2 Unix SMB/CIFS implementation.
4 Winbind cache backend functions
6 Copyright (C) Andrew Tridgell 2001
7 Copyright (C) Gerald Carter 2003
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 #define DBGC_CLASS DBGC_WINBIND
31 struct winbind_cache
{
37 uint32 sequence_number
;
42 #define WINBINDD_MAX_CACHE_SIZE (50*1024*1024)
44 static struct winbind_cache
*wcache
;
47 void wcache_flush_cache(void)
49 extern BOOL opt_nocache
;
54 tdb_close(wcache
->tdb
);
60 wcache
->tdb
= tdb_open_log(lock_path("winbindd_cache.tdb"), 5000,
61 TDB_CLEAR_IF_FIRST
, O_RDWR
|O_CREAT
, 0600);
64 DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
66 DEBUG(10,("wcache_flush_cache success\n"));
69 void winbindd_check_cache_size(time_t t
)
71 static time_t last_check_time
;
74 if (last_check_time
== (time_t)0)
77 if (t
- last_check_time
< 60 && t
- last_check_time
> 0)
80 if (wcache
== NULL
|| wcache
->tdb
== NULL
) {
81 DEBUG(0, ("Unable to check size of tdb cache - cache not open !\n"));
85 if (fstat(wcache
->tdb
->fd
, &st
) == -1) {
86 DEBUG(0, ("Unable to check size of tdb cache %s!\n", strerror(errno
) ));
90 if (st
.st_size
> WINBINDD_MAX_CACHE_SIZE
) {
91 DEBUG(10,("flushing cache due to size (%lu) > (%lu)\n",
92 (unsigned long)st
.st_size
,
93 (unsigned long)WINBINDD_MAX_CACHE_SIZE
));
98 /* get the winbind_cache structure */
99 static struct winbind_cache
*get_cache(struct winbindd_domain
*domain
)
101 struct winbind_cache
*ret
= wcache
;
103 if (!domain
->backend
) {
104 extern struct winbindd_methods msrpc_methods
;
105 switch (lp_security()) {
108 extern struct winbindd_methods ads_methods
;
109 /* always obey the lp_security parameter for our domain */
110 if (domain
->primary
) {
111 domain
->backend
= &ads_methods
;
115 /* if it have either of the indications of ADS,
117 if ( domain
->active_directory
|| domain
->native_mode
) {
118 domain
->backend
= &ads_methods
;
126 domain
->backend
= &msrpc_methods
;
133 ret
= smb_xmalloc(sizeof(*ret
));
137 wcache_flush_cache();
143 free a centry structure
145 static void centry_free(struct cache_entry
*centry
)
149 SAFE_FREE(centry
->data
);
154 pull a uint32 from a cache entry
156 static uint32
centry_uint32(struct cache_entry
*centry
)
159 if (centry
->len
- centry
->ofs
< 4) {
160 DEBUG(0,("centry corruption? needed 4 bytes, have %d\n",
161 centry
->len
- centry
->ofs
));
162 smb_panic("centry_uint32");
164 ret
= IVAL(centry
->data
, centry
->ofs
);
170 pull a uint8 from a cache entry
172 static uint8
centry_uint8(struct cache_entry
*centry
)
175 if (centry
->len
- centry
->ofs
< 1) {
176 DEBUG(0,("centry corruption? needed 1 bytes, have %d\n",
177 centry
->len
- centry
->ofs
));
178 smb_panic("centry_uint32");
180 ret
= CVAL(centry
->data
, centry
->ofs
);
185 /* pull a string from a cache entry, using the supplied
188 static char *centry_string(struct cache_entry
*centry
, TALLOC_CTX
*mem_ctx
)
193 len
= centry_uint8(centry
);
196 /* a deliberate NULL string */
200 if (centry
->len
- centry
->ofs
< len
) {
201 DEBUG(0,("centry corruption? needed %d bytes, have %d\n",
202 len
, centry
->len
- centry
->ofs
));
203 smb_panic("centry_string");
206 ret
= talloc(mem_ctx
, len
+1);
208 smb_panic("centry_string out of memory\n");
210 memcpy(ret
,centry
->data
+ centry
->ofs
, len
);
216 /* pull a string from a cache entry, using the supplied
219 static DOM_SID
*centry_sid(struct cache_entry
*centry
, TALLOC_CTX
*mem_ctx
)
224 sid
= talloc(mem_ctx
, sizeof(*sid
));
228 sid_string
= centry_string(centry
, mem_ctx
);
229 if (!string_to_sid(sid
, sid_string
)) {
235 /* the server is considered down if it can't give us a sequence number */
236 static BOOL
wcache_server_down(struct winbindd_domain
*domain
)
243 ret
= (domain
->sequence_number
== DOM_SEQUENCE_NONE
);
246 DEBUG(10,("wcache_server_down: server for Domain %s down\n",
251 static NTSTATUS
fetch_cache_seqnum( struct winbindd_domain
*domain
, time_t now
)
258 DEBUG(10,("fetch_cache_seqnum: tdb == NULL\n"));
259 return NT_STATUS_UNSUCCESSFUL
;
262 fstr_sprintf( key
, "SEQNUM/%s", domain
->name
