Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : Winbind cache backend functions
5 :
6 : Copyright (C) Andrew Tridgell 2001
7 : Copyright (C) Gerald Carter 2003-2007
8 : Copyright (C) Volker Lendecke 2005
9 : Copyright (C) Guenther Deschner 2005
10 : Copyright (C) Michael Adam 2007
11 :
12 : This program is free software; you can redistribute it and/or modify
13 : it under the terms of the GNU General Public License as published by
14 : the Free Software Foundation; either version 3 of the License, or
15 : (at your option) any later version.
16 :
17 : This program is distributed in the hope that it will be useful,
18 : but WITHOUT ANY WARRANTY; without even the implied warranty of
19 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 : GNU General Public License for more details.
21 :
22 : You should have received a copy of the GNU General Public License
23 : along with this program. If not, see <http://www.gnu.org/licenses/>.
24 : */
25 :
26 : #include "includes.h"
27 : #include "system/filesys.h"
28 : #include "winbindd.h"
29 : #include "tdb_validate.h"
30 : #include "../libcli/auth/libcli_auth.h"
31 : #include "../librpc/gen_ndr/ndr_winbind.h"
32 : #include "ads.h"
33 : #include "nss_info.h"
34 : #include "../libcli/security/security.h"
35 : #include "passdb/machine_sid.h"
36 : #include "util_tdb.h"
37 : #include "libsmb/samlogon_cache.h"
38 : #include "lib/namemap_cache.h"
39 : #include "lib/util/string_wrappers.h"
40 :
41 : #include "lib/crypto/gnutls_helpers.h"
42 : #include <gnutls/crypto.h>
43 :
44 : #undef DBGC_CLASS
45 : #define DBGC_CLASS DBGC_WINBIND
46 :
47 : #define WINBINDD_CACHE_VER1 1 /* initial db version */
48 : #define WINBINDD_CACHE_VER2 2 /* second version with timeouts for NDR entries */
49 :
50 : #define WINBINDD_CACHE_VERSION WINBINDD_CACHE_VER2
51 : #define WINBINDD_CACHE_VERSION_KEYSTR "WINBINDD_CACHE_VERSION"
52 :
53 : extern struct winbindd_methods reconnect_methods;
54 : #ifdef HAVE_ADS
55 : extern struct winbindd_methods reconnect_ads_methods;
56 : #endif
57 : extern struct winbindd_methods builtin_passdb_methods;
58 : extern struct winbindd_methods sam_passdb_methods;
59 :
60 : static void wcache_flush_cache(void);
61 :
62 : static bool opt_nocache = False;
63 :
64 : /*
65 : * JRA. KEEP THIS LIST UP TO DATE IF YOU ADD CACHE ENTRIES.
66 : * Here are the list of entry types that are *not* stored
67 : * as form struct cache_entry in the cache.
68 : */
69 :
70 : static const char *non_centry_keys[] = {
71 : "SEQNUM/",
72 : "WINBINDD_OFFLINE",
73 : WINBINDD_CACHE_VERSION_KEYSTR,
74 : NULL
75 : };
76 :
77 64077 : bool winbindd_use_idmap_cache(void)
78 : {
79 64077 : return !opt_nocache;
80 : }
81 :
82 0 : bool winbindd_use_cache(void)
83 : {
84 0 : return !opt_nocache;
85 : }
86 :
87 0 : void winbindd_set_use_cache(bool use_cache)
88 : {
89 0 : opt_nocache = !use_cache;
90 0 : }
91 :
92 6 : void winbindd_flush_caches(void)
93 : {
94 : /* We need to invalidate cached user list entries on a SIGHUP
95 : otherwise cached access denied errors due to restrict anonymous
96 : hang around until the sequence number changes. */
97 :
98 6 : if (!wcache_invalidate_cache()) {
99 0 : DEBUG(0, ("invalidating the cache failed; revalidate the cache\n"));
100 0 : if (!winbindd_cache_validate_and_initialize()) {
101 0 : exit(1);
102 : }
103 : }
104 6 : }
105 :
106 : /************************************************************************
107 : Is this key a non-centry type ?
108 : ************************************************************************/
109 :
110 0 : static bool is_non_centry_key(TDB_DATA kbuf)
111 : {
112 : int i;
113 :
114 0 : if (kbuf.dptr == NULL || kbuf.dsize == 0) {
115 0 : return false;
116 : }
117 0 : for (i = 0; non_centry_keys[i] != NULL; i++) {
118 0 : size_t namelen = strlen(non_centry_keys[i]);
119 0 : if (kbuf.dsize < namelen) {
120 0 : continue;
121 : }
122 0 : if (strncmp(non_centry_keys[i], (const char *)kbuf.dptr, namelen) == 0) {
123 0 : return true;
124 : }
125 : }
126 0 : return false;
127 : }
128 :
129 : struct winbind_cache {
130 : TDB_CONTEXT *tdb;
131 : };
132 :
133 : struct cache_entry {
134 : NTSTATUS status;
135 : uint32_t sequence_number;
136 : uint64_t timeout;
137 : uint8_t *data;
138 : uint32_t len, ofs;
139 : };
140 :
141 : void (*smb_panic_fn)(const char *const why) = smb_panic;
142 :
143 : static struct winbind_cache *wcache;
144 :
145 266 : static char *wcache_path(void)
146 : {
147 : /*
148 : * Data needs to be kept persistent in state directory for
149 : * running with "winbindd offline logon".
