try as a fallback. */
1032
1033 if (!(NT_STATUS_IS_OK(domain->last_status)
1034 || NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)))
1035 return domain->last_status;
1036
1037 DEBUG(10,("sid_to_name: [Cached] - doing backend query for name for domain %s\n",
1038 domain->name ));
1039
1040 status = domain->backend->sid_to_name(domain, mem_ctx, sid, domain_name, name, type);
1041
1042 /* and save it */
1043 refresh_sequence_number(domain, False);
1044 wcache_save_sid_to_name(domain, status, sid, *domain_name, *name, *type);
1045 wcache_save_name_to_sid(domain, status, *domain_name, *name, sid, *type);
1046
1047 return status;
1048 }
1049
1050
1051 /* Lookup user information from a rid */
1052 static NTSTATUS query_user(struct winbindd_domain *domain,
1053 TALLOC_CTX *mem_ctx,
1054 const DOM_SID *user_sid,
1055 WINBIND_USERINFO *info)
1056 {
1057 struct winbind_cache *cache = get_cache(domain);
1058 struct cache_entry *centry = NULL;
1059 NTSTATUS status;
1060
1061 if (!cache->tdb)
1062 goto do_query;
1063
1064 centry = wcache_fetch(cache, domain, "U/%s", sid_string_static(user_sid));
1065
1066 /* If we have an access denied cache entry and a cached info3 in the
1067 samlogon cache then do a query. This will force the rpc back end
1068 to return the info3 data. */
1069
1070 if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
1071 netsamlogon_cache_have(user_sid)) {
1072 DEBUG(10, ("query_user: cached access denied and have cached info3\n"));
1073 domain->last_status = NT_STATUS_OK;
1074 centry_free(centry);
1075 goto do_query;
1076 }
1077
1078 if (!centry)
1079 goto do_query;
1080
1081 info->acct_name = centry_string(centry, mem_ctx);
1082 info->full_name = centry_string(centry, mem_ctx);
1083 info->user_sid = centry_sid(centry, mem_ctx);
1084 info->group_sid = centry_sid(centry, mem_ctx);
1085 status = centry->status;
1086
1087 DEBUG(10,("query_user: [Cached] - cached info for domain %s status %s\n",
1088 domain->name, get_friendly_nt_error_msg(status) ));
1089
1090 centry_free(centry);
1091 return status;
1092
1093 do_query:
1094 ZERO_STRUCTP(info);
1095
1096 /* Return status value returned by seq number check */
1097
1098 if (!NT_STATUS_IS_OK(domain->last_status))
1099 return domain->last_status;
1100
1101 DEBUG(10,("sid_to_name: [Cached] - doing backend query for info for domain %s\n",
1102 domain->name ));
1103
1104 status = domain->backend->query_user(domain, mem_ctx, user_sid, info);
1105
1106 /* and save it */
1107 refresh_sequence_number(domain, False);
1108 wcache_save_user(domain, status, info);
1109
1110 return status;
1111 }
1112
1113
1114 /* Lookup groups a user is a member of. */
1115 static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
1116 TALLOC_CTX *mem_ctx,
1117 const DOM_SID *user_sid,
1118 uint32 *num_groups, DOM_SID ***user_gids)
1119 {
1120 struct winbind_cache *cache = get_cache(domain);
1121 struct cache_entry *centry = NULL;
1122 NTSTATUS status;
1123 unsigned int i;
1124 fstring sid_string;
1125
1126 if (!cache->tdb)
1127 goto do_query;
1128
1129 centry = wcache_fetch(cache, domain, "UG/%s", sid_to_string(sid_string, user_sid));
1130
1131 /* If we have an access denied cache entry and a cached info3 in the
1132 samlogon cache then do a query. This will force the rpc back end
1133 to return the info3 data. */
1134
1135 if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
1136 netsamlogon_cache_have(user_sid)) {
1137 DEBUG(10, ("query_user: cached access denied and have cached info3\n"));
1138 domain->last_status = NT_STATUS_OK;