);
264 data
= tdb_fetch_bystring( wcache
->tdb
, key
);
265 if ( !data
.dptr
|| data
.dsize
!=8 ) {
266 DEBUG(10,("fetch_cache_seqnum: invalid data size key [%s]\n", key
));
267 return NT_STATUS_UNSUCCESSFUL
;
270 domain
->sequence_number
= IVAL(data
.dptr
, 0);
271 domain
->last_seq_check
= IVAL(data
.dptr
, 4);
273 /* have we expired? */
275 time_diff
= now
- domain
->last_seq_check
;
276 if ( time_diff
> lp_winbind_cache_time() ) {
277 DEBUG(10,("fetch_cache_seqnum: timeout [%s][%u @ %u]\n",
278 domain
->name
, domain
->sequence_number
,
279 (uint32
)domain
->last_seq_check
));
280 return NT_STATUS_UNSUCCESSFUL
;
283 DEBUG(10,("fetch_cache_seqnum: success [%s][%u @ %u]\n",
284 domain
->name
, domain
->sequence_number
,
285 (uint32
)domain
->last_seq_check
));
290 static NTSTATUS
store_cache_seqnum( struct winbindd_domain
*domain
)
297 DEBUG(10,("store_cache_seqnum: tdb == NULL\n"));
298 return NT_STATUS_UNSUCCESSFUL
;
301 fstr_sprintf( key_str
, "SEQNUM/%s", domain
->name
);
303 key
.dsize
= strlen(key_str
)+1;
305 SIVAL(buf
, 0, domain
->sequence_number
);
306 SIVAL(buf
, 4, domain
->last_seq_check
);
310 if ( tdb_store( wcache
->tdb
, key
, data
, TDB_REPLACE
) == -1 ) {
311 DEBUG(10,("store_cache_seqnum: tdb_store fail key [%s]\n", key_str
));
312 return NT_STATUS_UNSUCCESSFUL
;
315 DEBUG(10,("store_cache_seqnum: success [%s][%u @ %u]\n",
316 domain
->name
, domain
->sequence_number
,
317 (uint32
)domain
->last_seq_check
));
323 refresh the domain sequence number. If force is True
324 then always refresh it, no matter how recently we fetched it
327 static void refresh_sequence_number(struct winbindd_domain
*domain
, BOOL force
)
331 time_t t
= time(NULL
);
332 unsigned cache_time
= lp_winbind_cache_time();
336 /* trying to reconnect is expensive, don't do it too often */
337 if (domain
->sequence_number
== DOM_SEQUENCE_NONE
) {
341 time_diff
= t
- domain
->last_seq_check
;
343 /* see if we have to refetch the domain sequence number */
344 if (!force
&& (time_diff
< cache_time
)) {
345 DEBUG(10, ("refresh_sequence_number: %s time ok\n", domain
->name
));
349 /* try to get the sequence number from the tdb cache first */
350 /* this will update the timestamp as well */
352 status
= fetch_cache_seqnum( domain
, t
);
353 if ( NT_STATUS_IS_OK(status
) )
356 status
= domain
->backend
->sequence_number(domain
, &domain
->sequence_number
);
358 if (!NT_STATUS_IS_OK(status
)) {
359 domain
->sequence_number
= DOM_SEQUENCE_NONE
;
362 domain
->last_status
= status
;
363 domain
->last_seq_check
= time(NULL
);
365 /* save the new sequence number ni the cache */
366 store_cache_seqnum( domain
);
369 DEBUG(10, ("refresh_sequence_number: %s seq number is now %d\n",
370 domain
->name
, domain
->sequence_number
));
376 decide if a cache entry has expired
378 static BOOL
centry_expired(struct winbindd_domain
*domain
, const char *keystr
, struct cache_entry
*centry
)
380 /* if the server is OK and our cache entry came from when it was down then
381 the entry is invalid */
382 if (domain
->sequence_number
!= DOM_SEQUENCE_NONE
&&
383 centry
->sequence_number
== DOM_SEQUENCE_NONE
) {
384 DEBUG(10,("centry_expired: Key %s for domain %s invalid sequence.\n",
385 keystr
, domain
->name
));
389 /* if the server is down or the cache entry is not older than the
390 current sequence number then it is OK */
391 if (wcache_server_down(domain
) ||
392 centry
->sequence_number
== domain
->sequence_number
) {
393 DEBUG(10,("centry_expired: Key %s for domain %s is good.\n",
394 keystr
, domain
->name
));
398 DEBUG(10,("centry_expired: Key %s for domain %s expired\n",
399 keystr
, domain
->name
));
406 fetch an entry from the cache, with a varargs key. auto-fetch the sequence
407 number and return status
409 static struct cache_entry
*wcache_fetch(struct winbind_cache
*cache
,
410 struct winbindd_domain
*domain
,
411 const char *format
, ...) PRINTF_ATTRIBUTE(3,4);
412 static struct cache_entry
*wcache_fetch(struct winbind_cache
*cache
,
413 struct winbindd_domain
*domain
,
414 const char *format
, ...)