150 : */
151 266 : return state_path(talloc_tos(), "winbindd_cache.tdb");
152 : }
153 :
154 637 : static void winbindd_domain_init_backend(struct winbindd_domain *domain)
155 : {
156 637 : if (domain->backend != NULL) {
157 620 : return;
158 : }
159 :
160 17 : if (domain->internal) {
161 4 : domain->backend = &builtin_passdb_methods;
162 : }
163 :
164 17 : if (dom_sid_equal(&domain->sid, &global_sid_Builtin)) {
165 2 : domain->initialized = true;
166 : }
167 :
168 19 : if (strequal(domain->name, get_global_sam_name()) &&
169 2 : sid_check_is_our_sam(&domain->sid))
170 : {
171 2 : domain->backend = &sam_passdb_methods;
172 : }
173 :
174 17 : if (!domain->initialized) {
175 : /* We do not need a connection to an RW DC for cache operation */
176 2 : init_dc_connection(domain, false);
177 : }
178 :
179 : #ifdef HAVE_ADS
180 17 : if (domain->backend == NULL) {
181 13 : struct winbindd_domain *our_domain = domain;
182 :
183 : /* find our domain first so we can figure out if we
184 : are joined to a kerberized domain */
185 :
186 13 : if (!domain->primary) {
187 2 : our_domain = find_our_domain();
188 : }
189 :
190 13 : if ((our_domain->active_directory || IS_DC)
191 13 : && domain->active_directory
192 13 : && !lp_winbind_rpc_only())
193 : {
194 13 : DBG_INFO("Setting ADS methods for domain %s\n",
195 : domain->name);
196 13 : domain->backend = &reconnect_ads_methods;
197 : }
198 : }
199 : #endif /* HAVE_ADS */
200 :
201 17 : if (domain->backend == NULL) {
202 0 : DBG_INFO("Setting MS-RPC methods for domain %s\n", domain->name);
203 0 : domain->backend = &reconnect_methods;
204 : }
205 : }
206 :
207 : /* get the winbind_cache structure */
208 637 : static struct winbind_cache *get_cache(struct winbindd_domain *domain)
209 : {
210 637 : struct winbind_cache *ret = wcache;
211 :
212 637 : winbindd_domain_init_backend(domain);
213 :
214 637 : if (ret != NULL) {
215 637 : return ret;
216 : }
217 :
218 0 : ret = SMB_XMALLOC_P(struct winbind_cache);
219 0 : ZERO_STRUCTP(ret);
220 :
221 0 : wcache = ret;
222 0 : wcache_flush_cache();
223 :
224 0 : return ret;
225 : }
226 :
227 : /*
228 : free a centry structure
229 : */
230 24 : static void centry_free(struct cache_entry *centry)
231 : {
232 24 : if (!centry)
233 0 : return;
234 24 : SAFE_FREE(centry->data);
235 24 : free(centry);
236 : }
237 :
238 176 : static bool centry_check_bytes(struct cache_entry *centry, size_t nbytes)
239 : {
240 176 : if (centry->len - centry->ofs < nbytes) {
241 0 : DEBUG(0,("centry corruption? needed %u bytes, have %d\n",
242 : (unsigned int)nbytes,
243 : centry->len - centry->ofs));
244 0 : return false;
245 : }
246 176 : return true;
247 : }
248 :
249 : /*
250 : pull a uint64_t from a cache entry
251 : */
252 24 : static uint64_t centry_uint64_t(struct cache_entry *centry)
253 : {
254 : uint64_t ret;
255 :
256 24 : if (!centry_check_bytes(centry, 8)) {
257 0 : smb_panic_fn("centry_uint64_t");
258 : }
259 24 : ret = BVAL(centry->data, centry->ofs);
260 24 : centry->ofs += 8;
261 24 : return ret;
262 : }
263 :
264 : /*
265 : pull a uint32_t from a cache entry
266 : */
267 48 : static uint32_t centry_uint32(struct cache_entry *centry)
268 : {
269 : uint32_t ret;
270 :
271 48 : if (!centry_check_bytes(centry, 4)) {
272 0 : smb_panic_fn("centry_uint32");
273 : }
274 48 : ret = IVAL(centry->data, centry->ofs);
275 48 : centry->ofs += 4;
276 48 : return ret;
277 : }
278 :
279 : /*
280 : pull a uint16_t from a cache entry
281 : */
282 8 : static uint16_t centry_uint16(struct cache_entry *centry)
283 : {
284 : uint16_t ret;
285 8 : if (!centry_check_bytes(centry, 2)) {
286 0 : smb_panic_fn("centry_uint16");
287 : }
288 8 : ret = SVAL(centry->data, centry->ofs);
289 8 : centry->ofs += 2;
290 8 : return ret;
291 : }
292 :
293 : /*
294 : pull a uint8_t from a cache entry
295 : */
296 32 : static uint8_t centry_uint8(struct cache_entry *centry)
297 : {
298 : uint8_t ret;
299 32 : if (!centry_check_bytes(centry, 1)) {
300 0 : smb_panic_fn("centry_uint8");
301 : }
302 32 : ret = CVAL(centry->data, centry->ofs);
303 32 : centry->ofs += 1;
304 32 : return ret;
305 : }
306 :
307 : /*
308 : pull a NTTIME from a cache entry
309 : */
310 32 : static NTTIME centry_nttime(struct cache_entry *centry)
311 : {
312 : NTTIME ret;
313 32 : if (!centry_check_bytes(centry, 8)) {
314 0 : smb_panic_fn("centry_nttime");
315 : }
316 32 : ret = IVAL(centry->data, centry->ofs);
317 32 : centry->ofs += 4;
318 32 : ret += (uint64_t)IVAL(centry->data, centry->ofs) << 32;
319 32 : centry->ofs += 4;
320 32 : return ret;
321 : }
322 :
323 : /*
324 : pull a time_t from a cache entry. time_t stored portably as a 64-bit time.