1139 centry_free(centry);
1140 goto do_query;
1141 }
1142
1143 if (!centry)
1144 goto do_query;
1145
1146 *num_groups = centry_uint32(centry);
1147
1148 if (*num_groups == 0)
1149 goto do_cached;
1150
1151 (*user_gids) = talloc(mem_ctx, sizeof(**user_gids) * (*num_groups));
1152 if (! (*user_gids))
1153 smb_panic("lookup_usergroups out of memory");
1154 for (i=0; i<(*num_groups); i++) {
1155 (*user_gids)[i] = centry_sid(centry, mem_ctx);
1156 }
1157
1158 do_cached:
1159 status = centry->status;
1160
1161 DEBUG(10,("lookup_usergroups: [Cached] - cached info for domain %s status %s\n",
1162 domain->name, get_friendly_nt_error_msg(status) ));
1163
1164 centry_free(centry);
1165 return status;
1166
1167 do_query:
1168 (*num_groups) = 0;
1169 (*user_gids) = NULL;
1170
1171 /* Return status value returned by seq number check */
1172
1173 if (!NT_STATUS_IS_OK(domain->last_status))
1174 return domain->last_status;
1175
1176 DEBUG(10,("lookup_usergroups: [Cached] - doing backend query for info for domain %s\n",
1177 domain->name ));
1178
1179 status = domain->backend->lookup_usergroups(domain, mem_ctx, user_sid, num_groups, user_gids);
1180
1181 /* and save it */
1182 refresh_sequence_number(domain, False);
1183 centry = centry_start(domain, status);
1184 if (!centry)
1185 goto skip_save;
1186 centry_put_uint32(centry, *num_groups);
1187 for (i=0; i<(*num_groups); i++) {
1188 centry_put_sid(centry, (*user_gids)[i]);
1189 }
1190 centry_end(centry, "UG/%s", sid_to_string(sid_string, user_sid));
1191 centry_free(centry);
1192
1193 skip_save:
1194 return status;
1195 }
1196
1197
1198 static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
1199 TALLOC_CTX *mem_ctx,
1200 const DOM_SID *group_sid, uint32 *num_names,
1201 DOM_SID ***sid_mem, char ***names,
1202 uint32 **name_types)
1203 {
1204 struct winbind_cache *cache = get_cache(domain);
1205 struct cache_entry *centry = NULL;
1206 NTSTATUS status;
1207 unsigned int i;
1208 fstring sid_string;
1209
1210 if (!cache->tdb)
1211 goto do_query;
1212
1213 centry = wcache_fetch(cache, domain, "GM/%s", sid_to_string(sid_string, group_sid));
1214 if (!centry)
1215 goto do_query;
1216
1217 *num_names = centry_uint32(centry);
1218
1219 if (*num_names == 0)
1220 goto do_cached;
1221
1222 (*sid_mem) = talloc(mem_ctx, sizeof(**sid_mem) * (*num_names));
1223 (*names) = talloc(mem_ctx, sizeof(**names) * (*num_names));
1224 (*name_types) = talloc(mem_ctx, sizeof(**name_types) * (*num_names));
1225
1226 if (! (*sid_mem) || ! (*names) || ! (*name_types)) {
1227 smb_panic("lookup_groupmem out of memory");
1228 }
1229
1230 for (i=0; i<(*num_names); i++) {
1231 (*sid_mem)[i] = centry_sid(centry, mem_ctx);
1232 (*names)[i] = centry_string(centry, mem_ctx);
1233 (*name_types)[i] = centry_uint32(centry);
1234 }
1235
1236 do_cached:
1237 status = centry->status;
1238
1239 DEBUG(10,("lookup_groupmem: [Cached] - cached info for domain %s status %s\n",
1240 domain->name, get_friendly_nt_error_msg(status) ));
1241
1242 centry_free(centry);
1243 return status;
1244
1245 do_query:
1246 (*num_names) = 0;
1247 (*sid_mem) = NULL;
1248 (*names) = NULL;
1249 (*name_types) = NULL;
1250
1251 /* Return status value returned by seq number check */
1252
1253 if (!NT_STATUS_IS_OK(domain->last_status))
1254 return domain->last_status;
1255
1256 DEBUG(10,("lookup_groupmem: [Cached] - doing backend query for info for domain %s\n",
1257 domain->name ));
1258
1259 status = domain->backend->lookup_groupmem(domain, mem_ctx, group_sid, num_names,
1260 sid_mem, names, name_types);