419 struct cache_entry
*centry
;
422 refresh_sequence_number(domain
, False
);
424 va_start(ap
, format
);
425 smb_xvasprintf(&kstr
, format
, ap
);
429 key
.dsize
= strlen(kstr
);
430 data
= tdb_fetch(wcache
->tdb
, key
);
437 centry
= smb_xmalloc(sizeof(*centry
));
438 centry
->data
= (unsigned char *)data
.dptr
;
439 centry
->len
= data
.dsize
;
442 if (centry
->len
< 8) {
443 /* huh? corrupt cache? */
444 DEBUG(10,("wcache_fetch: Corrupt cache for key %s domain %s (len < 8) ?\n",
445 kstr
, domain
->name
));
451 centry
->status
= NT_STATUS(centry_uint32(centry
));
452 centry
->sequence_number
= centry_uint32(centry
);
454 if (centry_expired(domain
, kstr
, centry
)) {
455 extern BOOL opt_dual_daemon
;
457 DEBUG(10,("wcache_fetch: entry %s expired for domain %s\n",
458 kstr
, domain
->name
));
460 if (opt_dual_daemon
) {
461 extern BOOL background_process
;
462 background_process
= True
;
463 DEBUG(10,("wcache_fetch: background processing expired entry %s for domain %s\n",
464 kstr
, domain
->name
));
472 DEBUG(10,("wcache_fetch: returning entry %s for domain %s\n",
473 kstr
, domain
->name
));
480 make sure we have at least len bytes available in a centry
482 static void centry_expand(struct cache_entry
*centry
, uint32 len
)
485 if (centry
->len
- centry
->ofs
>= len
)
488 p
= realloc(centry
->data
, centry
->len
);
490 DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry
->len
));
491 smb_panic("out of memory in centry_expand");
497 push a uint32 into a centry
499 static void centry_put_uint32(struct cache_entry
*centry
, uint32 v
)
501 centry_expand(centry
, 4);
502 SIVAL(centry
->data
, centry
->ofs
, v
);
507 push a uint8 into a centry
509 static void centry_put_uint8(struct cache_entry
*centry
, uint8 v
)
511 centry_expand(centry
, 1);
512 SCVAL(centry
->data
, centry
->ofs
, v
);
517 push a string into a centry
519 static void centry_put_string(struct cache_entry
*centry
, const char *s
)
524 /* null strings are marked as len 0xFFFF */
525 centry_put_uint8(centry
, 0xFF);
530 /* can't handle more than 254 char strings. Truncating is probably best */
533 centry_put_uint8(centry
, len
);
534 centry_expand(centry
, len
);
535 memcpy(centry
->data
+ centry
->ofs
, s
, len
);
539 static void centry_put_sid(struct cache_entry
*centry
, const DOM_SID
*sid
)
542 centry_put_string(centry
, sid_to_string(sid_string
, sid
));
546 start a centry for output. When finished, call centry_end()
548 struct cache_entry
*centry_start(struct winbindd_domain
*domain
, NTSTATUS status
)
550 struct cache_entry
*centry
;
555 centry
= smb_xmalloc(sizeof(*centry
));
557 centry
->len
= 8192; /* reasonable default */
558 centry
->data
= smb_xmalloc(centry
->len
);
560 centry
->sequence_number
= domain
->sequence_number
;
561 centry_put_uint32(centry
, NT_STATUS_V(status
));
562 centry_put_uint32(centry
, centry
->sequence_number
);
567 finish a centry and write it to the tdb
569 static void centry_end(struct cache_entry
*centry
, const char *format
, ...) PRINTF_ATTRIBUTE(2,3);
570 static void centry_end(struct cache_entry
*centry
, const char *format
, ...)