325 : */
326 16 : static time_t centry_time(struct cache_entry *centry)
327 : {
328 16 : return (time_t)centry_nttime(centry);
329 : }
330 :
331 : /* pull a string from a cache entry, using the supplied
332 : talloc context
333 : */
334 0 : static char *centry_string(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
335 : {
336 : uint32_t len;
337 : char *ret;
338 :
339 0 : len = centry_uint8(centry);
340 :
341 0 : if (len == 0xFF) {
342 : /* a deliberate NULL string */
343 0 : return NULL;
344 : }
345 :
346 0 : if (!centry_check_bytes(centry, (size_t)len)) {
347 0 : smb_panic_fn("centry_string");
348 : }
349 :
350 0 : ret = talloc_array(mem_ctx, char, len+1);
351 0 : if (!ret) {
352 0 : smb_panic_fn("centry_string out of memory\n");
353 : }
354 0 : memcpy(ret,centry->data + centry->ofs, len);
355 0 : ret[len] = 0;
356 0 : centry->ofs += len;
357 0 : return ret;
358 : }
359 :
360 : /* pull a hash16 from a cache entry, using the supplied
361 : talloc context
362 : */
363 32 : static char *centry_hash16(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
364 : {
365 : uint32_t len;
366 : char *ret;
367 :
368 32 : len = centry_uint8(centry);
369 :
370 32 : if (len != 16) {
371 0 : DEBUG(0,("centry corruption? hash len (%u) != 16\n",
372 : len ));
373 0 : return NULL;
374 : }
375 :
376 32 : if (!centry_check_bytes(centry, 16)) {
377 0 : return NULL;
378 : }
379 :
380 32 : ret = talloc_array(mem_ctx, char, 16);
381 32 : if (!ret) {
382 0 : smb_panic_fn("centry_hash out of memory\n");
383 : }
384 32 : memcpy(ret,centry->data + centry->ofs, 16);
385 32 : centry->ofs += 16;
386 32 : return ret;
387 : }
388 :
389 : /* pull a sid from a cache entry, using the supplied
390 : talloc context
391 : */
392 0 : static bool centry_sid(struct cache_entry *centry, struct dom_sid *sid)
393 : {
394 : char *sid_string;
395 : bool ret;
396 :
397 0 : sid_string = centry_string(centry, talloc_tos());
398 0 : if (sid_string == NULL) {
399 0 : return false;
400 : }
401 0 : ret = string_to_sid(sid, sid_string);
402 0 : TALLOC_FREE(sid_string);
403 0 : return ret;
404 : }
405 :
406 :
407 : /*
408 : pull a NTSTATUS from a cache entry
409 : */
410 0 : static NTSTATUS centry_ntstatus(struct cache_entry *centry)
411 : {
412 : NTSTATUS status;
413 :
414 0 : status = NT_STATUS(centry_uint32(centry));
415 0 : return status;
416 : }
417 :
418 :
419 : /* the server is considered down if it can't give us a sequence number */
420 0 : static bool wcache_server_down(struct winbindd_domain *domain)
421 : {
422 : bool ret;
423 :
424 0 : if (!wcache->tdb)
425 0 : return false;
426 :
427 0 : ret = (domain->sequence_number == DOM_SEQUENCE_NONE);
428 :
429 0 : if (ret)
430 0 : DEBUG(10,("wcache_server_down: server for Domain %s down\n",
431 : domain->name ));
432 0 : return ret;
433 : }
434 :
435 : struct wcache_seqnum_state {
436 : uint32_t *seqnum;
437 : uint32_t *last_seq_check;
438 : };
439 :
440 7606 : static int wcache_seqnum_parser(TDB_DATA key, TDB_DATA data,
441 : void *private_data)
442 : {
443 7606 : struct wcache_seqnum_state *state = private_data;
444 :
445 7606 : if (data.dsize != 8) {
446 0 : DEBUG(10, ("wcache_fetch_seqnum: invalid data size %d\n",
447 : (int)data.dsize));
448 0 : return -1;
449 : }
450 :
451 7606 : *state->seqnum = IVAL(data.dptr, 0);
452 7606 : *state->last_seq_check = IVAL(data.dptr, 4);
453 7606 : return 0;
454 : }
455 :
456 9034 : static bool wcache_fetch_seqnum(const char *domain_name, uint32_t *seqnum,
457 : uint32_t *last_seq_check)
458 9034 : {
459 9034 : struct wcache_seqnum_state state = {
460 : .seqnum = seqnum, .last_seq_check = last_seq_check
461 : };
462 9034 : size_t len = strlen(domain_name);
463 9034 : char keystr[len+8];
464 9034 : TDB_DATA key = { .dptr = (uint8_t *)keystr, .dsize = sizeof(keystr) };
465 : int ret;
466 :
467 9034 : if (wcache->tdb == NULL) {
468 0 : DEBUG(10,("wcache_fetch_seqnum: tdb == NULL\n"));
469 0 : return false;
470 : }
471 :
472 9034 : snprintf(keystr, sizeof(keystr), "SEQNUM/%s", domain_name);
473 :
474 9034 : ret = tdb_parse_record(wcache->tdb, key, wcache_seqnum_parser,
475 : &state);
476 9034 : return (ret == 0);
477 : }
478 :
479 615 : static NTSTATUS fetch_cache_seqnum( struct winbindd_domain *domain, time_t now )
