mount.cifs: check access of credential files before opening
[Samba/gebeck_regimport.git] / source3 / libsmb / trustdom_cache.c
blobeb52b3588d58d1f4d6ca2d00164ccc64859b28d7
1 /*
2 Unix SMB/CIFS implementation.
4 Trusted domain names cache on top of gencache.
6 Copyright (C) Rafal Szczesniak 2002
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "includes.h"
24 #undef DBGC_CLASS
25 #define DBGC_CLASS DBGC_ALL /* there's no proper class yet */
27 #define TDOMKEY_FMT "TDOM/%s"
28 #define TDOMTSKEY "TDOMCACHE/TIMESTAMP"
31 /**
32 * @file trustdom_cache.c
34 * Implementation of trusted domain names cache useful when
35 * samba acts as domain member server. In such case, caching
36 * domain names currently trusted gives a performance gain
37 * because there's no need to query PDC each time we need
38 * list of trusted domains
39 **/
41 /**
42 * Initialise trustdom name caching system. Call gencache
43 * initialisation routine to perform necessary activities.
45 * @return true upon successful cache initialisation or
46 * false if cache init failed
47 **/
49 bool trustdom_cache_enable(void)
51 return True;
55 /**
56 * Shutdown trustdom name caching system. Calls gencache
57 * shutdown function.
59 * @return true upon successful cache close or
60 * false if it failed
61 **/
63 bool trustdom_cache_shutdown(void)
65 return True;
69 /**
70 * Form up trustdom name key. It is based only
71 * on domain name now.
73 * @param name trusted domain name
74 * @return cache key for use in gencache mechanism
75 **/
77 static char* trustdom_cache_key(const char* name)
79 char* keystr = NULL;
80 asprintf_strupper_m(&keystr, TDOMKEY_FMT, name);
82 return keystr;
86 /**
87 * Store trusted domain in gencache as the domain name (key)
88 * and trusted domain's SID (value)
90 * @param name trusted domain name
91 * @param alt_name alternative trusted domain name (used in ADS domains)
92 * @param sid trusted domain's SID
93 * @param timeout cache entry expiration time
94 * @return true upon successful value storing or
95 * false if store attempt failed
96 **/
98 bool trustdom_cache_store(char* name, char* alt_name, const DOM_SID *sid,
99 time_t timeout)
101 char *key, *alt_key;
102 fstring sid_string;
103 bool ret;
105 DEBUG(5, ("trustdom_store: storing SID %s of domain %s\n",
106 sid_string_dbg(sid), name));
108 key = trustdom_cache_key(name);
109 alt_key = alt_name ? trustdom_cache_key(alt_name) : NULL;
111 /* Generate string representation domain SID */
112 sid_to_fstring(sid_string, sid);
115 * try to put the names in the cache
117 if (alt_key) {
118 ret = gencache_set(alt_key, sid_string, timeout);
119 if ( ret ) {
120 ret = gencache_set(key, sid_string, timeout);
122 SAFE_FREE(alt_key);
123 SAFE_FREE(key);
124 return ret;
127 ret = gencache_set(key, sid_string, timeout);
128 SAFE_FREE(key);
129 return ret;
134 * Fetch trusted domain's SID from the gencache.
135 * This routine can also be used to check whether given
136 * domain is currently trusted one.