576 va_start(ap
, format
);
577 smb_xvasprintf(&kstr
, format
, ap
);
581 key
.dsize
= strlen(kstr
);
582 data
.dptr
= (char *)centry
->data
;
583 data
.dsize
= centry
->ofs
;
585 tdb_store(wcache
->tdb
, key
, data
, TDB_REPLACE
);
589 static void wcache_save_name_to_sid(struct winbindd_domain
*domain
,
591 const char *name
, const DOM_SID
*sid
,
592 enum SID_NAME_USE type
)
594 struct cache_entry
*centry
;
598 centry
= centry_start(domain
, status
);
601 centry_put_sid(centry
, sid
);
602 fstrcpy(uname
, name
);
604 centry_end(centry
, "NS/%s", sid_to_string(sid_string
, sid
));
605 DEBUG(10,("wcache_save_name_to_sid: %s -> %s\n", uname
, sid_string
));
609 static void wcache_save_sid_to_name(struct winbindd_domain
*domain
, NTSTATUS status
,
610 const DOM_SID
*sid
, const char *name
, enum SID_NAME_USE type
)
612 struct cache_entry
*centry
;
615 centry
= centry_start(domain
, status
);
618 if (NT_STATUS_IS_OK(status
)) {
619 centry_put_uint32(centry
, type
);
620 centry_put_string(centry
, name
);
622 centry_end(centry
, "SN/%s", sid_to_string(sid_string
, sid
));
623 DEBUG(10,("wcache_save_sid_to_name: %s -> %s\n", sid_string
, name
));
628 static void wcache_save_user(struct winbindd_domain
*domain
, NTSTATUS status
, WINBIND_USERINFO
*info
)
630 struct cache_entry
*centry
;
633 centry
= centry_start(domain
, status
);
636 centry_put_string(centry
, info
->acct_name
);
637 centry_put_string(centry
, info
->full_name
);
638 centry_put_sid(centry
, info
->user_sid
);
639 centry_put_sid(centry
, info
->group_sid
);
640 centry_end(centry
, "U/%s", sid_to_string(sid_string
, info
->user_sid
));
641 DEBUG(10,("wcache_save_user: %s (acct_name %s)\n", sid_string
, info
->acct_name
));
646 /* Query display info. This is the basic user list fn */
647 static NTSTATUS
query_user_list(struct winbindd_domain
*domain
,
650 WINBIND_USERINFO
**info
)
652 struct winbind_cache
*cache
= get_cache(domain
);
653 struct cache_entry
*centry
= NULL
;
655 unsigned int i
, retry
;
660 centry
= wcache_fetch(cache
, domain
, "UL/%s", domain
->name
);
664 *num_entries
= centry_uint32(centry
);
666 if (*num_entries
== 0)
669 (*info
) = talloc(mem_ctx
, sizeof(**info
) * (*num_entries
));
671 smb_panic("query_user_list out of memory");
672 for (i
=0; i
<(*num_entries
); i
++) {
673 (*info
)[i
].acct_name
= centry_string(centry
, mem_ctx
);
674 (*info
)[i
].full_name
= centry_string(centry
, mem_ctx
);
675 (*info
)[i
].user_sid
= centry_sid(centry
, mem_ctx
);
676 (*info
)[i
].group_sid
= centry_sid(centry
, mem_ctx
);
680 status
= centry
->status
;
682 DEBUG(10,("query_user_list: [Cached] - cached list for domain %s status %s\n",
683 domain
->name
, get_friendly_nt_error_msg(status
) ));
692 /* Return status value returned by seq number check */
694 if (!NT_STATUS_IS_OK(domain
->last_status
))
695 return domain
->last_status
;
697 /* Put the query_user_list() in a retry loop. There appears to be
698 * some bug either with Windows 2000 or Samba's handling of large
699 * rpc replies. This manifests itself as sudden disconnection
700 * at a random point in the enumeration of a large (60k) user list.