480 : {
481 : uint32_t last_check, time_diff;
482 :
483 615 : if (!wcache_fetch_seqnum(domain->name, &domain->sequence_number,
484 : &last_check)) {
485 371 : return NT_STATUS_UNSUCCESSFUL;
486 : }
487 244 : domain->last_seq_check = last_check;
488 :
489 : /* have we expired? */
490 :
491 244 : time_diff = now - domain->last_seq_check;
492 244 : if ((int)time_diff > lp_winbind_cache_time()) {
493 24 : DEBUG(10,("fetch_cache_seqnum: timeout [%s][%u @ %u]\n",
494 : domain->name, domain->sequence_number,
495 : (uint32_t)domain->last_seq_check));
496 24 : return NT_STATUS_UNSUCCESSFUL;
497 : }
498 :
499 220 : DEBUG(10,("fetch_cache_seqnum: success [%s][%u @ %u]\n",
500 : domain->name, domain->sequence_number,
501 : (uint32_t)domain->last_seq_check));
502 :
503 220 : return NT_STATUS_OK;
504 : }
505 :
506 10 : bool wcache_store_seqnum(const char *domain_name, uint32_t seqnum,
507 : time_t last_seq_check)
508 10 : {
509 10 : size_t len = strlen(domain_name);
510 10 : char keystr[len+8];
511 10 : TDB_DATA key = { .dptr = (uint8_t *)keystr, .dsize = sizeof(keystr) };
512 : uint8_t buf[8];
513 : int ret;
514 :
515 10 : if (wcache->tdb == NULL) {
516 0 : DEBUG(10, ("wcache_store_seqnum: wcache->tdb == NULL\n"));
517 0 : return false;
518 : }
519 :
520 10 : snprintf(keystr, sizeof(keystr), "SEQNUM/%s", domain_name);
521 :
522 10 : SIVAL(buf, 0, seqnum);
523 10 : SIVAL(buf, 4, last_seq_check);
524 :
525 10 : ret = tdb_store(wcache->tdb, key, make_tdb_data(buf, sizeof(buf)),
526 : TDB_REPLACE);
527 10 : if (ret != 0) {
528 0 : DEBUG(10, ("tdb_store_bystring failed: %s\n",
529 : tdb_errorstr(wcache->tdb)));
530 0 : return false;
531 : }
532 :
533 10 : DEBUG(10, ("wcache_store_seqnum: success [%s][%u @ %u]\n",
534 : domain_name, seqnum, (unsigned)last_seq_check));
535 :
536 10 : return true;
537 : }
538 :
539 0 : static bool store_cache_seqnum( struct winbindd_domain *domain )
540 : {
541 0 : return wcache_store_seqnum(domain->name, domain->sequence_number,
542 : domain->last_seq_check);
543 : }
544 :
545 : /*
546 : refresh the domain sequence number on timeout.
547 : */
548 :
549 0 : static void refresh_sequence_number(struct winbindd_domain *domain)
550 : {
551 : NTSTATUS status;
552 : unsigned time_diff;
553 0 : time_t t = time(NULL);
554 0 : unsigned cache_time = lp_winbind_cache_time();
555 :
556 0 : if (is_domain_offline(domain)) {
557 0 : return;
558 : }
559 :
560 0 : get_cache( domain );
561 :
562 0 : time_diff = t - domain->last_seq_check;
563 :
564 : /* see if we have to refetch the domain sequence number */
565 0 : if ((time_diff < cache_time) &&
566 0 : (domain->sequence_number != DOM_SEQUENCE_NONE) &&
567 0 : NT_STATUS_IS_OK(domain->last_status)) {
568 0 : DEBUG(10, ("refresh_sequence_number: %s time ok\n", domain->name));
569 0 : goto done;
570 : }
571 :
572 : /* try to get the sequence number from the tdb cache first */
573 : /* this will update the timestamp as well */
574 :
575 0 : status = fetch_cache_seqnum( domain, t );
576 0 : if (NT_STATUS_IS_OK(status) &&
577 0 : (domain->sequence_number != DOM_SEQUENCE_NONE) &&
578 0 : NT_STATUS_IS_OK(domain->last_status)) {
579 0 : goto done;
580 : }
581 :
582 : /* just use the current time */
583 0 : domain->last_status = NT_STATUS_OK;
584 0 : domain->sequence_number = time(NULL);
585 0 : domain->last_seq_check = time(NULL);
586 :
587 : /* save the new sequence number in the cache */
588 0 : store_cache_seqnum( domain );
589 :
590 0 : done:
591 0 : DEBUG(10, ("refresh_sequence_number: %s seq number is now %d\n",
592 : domain->name, domain->sequence_number));
593 :
594 0 : return;
595 : }
596 :
597 : /*
598 : decide if a cache entry has expired
599 : */
600 0 : static bool centry_expired(struct winbindd_domain *domain, const char *keystr, struct cache_entry *centry)
601 : {
602 : /* If we've been told to be offline - stay in that state... */
603 0 : if (lp_winbind_offline_logon() && get_global_winbindd_state_offline()) {
604 0 : DEBUG(10,("centry_expired: Key %s for domain %s valid as winbindd is globally offline.\n",
605 : keystr, domain->name ));
606 0 : return false;
607 : }
608 :
609 : /* when the domain is offline return the cached entry.