1261
1262 /* and save it */
1263 refresh_sequence_number(domain, False);
1264 centry = centry_start(domain, status);
1265 if (!centry)
1266 goto skip_save;
1267 centry_put_uint32(centry, *num_names);
1268 for (i=0; i<(*num_names); i++) {
1269 centry_put_sid(centry, (*sid_mem)[i]);
1270 centry_put_string(centry, (*names)[i]);
1271 centry_put_uint32(centry, (*name_types)[i]);
1272 }
1273 centry_end(centry, "GM/%s", sid_to_string(sid_string, group_sid));
1274 centry_free(centry);
1275
1276 skip_save:
1277 return status;
1278 }
1279
1280 /* find the sequence number for a domain */
1281 static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
1282 {
1283 refresh_sequence_number(domain, False);
1284
1285 *seq = domain->sequence_number;
1286
1287 return NT_STATUS_OK;
1288 }
1289
1290 /* enumerate trusted domains */
1291 static NTSTATUS trusted_domains(struct winbindd_domain *domain,
1292 TALLOC_CTX *mem_ctx,
1293 uint32 *num_domains,
1294 char ***names,
1295 char ***alt_names,
1296 DOM_SID **dom_sids)
1297 {
1298 get_cache(domain);
1299
1300 DEBUG(10,("trusted_domains: [Cached] - doing backend query for info for domain %s\n",
1301 domain->name ));
1302
1303 /* we don't cache this call */
1304 return domain->backend->trusted_domains(domain, mem_ctx, num_domains,
1305 names, alt_names, dom_sids);
1306 }
1307
1308 /* find the domain sid */
1309 static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid)
1310 {
1311 get_cache(domain);
1312
1313 DEBUG(10,("domain_sid: [Cached] - doing backend query for info for domain %s\n",
1314 domain->name ));
1315
1316 /* we don't cache this call */
1317 return domain->backend->domain_sid(domain, sid);
1318 }
1319
1320 /* find the alternate names for the domain, if any */
1321 static NTSTATUS alternate_name(struct winbindd_domain *domain)
1322 {
1323 get_cache(domain);
1324
1325 DEBUG(10,("alternate_name: [Cached] - doing backend query for info for domain %s\n",
1326 domain->name ));
1327
1328 /* we don't cache this call */
1329 return domain->backend->alternate_name(domain);
1330 }
1331
1332 /* Invalidate cached user and group lists coherently */
1333
1334 static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
1335 void *state)
1336 {
1337 if (strncmp(kbuf.dptr, "UL/", 3) == 0 ||
1338 strncmp(kbuf.dptr, "GL/", 3) == 0)
1339 tdb_delete(the_tdb, kbuf);
1340
1341 return 0;
1342 }
1343
1344 /* Invalidate the getpwnam and getgroups entries for a winbindd domain */
1345
1346 void wcache_invalidate_samlogon(struct winbindd_domain *domain,
1347 NET_USER_INFO_3 *info3)
1348 {
1349 struct winbind_cache *cache;
1350
1351 if (!domain)
1352 return;
1353
1354 cache = get_cache(domain);
1355 netsamlogon_clear_cached_user(cache->tdb, info3);
1356 }
1357
1358 void wcache_invalidate_cache(void)
1359 {
1360 struct winbindd_domain *domain;
1361
1362 for (domain = domain_list(); domain; domain = domain->next) {
1363 struct winbind_cache *cache = get_cache(domain);
1364
1365 DEBUG(10, ("wcache_invalidate_cache: invalidating cache "
1366 "entries for %s\n", domain->name));
1367 if (cache)
1368 tdb_traverse(cache->tdb, traverse_fn, NULL);
1369 }
1370 }
1371
1372 /* the ADS backend methods are exposed via this structure */
1373 struct winbindd_methods cache_methods = {
1374 True,
1375 query_user_list,
1376 enum_dom_groups,
1377 enum_local_groups,
1378 name_to_sid,
1379 sid_to_name,
1380 query_user,
1381 lookup_usergroups,
1382 lookup_groupmem,
1383 sequence_number,
1384 trusted_domains,
1385 domain_sid,
1386 alternate_name
1387 };
reg import