701 * The retry loop simply tries the operation again. )-: It's not
702 * pretty but an acceptable workaround until we work out what the
703 * real problem is. */
708 DEBUG(10,("query_user_list: [Cached] - doing backend query for list for domain %s\n",
711 status
= domain
->backend
->query_user_list(domain
, mem_ctx
, num_entries
, info
);
712 if (!NT_STATUS_IS_OK(status
))
713 DEBUG(3, ("query_user_list: returned 0x%08x, retrying\n", NT_STATUS_V(status
)));
714 if (NT_STATUS_V(status
) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL
)) {
715 DEBUG(3, ("query_user_list: flushing connection cache\n"));
719 } while (NT_STATUS_V(status
) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL
) &&
723 refresh_sequence_number(domain
, False
);
724 centry
= centry_start(domain
, status
);
727 centry_put_uint32(centry
, *num_entries
);
728 for (i
=0; i
<(*num_entries
); i
++) {
729 centry_put_string(centry
, (*info
)[i
].acct_name
);
730 centry_put_string(centry
, (*info
)[i
].full_name
);
731 centry_put_sid(centry
, (*info
)[i
].user_sid
);
732 centry_put_sid(centry
, (*info
)[i
].group_sid
);
733 if (domain
->backend
->consistent
) {
734 /* when the backend is consistent we can pre-prime some mappings */
735 wcache_save_name_to_sid(domain
, NT_STATUS_OK
,
736 (*info
)[i
].acct_name
,
739 wcache_save_sid_to_name(domain
, NT_STATUS_OK
,
741 (*info
)[i
].acct_name
,
743 wcache_save_user(domain
, NT_STATUS_OK
, &(*info
)[i
]);
746 centry_end(centry
, "UL/%s", domain
->name
);
753 /* list all domain groups */
754 static NTSTATUS
enum_dom_groups(struct winbindd_domain
*domain
,
757 struct acct_info
**info
)
759 struct winbind_cache
*cache
= get_cache(domain
);
760 struct cache_entry
*centry
= NULL
;
767 centry
= wcache_fetch(cache
, domain
, "GL/%s/domain", domain
->name
);
771 *num_entries
= centry_uint32(centry
);
773 if (*num_entries
== 0)
776 (*info
) = talloc(mem_ctx
, sizeof(**info
) * (*num_entries
));
778 smb_panic("enum_dom_groups out of memory");
779 for (i
=0; i
<(*num_entries
); i
++) {
780 fstrcpy((*info
)[i
].acct_name
, centry_string(centry
, mem_ctx
));
781 fstrcpy((*info
)[i
].acct_desc
, centry_string(centry
, mem_ctx
));
782 (*info
)[i
].rid
= centry_uint32(centry
);
786 status
= centry
->status
;
788 DEBUG(10,("enum_dom_groups: [Cached] - cached list for domain %s status %s\n",
789 domain
->name
, get_friendly_nt_error_msg(status
) ));
798 /* Return status value returned by seq number check */
800 if (!NT_STATUS_IS_OK(domain
->last_status
))
801 return domain
->last_status
;
803 DEBUG(10,("enum_dom_groups: [Cached] - doing backend query for list for domain %s\n",
806 status
= domain
->backend
->enum_dom_groups(domain
, mem_ctx
, num_entries
, info
);
809 refresh_sequence_number(domain
, False
);
810 centry
= centry_start(domain
, status
);
813 centry_put_uint32(centry
, *num_entries
);
814 for (i
=0; i
<(*num_entries
); i
++) {
815 centry_put_string(centry
, (*info
)[i
].acct_name
);
816 centry_put_string(centry
, (*info
)[i
].acct_desc
);
817 centry_put_uint32(centry
, (*info
)[i
].rid
);
819 centry_end(centry
, "GL/%s/domain", domain
->name
);
826 /* list all domain groups */
827 static NTSTATUS
enum_local_groups(struct winbindd_domain
*domain
,
830 struct acct_info
**info
)
832 struct winbind_cache
*cache
= get_cache(domain
);
833 struct cache_entry
*centry
= NULL
;
840 centry
= wcache_fetch(cache
, domain
, "GL/%s/local", domain
->name
);
844 *num_entries
= centry_uint32(centry
);
846 if (*num_entries
== 0)
849 (*info
) = talloc(mem_ctx
, sizeof(**info
) * (*num_entries
));
851 smb_panic("enum_dom_groups out of memory");
852 for (i
=0; i
<(*num_entries
); i
++) {
853 fstrcpy((*info
)[i
].acct_name
, centry_string(centry
, mem_ctx
));
854 fstrcpy((*info
)[i
].acct_desc
, centry_string(centry
, mem_ctx
));
855 (*info
)[i
].rid
= centry_uint32(centry
);
860 /* If we are returning cached data and the domain controller
861 is down then we don't know whether the data is up to date
862 or not. Return NT_STATUS_MORE_PROCESSING_REQUIRED to
865 if (wcache_server_down(domain