610 : * This deals with transient offline states... */
611 :
612 0 : if (!domain->online) {
613 0 : DEBUG(10,("centry_expired: Key %s for domain %s valid as domain is offline.\n",
614 : keystr, domain->name ));
615 0 : return false;
616 : }
617 :
618 : /* if the server is OK and our cache entry came from when it was down then
619 : the entry is invalid */
620 0 : if ((domain->sequence_number != DOM_SEQUENCE_NONE) &&
621 0 : (centry->sequence_number == DOM_SEQUENCE_NONE)) {
622 0 : DEBUG(10,("centry_expired: Key %s for domain %s invalid sequence.\n",
623 : keystr, domain->name ));
624 0 : return true;
625 : }
626 :
627 : /* if the server is down or the cache entry is not older than the
628 : current sequence number or it did not timeout then it is OK */
629 0 : if (wcache_server_down(domain)
630 0 : || ((centry->sequence_number == domain->sequence_number)
631 0 : && ((time_t)centry->timeout > time(NULL)))) {
632 0 : DEBUG(10,("centry_expired: Key %s for domain %s is good.\n",
633 : keystr, domain->name ));
634 0 : return false;
635 : }
636 :
637 0 : DEBUG(10,("centry_expired: Key %s for domain %s expired\n",
638 : keystr, domain->name ));
639 :
640 : /* it's expired */
641 0 : return true;
642 : }
643 :
644 0 : static struct cache_entry *wcache_fetch_raw(char *kstr)
645 : {
646 : TDB_DATA data;
647 : struct cache_entry *centry;
648 : TDB_DATA key;
649 :
650 0 : key = string_tdb_data(kstr);
651 0 : data = tdb_fetch(wcache->tdb, key);
652 0 : if (!data.dptr) {
653 : /* a cache miss */
654 0 : return NULL;
655 : }
656 :
657 0 : centry = SMB_XMALLOC_P(struct cache_entry);
658 0 : centry->data = (unsigned char *)data.dptr;
659 0 : centry->len = data.dsize;
660 0 : centry->ofs = 0;
661 :
662 0 : if (centry->len < 16) {
663 : /* huh? corrupt cache? */
664 0 : DEBUG(10,("wcache_fetch_raw: Corrupt cache for key %s "
665 : "(len < 16)?\n", kstr));
666 0 : centry_free(centry);
667 0 : return NULL;
668 : }
669 :
670 0 : centry->status = centry_ntstatus(centry);
671 0 : centry->sequence_number = centry_uint32(centry);
672 0 : centry->timeout = centry_uint64_t(centry);
673 :
674 0 : return centry;
675 : }
676 :
677 22072 : static bool is_my_own_sam_domain(struct winbindd_domain *domain)
678 : {
679 33532 : if (strequal(domain->name, get_global_sam_name()) &&
680 11460 : sid_check_is_our_sam(&domain->sid)) {
681 11460 : return true;
682 : }
683 :
684 10612 : return false;
685 : }
686 :
687 10612 : static bool is_builtin_domain(struct winbindd_domain *domain)
688 : {
689 11290 : if (strequal(domain->name, "BUILTIN") &&
690 678 : sid_check_is_builtin(&domain->sid)) {
691 678 : return true;
692 : }
693 :
694 9934 : return false;
695 : }
696 :
697 : /*
698 : fetch an entry from the cache, with a varargs key. auto-fetch the sequence
699 : number and return status
700 : */
701 : static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
702 : struct winbindd_domain *domain,
703 : const char *format, ...) PRINTF_ATTRIBUTE(3,4);
704 0 : static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
705 : struct winbindd_domain *domain,
706 : const char *format, ...)
707 : {
708 : va_list ap;
709 : char *kstr;
710 : struct cache_entry *centry;
711 : int ret;
712 :
713 0 : if (!winbindd_use_cache() ||
714 0 : is_my_own_sam_domain(domain) ||
715 0 : is_builtin_domain(domain)) {
716 0 : return NULL;
717 : }
718 :
719 0 : refresh_sequence_number(domain);
720 :
721 0 : va_start(ap, format);
722 0 : ret = vasprintf(&kstr, format, ap);
723 0 : va_end(ap);
724 :
725 0 : if (ret == -1) {
726 0 : return NULL;
727 : }
728 :
729 0 : centry = wcache_fetch_raw(kstr);
730 0 : if (centry == NULL) {
731 0 : free(kstr);
732 0 : return NULL;
733 : }
734 :
735 0 : if (centry_expired(domain, kstr, centry)) {
736 :
737 0 : DEBUG(10,("wcache_fetch: entry %s expired for domain %s\n",
738 : kstr, domain->name ));
739 :
740 0 : centry_free(centry);
741 0 : free(kstr);
742 0 : return NULL;
743 : }
744 :
745 0 : DEBUG(10,("wcache_fetch: returning entry %s for domain %s\n",
746 : kstr, domain->name ));
747 :
748 0 : free(kstr);
749 0 : return centry;
750 : }
751 :
752 : static void wcache_delete(const char *format, ...) PRINTF_ATTRIBUTE(1,2);
753 0 : static void wcache_delete(const char *format, ...)