138 * @param name trusted domain name
139 * @param sid trusted domain's SID to be returned
140 * @return true if entry is found or
141 * false if has expired/doesn't exist
144 bool trustdom_cache_fetch(const char* name, DOM_SID* sid)
146 char *key = NULL, *value = NULL;
147 time_t timeout;
149 /* exit now if null pointers were passed as they're required further */
150 if (!sid)
151 return False;
153 /* prepare a key and get the value */
154 key = trustdom_cache_key(name);
155 if (!key)
156 return False;
158 if (!gencache_get(key, &value, &timeout)) {
159 DEBUG(5, ("no entry for trusted domain %s found.\n", name));
160 SAFE_FREE(key);
161 return False;
162 } else {
163 SAFE_FREE(key);
164 DEBUG(5, ("trusted domain %s found (%s)\n", name, value));
167 /* convert sid string representation into DOM_SID structure */
168 if(! string_to_sid(sid, value)) {
169 sid = NULL;
170 SAFE_FREE(value);
171 return False;
174 SAFE_FREE(value);
175 return True;
179 /*******************************************************************
180 fetch the timestamp from the last update
181 *******************************************************************/
183 uint32 trustdom_cache_fetch_timestamp( void )
185 char *value = NULL;
186 time_t timeout;
187 uint32 timestamp;
189 if (!gencache_get(TDOMTSKEY, &value, &timeout)) {
190 DEBUG(5, ("no timestamp for trusted domain cache located.\n"));
191 SAFE_FREE(value);
192 return 0;
195 timestamp = atoi(value);
197 SAFE_FREE(value);
198 return timestamp;
201 /*******************************************************************
202 store the timestamp from the last update
203 *******************************************************************/
205 bool trustdom_cache_store_timestamp( uint32 t, time_t timeout )
207 fstring value;
209 fstr_sprintf(value, "%d", t );
211 if (!gencache_set(TDOMTSKEY, value, timeout)) {
212 DEBUG(5, ("failed to set timestamp for trustdom_cache\n"));
213 return False;
216 return True;
221 * Delete single trustdom entry. Look at the
222 * gencache_iterate definition.
226 static void flush_trustdom_name(const char* key, const char *value, time_t timeout, void* dptr)
228 gencache_del(key);
229 DEBUG(5, ("Deleting entry %s\n", key));
234 * Flush all the trusted domains entries from the cache.
237 void trustdom_cache_flush(void)
240 * iterate through each TDOM cache's entry and flush it
241 * by flush_trustdom_name function
243 gencache_iterate(flush_trustdom_name, NULL, trustdom_cache_key("*"));
244 DEBUG(5, ("Trusted domains cache flushed\n"));
247 /********************************************************************
248 update the trustdom_cache if needed
249 ********************************************************************/
250 #define TRUSTDOM_UPDATE_INTERVAL 600
252 void update_trustdom_cache( void )
254 char **domain_names;
255 DOM_SID *dom_sids;
256 uint32 num_domains;
257 uint32 last_check;
258 int time_diff;
259 TALLOC_CTX *mem_ctx = NULL;
260 time_t now = time(NULL);
261 int i;
263 /* get the timestamp. We have to initialise it if the last timestamp == 0 */
264 if ( (last_check = trustdom_cache_fetch_timestamp()) == 0 )
265 trustdom_cache_store_timestamp(0, now+TRUSTDOM_UPDATE_INTERVAL);
267 time_diff = (int) (now - last_check);
269 if ( (time_diff > 0) && (time_diff < TRUSTDOM_UPDATE_INTERVAL) ) {
270 DEBUG(10,("update_trustdom_cache: not time to update trustdom_cache yet\n"));
271 return;
274 /* note that we don't lock the timestamp. This prevents this
275 smbd from blocking all other smbd daemons while we
276 enumerate the trusted domains */
277 trustdom_cache_store_timestamp(now, now+TRUSTDOM_UPDATE_INTERVAL);
279 if ( !(mem_ctx = talloc_init("update_trustdom_cache")) ) {
280 DEBUG(0,("update_trustdom_cache: talloc_init() failed!\n"));
281 goto done;
284 /* get the domains and store them */
286 if ( enumerate_domain_trusts(mem_ctx, lp_workgroup(), &domain_names,
287 &num_domains, &dom_sids)) {
288 for ( i=0; i<num_domains; i++ ) {
289 trustdom_cache_store( domain_names[i], NULL, &dom_sids[i],
290 now+TRUSTDOM_UPDATE_INTERVAL);
292 } else {
293 /* we failed to fetch the list of trusted domains - restore the old
294 timestamp */
295 trustdom_cache_store_timestamp(last_check,
296 last_check+TRUSTDOM_UPDATE_INTERVAL);
299 done:
300 talloc_destroy( mem_ctx );
302 return;