)) {
866 DEBUG(10, ("enum_local_groups: returning cached user list and server was down\n"));
867 status
= NT_STATUS_MORE_PROCESSING_REQUIRED
;
869 status
= centry
->status
;
871 DEBUG(10,("enum_local_groups: [Cached] - cached list for domain %s status %s\n",
872 domain
->name
, get_friendly_nt_error_msg(status
) ));
881 /* Return status value returned by seq number check */
883 if (!NT_STATUS_IS_OK(domain
->last_status
))
884 return domain
->last_status
;
886 DEBUG(10,("enum_local_groups: [Cached] - doing backend query for list for domain %s\n",
889 status
= domain
->backend
->enum_local_groups(domain
, mem_ctx
, num_entries
, info
);
892 refresh_sequence_number(domain
, False
);
893 centry
= centry_start(domain
, status
);
896 centry_put_uint32(centry
, *num_entries
);
897 for (i
=0; i
<(*num_entries
); i
++) {
898 centry_put_string(centry
, (*info
)[i
].acct_name
);
899 centry_put_string(centry
, (*info
)[i
].acct_desc
);
900 centry_put_uint32(centry
, (*info
)[i
].rid
);
902 centry_end(centry
, "GL/%s/local", domain
->name
);
909 /* convert a single name to a sid in a domain */
910 static NTSTATUS
name_to_sid(struct winbindd_domain
*domain
,
914 enum SID_NAME_USE
*type
)
916 struct winbind_cache
*cache
= get_cache(domain
);
917 struct cache_entry
*centry
= NULL
;
925 fstrcpy(uname
, name
);
927 centry
= wcache_fetch(cache
, domain
, "NS/%s/%s", domain
->name
, uname
);
930 *type
= (enum SID_NAME_USE
)centry_uint32(centry
);
931 sid2
= centry_sid(centry
, mem_ctx
);
938 status
= centry
->status
;
940 DEBUG(10,("name_to_sid: [Cached] - cached name for domain %s status %s\n",
941 domain
->name
, get_friendly_nt_error_msg(status
) ));
949 /* If the seq number check indicated that there is a problem
950 * with this DC, then return that status... except for
951 * access_denied. This is special because the dc may be in
952 * "restrict anonymous = 1" mode, in which case it will deny
953 * most unauthenticated operations, but *will* allow the LSA
954 * name-to-sid that we try as a fallback. */
956 if (!(NT_STATUS_IS_OK(domain
->last_status
)
957 || NT_STATUS_EQUAL(domain
->last_status
, NT_STATUS_ACCESS_DENIED
)))
958 return domain
->last_status
;
960 DEBUG(10,("name_to_sid: [Cached] - doing backend query for name for domain %s\n",
963 status
= domain
->backend
->name_to_sid(domain
, mem_ctx
, name
, sid
, type
);
966 wcache_save_name_to_sid(domain
, status
, name
, sid
, *type
);
968 /* We can't save the sid to name mapping as we don't know the
969 correct case of the name without looking it up */
974 /* convert a sid to a user or group name. The sid is guaranteed to be in the domain
976 static NTSTATUS
sid_to_name(struct winbindd_domain
*domain
,
980 enum SID_NAME_USE
*type
)
982 struct winbind_cache
*cache
= get_cache(domain
);
983 struct cache_entry
*centry
= NULL
;
990 centry
= wcache_fetch(cache
, domain
, "SN/%s", sid_to_string(sid_string
, sid
));
993 if (NT_STATUS_IS_OK(centry
->status
)) {
994 *type
= (enum SID_NAME_USE
)centry_uint32(centry
);
995 *name
= centry_string(centry
, mem_ctx
);
997 status
= centry
->status
;
999 DEBUG(10,("sid_to_name: [Cached] - cached name for domain %s status %s\n",
1000 domain
->name
, get_friendly_nt_error_msg(status
) ));
1002 centry_free(centry
);
1008 /* If the seq number check indicated that there is a problem
1009 * with this DC, then return that status... except for
1010 * access_denied. This is special because the dc may be in
1011 * "restrict anonymous = 1" mode, in which case it will deny
1012 * most unauthenticated operations, but *will* allow the LSA
1013 * sid-to-name that we try as a fallback. */
1015 if (!(NT_STATUS_IS_OK(domain
->last_status
)
1016 || NT_STATUS_EQUAL(domain
->last_status
, NT_STATUS_ACCESS_DENIED
)))
1017 return domain
->last_status
;
1019 DEBUG(10,("sid_to_name: [Cached] - doing backend query for name for domain %s\n",
1022 status
= domain
->backend
->sid_to_name(domain
, mem_ctx
, sid
, name
, type
);
1025 refresh_sequence_number(domain
, False
);
1026 wcache_save_sid_to_name(domain
, status
, sid
, *name
, *type
);