754 : {
755 : va_list ap;
756 : char *kstr;
757 : TDB_DATA key;
758 : int ret;
759 :
760 0 : va_start(ap, format);
761 0 : ret = vasprintf(&kstr, format, ap);
762 0 : va_end(ap);
763 :
764 0 : if (ret == -1) {
765 0 : return;
766 : }
767 :
768 0 : key = string_tdb_data(kstr);
769 :
770 0 : tdb_delete(wcache->tdb, key);
771 0 : free(kstr);
772 : }
773 :
774 : /*
775 : make sure we have at least len bytes available in a centry
776 : */
777 0 : static void centry_expand(struct cache_entry *centry, uint32_t len)
778 : {
779 0 : if (centry->len - centry->ofs >= len)
780 0 : return;
781 0 : centry->len *= 2;
782 0 : centry->data = SMB_REALLOC_ARRAY(centry->data, unsigned char,
783 : centry->len);
784 0 : if (!centry->data) {
785 0 : DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len));
786 0 : smb_panic_fn("out of memory in centry_expand");
787 : }
788 : }
789 :
790 : /*
791 : push a uint64_t into a centry
792 : */
793 0 : static void centry_put_uint64_t(struct cache_entry *centry, uint64_t v)
794 : {
795 0 : centry_expand(centry, 8);
796 0 : SBVAL(centry->data, centry->ofs, v);
797 0 : centry->ofs += 8;
798 0 : }
799 :
800 : /*
801 : push a uint32_t into a centry
802 : */
803 0 : static void centry_put_uint32(struct cache_entry *centry, uint32_t v)
804 : {
805 0 : centry_expand(centry, 4);
806 0 : SIVAL(centry->data, centry->ofs, v);
807 0 : centry->ofs += 4;
808 0 : }
809 :
810 : /*
811 : push a uint16_t into a centry
812 : */
813 0 : static void centry_put_uint16(struct cache_entry *centry, uint16_t v)
814 : {
815 0 : centry_expand(centry, 2);
816 0 : SSVAL(centry->data, centry->ofs, v);
817 0 : centry->ofs += 2;
818 0 : }
819 :
820 : /*
821 : push a uint8_t into a centry
822 : */
823 0 : static void centry_put_uint8(struct cache_entry *centry, uint8_t v)
824 : {
825 0 : centry_expand(centry, 1);
826 0 : SCVAL(centry->data, centry->ofs, v);
827 0 : centry->ofs += 1;
828 0 : }
829 :
830 : /*
831 : push a string into a centry
832 : */
833 0 : static void centry_put_string(struct cache_entry *centry, const char *s)
834 : {
835 : int len;
836 :
837 0 : if (!s) {
838 : /* null strings are marked as len 0xFFFF */
839 0 : centry_put_uint8(centry, 0xFF);
840 0 : return;
841 : }
842 :
843 0 : len = strlen(s);
844 : /* can't handle more than 254 char strings. Truncating is probably best */
845 0 : if (len > 254) {
846 0 : DEBUG(10,("centry_put_string: truncating len (%d) to: 254\n", len));
847 0 : len = 254;
848 : }
849 0 : centry_put_uint8(centry, len);
850 0 : centry_expand(centry, len);
851 0 : memcpy(centry->data + centry->ofs, s, len);
852 0 : centry->ofs += len;
853 : }
854 :
855 : /*
856 : push a 16 byte hash into a centry - treat as 16 byte string.
857 : */
858 0 : static void centry_put_hash16(struct cache_entry *centry, const uint8_t val[16])
859 : {
860 0 : centry_put_uint8(centry, 16);
861 0 : centry_expand(centry, 16);
862 0 : memcpy(centry->data + centry->ofs, val, 16);
863 0 : centry->ofs += 16;
864 0 : }
865 :
866 0 : static void centry_put_sid(struct cache_entry *centry, const struct dom_sid *sid)
867 : {
868 : struct dom_sid_buf sid_string;
869 0 : centry_put_string(centry, dom_sid_str_buf(sid, &sid_string));
870 0 : }
871 :
872 :
873 : /*
874 : put NTSTATUS into a centry
875 : */
876 0 : static void centry_put_ntstatus(struct cache_entry *centry, NTSTATUS status)
877 : {
878 0 : uint32_t status_value = NT_STATUS_V(status);
879 0 : centry_put_uint32(centry, status_value);
880 0 : }
881 :
882 :
883 : /*
884 : push a NTTIME into a centry
885 : */
886 0 : static void centry_put_nttime(struct cache_entry *centry, NTTIME nt)
887 : {
888 0 : centry_expand(centry, 8);
889 0 : SIVAL(centry->data, centry->ofs, nt & 0xFFFFFFFF);
890 0 : centry->ofs += 4;
891 0 : SIVAL(centry->data, centry->ofs, nt >> 32);
892 0 : centry->ofs += 4;
893 0 : }
894 :
895 : /*
896 : push a time_t into a centry - use a 64 bit size.
897 : NTTIME here is being used as a convenient 64-bit size.
898 : */
899 0 : static void centry_put_time(struct cache_entry *centry, time_t t)
900 : {
901 0 : NTTIME nt = (NTTIME)t;
902 0 : centry_put_nttime(centry, nt);
903 0 : }
904 :
905 : /*
906 : start a centry for output. When finished, call centry_end()
907 : */
908 0 : static struct cache_entry *centry_start(struct winbindd_domain *domain,
909 : NTSTATUS status)
910 : {
911 : struct cache_entry *centry;
912 :
913 0 : if (!wcache->tdb)
914 0 : return NULL;
915 :
916 0 : centry = SMB_XMALLOC_P(struct cache_entry);
917 :
918 0 : centry->len = 8192; /* reasonable default */
919 0 : centry->data = SMB_XMALLOC_ARRAY(uint8_t, centry->len);
920 0 : centry->ofs = 0;
921 0 : centry->sequence_number = domain->sequence_number;
922 0 : centry->timeout = lp_winbind_cache_time() + time(NULL);
923 0 : centry_put_ntstatus(centry, status);
924 0 : centry_put_uint32(centry, centry->sequence_number);
925 0 : centry_put_uint64_t(centry, centry->timeout);
926 0 : return centry;
927 : }
928 :
929 : /*
930 : finish a centry and write it to the tdb
931 : */
932 : static void centry_end(struct cache_entry *centry, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
933 0 : static void centry_end(struct cache_entry *centry, const char *format, ...)
934 : {
935 : va_list ap;
936 : char *kstr;
937 : TDB_DATA key, data;
938 : int ret;
939 :
940 0 : if (!winbindd_use_cache()) {
941 0 : return;
942 : }
943 :
944 0 : va_start(ap, format);
945 0 : ret = vasprintf(&kstr, format, ap);
946 0 : va_end(ap);
947 :
948 0 : if (ret == -1) {
949 0 : return;
950 : }
951 :
952 0 : key = string_tdb_data(kstr);
953 0 : data.dptr = centry->data;
954 0 : data.dsize = centry->ofs;
955 :
956 0 : tdb_store(wcache->tdb, key, data, TDB_REPLACE);
957 0 : free(kstr);
958 : }
959 :
960 615 : static void wcache_save_name_to_sid(struct winbindd_domain *domain,
961 : NTSTATUS status, const char *domain_name,
962 : const char *name, const struct dom_sid *sid,
963 : enum lsa_SidType type)
964 : {
965 : bool ok;
966 :
967 615 : ok = namemap_cache_set_name2sid(domain_name, name, sid, type,
968 615 : time(NULL) + lp_winbind_cache_time());
969 615 : if (!ok) {
970 0 : DBG_DEBUG("namemap_cache_set_name2sid failed\n");
971 : }
972 :
973 : /*
974 : * Don't store the reverse mapping. The name came from user
975 : * input, and we might not have the correct capitalization,
976 : * which is important for nsswitch.