1027 wcache_save_name_to_sid(domain
, status
, *name
, sid
, *type
);
1033 /* Lookup user information from a rid */
1034 static NTSTATUS
query_user(struct winbindd_domain
*domain
,
1035 TALLOC_CTX
*mem_ctx
,
1037 WINBIND_USERINFO
*info
)
1039 struct winbind_cache
*cache
= get_cache(domain
);
1040 struct cache_entry
*centry
= NULL
;
1046 centry
= wcache_fetch(cache
, domain
, "U/%s", sid_string_static(user_sid
));
1048 /* If we have an access denied cache entry and a cached info3 in the
1049 samlogon cache then do a query. This will force the rpc back end
1050 to return the info3 data. */
1052 if (NT_STATUS_V(domain
->last_status
) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED
) &&
1053 netsamlogon_cache_have(user_sid
)) {
1054 DEBUG(10, ("query_user: cached access denied and have cached info3\n"));
1055 domain
->last_status
= NT_STATUS_OK
;
1056 centry_free(centry
);
1063 info
->acct_name
= centry_string(centry
, mem_ctx
);
1064 info
->full_name
= centry_string(centry
, mem_ctx
);
1065 info
->user_sid
= centry_sid(centry
, mem_ctx
);
1066 info
->group_sid
= centry_sid(centry
, mem_ctx
);
1067 status
= centry
->status
;
1069 DEBUG(10,("query_user: [Cached] - cached info for domain %s status %s\n",
1070 domain
->name
, get_friendly_nt_error_msg(status
) ));
1072 centry_free(centry
);
1078 /* Return status value returned by seq number check */
1080 if (!NT_STATUS_IS_OK(domain
->last_status
))
1081 return domain
->last_status
;
1083 DEBUG(10,("sid_to_name: [Cached] - doing backend query for info for domain %s\n",
1086 status
= domain
->backend
->query_user(domain
, mem_ctx
, user_sid
, info
);
1089 refresh_sequence_number(domain
, False
);
1090 wcache_save_user(domain
, status
, info
);
1096 /* Lookup groups a user is a member of. */
1097 static NTSTATUS
lookup_usergroups(struct winbindd_domain
*domain
,
1098 TALLOC_CTX
*mem_ctx
,
1100 uint32
*num_groups
, DOM_SID
***user_gids
)
1102 struct winbind_cache
*cache
= get_cache(domain
);
1103 struct cache_entry
*centry
= NULL
;
1111 centry
= wcache_fetch(cache
, domain
, "UG/%s", sid_to_string(sid_string
, user_sid
));
1113 /* If we have an access denied cache entry and a cached info3 in the
1114 samlogon cache then do a query. This will force the rpc back end
1115 to return the info3 data. */
1117 if (NT_STATUS_V(domain
->last_status
) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED
) &&
1118 netsamlogon_cache_have(user_sid
)) {
1119 DEBUG(10, ("query_user: cached access denied and have cached info3\n"));
1120 domain
->last_status
= NT_STATUS_OK
;
1121 centry_free(centry
);
1128 *num_groups
= centry_uint32(centry
);
1130 if (*num_groups
== 0)
1133 (*user_gids
) = talloc(mem_ctx
, sizeof(**user_gids
) * (*num_groups
));
1135 smb_panic("lookup_usergroups out of memory");
1136 for (i
=0; i
<(*num_groups
); i
++) {
1137 (*user_gids
)[i
] = centry_sid(centry
, mem_ctx
);
1141 status
= centry
->status
;
1143 DEBUG(10,("lookup_usergroups: [Cached] - cached info for domain %s status %s\n",
1144 domain
->name
, get_friendly_nt_error_msg(status
) ));
1146 centry_free(centry
);
1151 (*user_gids
) = NULL
;
1153 /* Return status value returned by seq number check */
1155 if (!NT_STATUS_IS_OK(domain
->last_status
))
1156 return domain
->last_status
;
1158 DEBUG(10,("lookup_usergroups: [Cached] - doing backend query for info for domain %s\n",
1161 status
= domain
->backend
->lookup_usergroups(domain
, mem_ctx
, user_sid
, num_groups
, user_gids
);
1164 refresh_sequence_number(domain
, False
);
1165 centry
= centry_start(domain
, status
);
1168 centry_put_uint32(centry
, *num_groups
);
1169 for (i
=0; i
<(*num_groups
); i
++) {
1170 centry_put_sid(centry
, (*user_gids
)[i
]);
1172 centry_end(centry
, "UG/%s", sid_to_string(sid_string
, user_sid
));
1173 centry_free(centry
);
1180 static NTSTATUS
lookup_groupmem(struct winbindd_domain
*domain
,
1181 TALLOC_CTX
*mem_ctx
,
1182 DOM_SID
*group_sid
, uint32
*num_names
,
1183 DOM_SID
***sid_mem
, char ***names
,
1184 uint32
**name_types
)
1186 struct winbind_cache
*cache
= get_cache(domain
);
1187 struct cache_entry
*centry
= NULL
;
1195 centry
= wcache_fetch(cache
, domain
, "GM/%s", sid_to_string(sid_string
, group_sid
));
1199 *num_names
= centry_uint32(centry
);
1201 if (*num_names
== 0)
1204 (*sid_mem
) = talloc(mem_ctx
, sizeof(**sid_mem
) * (*num_names
));
1205 (*names
) = talloc(mem_ctx
, sizeof(**names
) * (*num_names
));
1206 (*name_types
) = talloc(mem_ctx
, sizeof(**name_types
) * (*num_names
));
1208 if (! (*sid_mem
) || ! (*names
) || ! (*name_types
)) {
1209 smb_panic("lookup_groupmem out of memory");
1212 for (i
=0; i
<(*num_names
); i
++) {
1213 (*sid_mem
)[i
] = centry_sid(centry
, mem_ctx
);
1214 (*names
)[i
] = centry_string(centry
, mem_ctx
);
1215 (*name_types
)[i
] = centry_uint32(centry
);
1219 status
= centry
->status
;
1221 DEBUG(10,("lookup_groupmem: [Cached] - cached info for domain %s status %s\n",
1222 domain
->name
, get_friendly_nt_error_msg(status
) ));
1224 centry_free(centry
);
1231 (*name_types
) = NULL
;
1233 /* Return status value returned by seq number check */
1235 if (!NT_STATUS_IS_OK(domain
->last_status
))
1236 return domain
->last_status
;
1238 DEBUG(10,("lookup_groupmem: [Cached] - doing backend query for info for domain %s\n",
1241 status
= domain
->backend
->lookup_groupmem(domain
, mem_ctx
, group_sid
, num_names
,
1242 sid_mem
, names
, name_types
);
1245 refresh_sequence_number(domain
, False
);
1246 centry
= centry_start(domain
, status
);
1249 centry_put_uint32(centry
, *num_names
);
1250 for (i
=0; i
<(*num_names
); i
++) {
1251 centry_put_sid(centry
, (*sid_mem
)[i
]);
1252 centry_put_string(centry
, (*names
)[i
]);
1253 centry_put_uint32(centry
, (*name_types
)[i
]);
1255 centry_end(centry
, "GM/%s", sid_to_string(sid_string
, group_sid
));
1256 centry_free(centry
);
1262 /* find the sequence number for a domain */
1263 static NTSTATUS
sequence_number(struct winbindd_domain
*domain
, uint32
*seq
)
1265 refresh_sequence_number(domain
, False
);
1267 *seq
= domain
->sequence_number
;
1269 return NT_STATUS_OK
;
1272 /* enumerate trusted domains */
1273 static NTSTATUS
trusted_domains(struct winbindd_domain
*domain
,
1274 TALLOC_CTX
*mem_ctx
,
1275 uint32
*num_domains
,
1282 DEBUG(10,("trusted_domains: [Cached] - doing backend query for info for domain %s\n",
1285 /* we don't cache this call */
1286 return domain
->backend
->trusted_domains(domain
, mem_ctx
, num_domains
,
1287 names
, alt_names
, dom_sids
);
1290 /* find the domain sid */
1291 static NTSTATUS
domain_sid(struct winbindd_domain
*domain
, DOM_SID
*sid
)
1295 DEBUG(10,("domain_sid: [Cached] - doing backend query for info for domain %s\n",
1298 /* we don't cache this call */
1299 return domain
->backend
->domain_sid(domain
, sid
);
1302 /* find the alternate names for the domain, if any */
1303 static NTSTATUS
alternate_name(struct winbindd_domain
*domain
)
1307 DEBUG(10,("alternate_name: [Cached] - doing backend query for info for domain %s\n",
1310 /* we don't cache this call */
1311 return domain
->backend
->alternate_name(domain
);
1314 /* Invalidate cached user and group lists coherently */
1316 static int traverse_fn(TDB_CONTEXT
*the_tdb
, TDB_DATA kbuf
, TDB_DATA dbuf
,
1319 if (strncmp(kbuf
.dptr
, "UL/", 3) == 0 ||
1320 strncmp(kbuf
.dptr
, "GL/", 3) == 0)
1321 tdb_delete(the_tdb
, kbuf
);
1326 /* Invalidate the getpwnam and getgroups entries for a winbindd domain */
1328 void wcache_invalidate_samlogon(struct winbindd_domain
*domain
,
1329 NET_USER_INFO_3
*info3
)
1331 struct winbind_cache
*cache
;
1336 cache
= get_cache(domain
);
1337 netsamlogon_clear_cached_user(cache
->tdb
, info3
);
1340 void wcache_invalidate_cache(void)
1342 struct winbindd_domain
*domain
;
1344 for (domain
= domain_list(); domain
; domain
= domain
->next
) {
1345 struct winbind_cache
*cache
= get_cache(domain
);
1347 DEBUG(10, ("wcache_invalidate_cache: invalidating cache "
1348 "entries for %s\n", domain
->name
));
1350 tdb_traverse(cache
->tdb
, traverse_fn
, NULL
);
1354 /* the ADS backend methods are exposed via this structure */
1355 struct winbindd_methods cache_methods
= {