977 : */
978 615 : }
979 :
980 0 : static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS status,
981 : const struct dom_sid *sid, const char *domain_name, const char *name, enum lsa_SidType type)
982 : {
983 : bool ok;
984 :
985 0 : ok = namemap_cache_set_sid2name(sid, domain_name, name, type,
986 0 : time(NULL) + lp_winbind_cache_time());
987 0 : if (!ok) {
988 0 : DBG_DEBUG("namemap_cache_set_sid2name failed\n");
989 : }
990 :
991 0 : if (type != SID_NAME_UNKNOWN) {
992 0 : ok = namemap_cache_set_name2sid(
993 : domain_name, name, sid, type,
994 0 : time(NULL) + lp_winbind_cache_time());
995 0 : if (!ok) {
996 0 : DBG_DEBUG("namemap_cache_set_name2sid failed\n");
997 : }
998 : }
999 0 : }
1000 :
1001 0 : static void wcache_save_lockout_policy(struct winbindd_domain *domain,
1002 : NTSTATUS status,
1003 : struct samr_DomInfo12 *lockout_policy)
1004 : {
1005 : struct cache_entry *centry;
1006 :
1007 0 : centry = centry_start(domain, status);
1008 0 : if (!centry)
1009 0 : return;
1010 :
1011 0 : centry_put_nttime(centry, lockout_policy->lockout_duration);
1012 0 : centry_put_nttime(centry, lockout_policy->lockout_window);
1013 0 : centry_put_uint16(centry, lockout_policy->lockout_threshold);
1014 :
1015 0 : centry_end(centry, "LOC_POL/%s", domain->name);
1016 :
1017 0 : DEBUG(10,("wcache_save_lockout_policy: %s\n", domain->name));
1018 :
1019 0 : centry_free(centry);
1020 : }
1021 :
1022 :
1023 :
1024 0 : static void wcache_save_password_policy(struct winbindd_domain *domain,
1025 : NTSTATUS status,
1026 : struct samr_DomInfo1 *policy)
1027 : {
1028 : struct cache_entry *centry;
1029 :
1030 0 : centry = centry_start(domain, status);
1031 0 : if (!centry)
1032 0 : return;
1033 :
1034 0 : centry_put_uint16(centry, policy->min_password_length);
1035 0 : centry_put_uint16(centry, policy->password_history_length);
1036 0 : centry_put_uint32(centry, policy->password_properties);
1037 0 : centry_put_nttime(centry, policy->max_password_age);
1038 0 : centry_put_nttime(centry, policy->min_password_age);
1039 :
1040 0 : centry_end(centry, "PWD_POL/%s", domain->name);
1041 :
1042 0 : DEBUG(10,("wcache_save_password_policy: %s\n", domain->name));
1043 :
1044 0 : centry_free(centry);
1045 : }
1046 :
1047 : /***************************************************************************
1048 : ***************************************************************************/
1049 :
1050 0 : static void wcache_save_username_alias(struct winbindd_domain *domain,
1051 : NTSTATUS status,
1052 : const char *name, const char *alias)
1053 : {
1054 : struct cache_entry *centry;
1055 : fstring uname;
1056 :
1057 0 : if ( (centry = centry_start(domain, status)) == NULL )
1058 0 : return;
1059 :
1060 0 : centry_put_string( centry, alias );
1061 :
1062 0 : fstrcpy(uname, name);
1063 0 : (void)strupper_m(uname);
1064 0 : centry_end(centry, "NSS/NA/%s", uname);
1065 :
1066 0 : DEBUG(10,("wcache_save_username_alias: %s -> %s\n", name, alias ));
1067 :
1068 0 : centry_free(centry);
1069 : }
1070 :
1071 0 : static void wcache_save_alias_username(struct winbindd_domain *domain,
1072 : NTSTATUS status,
1073 : const char *alias, const char *name)
1074 : {
1075 : struct cache_entry *centry;
1076 : fstring uname;
1077 :
1078 0 : if ( (centry = centry_start(domain, status)) == NULL )
1079 0 : return;
1080 :
1081 0 : centry_put_string( centry, name );
1082 :
1083 0 : fstrcpy(uname, alias);
1084 0 : (void)strupper_m(uname);
1085 0 : centry_end(centry, "NSS/AN/%s", uname);
1086 :
1087 0 : DEBUG(10,("wcache_save_alias_username: %s -> %s\n", alias, name ));
1088 :
1089 0 : centry_free(centry);
1090 : }
1091 :
1092 : /***************************************************************************
1093 : ***************************************************************************/
1094 :
1095 0 : NTSTATUS resolve_username_to_alias( TALLOC_CTX *mem_ctx,
1096 : struct winbindd_domain *domain,
1097 : const char *name, char **alias )
1098 : {
1099 0 : struct winbind_cache *cache = get_cache(domain);
1100 0 : struct cache_entry *centry = NULL;
1101 : NTSTATUS status;
1102 : char *upper_name;
1103 :
1104 0 : if ( domain->internal )
1105 0 : return NT_STATUS_NOT_SUPPORTED;
1106 :
1107 0 : if (!cache->tdb)
1108 0 : goto do_query;
1109 :
1110 0 : upper_name = talloc_strdup_upper(mem_ctx, name);
1111 0 : if (upper_name == NULL) {
1112 0 : return NT_STATUS_NO_MEMORY;
1113 : }
1114 :
1115 0 : centry = wcache_fetch(cache, domain, "NSS/NA/%s", upper_name);
1116 :
1117 0 : talloc_free(upper_name);
1118 :
1119 0 : if (!centry)
1120 0 : goto do_query;
1121 :
1122 0 : status = centry->status;
1123 :
1124 0 : if (!NT_STATUS_IS_OK(status)) {
1125 0 : centry_free(centry);
1126 0 : return status;
1127 : }
1128 :
1129 0 : *alias = centry_string( centry, mem_ctx );
1130 :
1131 0 : centry_free(centry);
1132 :
1133 0 : DEBUG(10,("resolve_username_to_alias: [Cached] - mapped %s to %s\n",
1134 : name, *alias ? *alias : "(none)"));
1135 :
1136 0 : return (*alias) ? NT_STATUS_OK : NT_STATUS_OBJECT_NAME_NOT_FOUND;
1137 :
1138 0 : do_query:
1139 :
1140 : /* If its not in cache and we are offline, then fail */
1141 :
1142 0 : if (is_domain_offline(domain)) {
1143 0 : DEBUG(8,("resolve_username_to_alias: rejecting query "
1144 : "in offline mode\n"));
1145 0 : return NT_STATUS_NOT_FOUND;
1146 : }
1147 :
1148 0 : status = nss_map_to_alias( mem_ctx, domain->name, name, alias );
1149 :
1150 0 : if ( NT_STATUS_IS_OK( status ) ) {
1151 0 : wcache_save_username_alias(domain, status, name, *alias);
1152 : }
1153 :
1154 0 : if ( NT_STATUS_EQUAL( status, NT_STATUS_NONE_MAPPED ) ) {
1155 0 : wcache_save_username_alias(domain, status, name, "(NULL)");
1156 : }
1157 :
1158 0 : DEBUG(5,("resolve_username_to_alias: backend query returned %s\n",
1159 : nt_errstr(status)));
1160 :
1161 0 : if ( NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) ) {
1162 0 : set_domain_offline( domain );
1163 : }
1164 :
1165 0 : return status;
1166 : }
1167 :
1168 : /***************************************************************************
1169 : ***************************************************************************/
1170 :
1171 0 : NTSTATUS resolve_alias_to_username( TALLOC_CTX *mem_ctx,
1172 : struct winbindd_domain *domain,
1173 : const char *alias, char **name )
1174 : {
1175 0 : struct winbind_cache *cache = get_cache(domain);
1176 0 : struct cache_entry *centry = NULL;
1177 : NTSTATUS status;
1178 : char *upper_name;
1179 :
1180 0 : if ( domain->internal )
1181 0 : return NT_STATUS_NOT_SUPPORTED;
1182 :
1183 0 : if (!cache->tdb)
1184 0 : goto do_query;
1185 :
1186 0 : upper_name = talloc_strdup(mem_ctx, alias);
1187 0 : if (upper_name == NULL) {
1188 0 : return NT_STATUS_NO_MEMORY;
1189 : }
1190 0 : if (!strupper_m(upper_name)) {
1191 0 : talloc_free(upper_name);
1192 0 : return NT_STATUS_INVALID_PARAMETER;
1193 : }
1194 :
1195 0 : centry = wcache_fetch(cache, domain, "NSS/AN/%s", upper_name);
1196 :
1197 0 : talloc_free(upper_name);
1198 :
1199 0 : if (!centry)
1200 0 : goto do_query;
1201 :
1202 0 : status = centry->status;
1203 :
1204 0 : if (!NT_STATUS_IS_OK(status)) {
1205 0 : centry_free(centry);
1206 0 : return status;
1207 : }
1208 :
1209 0 : *name = centry_string( centry, mem_ctx );
1210 :
1211 0 : centry_free(centry);
1212 :
1213 0 : DEBUG(10,("resolve_alias_to_username: [Cached] - mapped %s to %s\n",
1214 : alias, *name ? *name : "(none)"));
1215 :
1216 0 : return (*name) ? NT_STATUS_OK : NT_STATUS_OBJECT_NAME_NOT_FOUND;
1217 :
1218 0 : do_query:
1219 :
1220 : /* If its not in cache and we are offline, then fail */
1221 :
1222 0 : if (is_domain_offline(domain)) {
1223 0 : DEBUG(8,("resolve_alias_to_username: rejecting query "
1224 : "in offline mode\n"));
1225 0 : return NT_STATUS_NOT_FOUND;
1226 : }
1227 :
1228 : /* an alias cannot contain a domain prefix or '@' */
1229 :
1230 0 : if (strchr(alias, '\\') || strchr(alias, '@')) {
1231 0 : DEBUG(10,("resolve_alias_to_username: skipping fully "
1232 : "qualified name %s\n", alias));
1233 0 : return NT_STATUS_OBJECT_NAME_INVALID;
1234 : }
1235 :
1236 0 : status = nss_map_from_alias( mem_ctx, domain->name, alias, name );
1237 :
1238 0 : if ( NT_STATUS_IS_OK( status ) ) {
1239 0 : wcache_save_alias_username( domain, status, alias, *name );
1240 : }
1241 :
1242 0 : if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
1243 0 : wcache_save_alias_username(domain, status, alias, "(NULL)");
1244 : }
1245 :
1246 0 : DEBUG(5,("resolve_alias_to_username: backend query returned %s\n",
1247 : nt_errstr(status)));
1248 :
1249 0 : if ( NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) ) {
1250 0 : set_domain_offline( domain );
1251 : }
1252 :
1253 0 : return status;
1254 : }
1255 :
1256 0 : NTSTATUS wcache_cached_creds_exist(struct winbindd_domain *domain, const struct dom_sid *sid)
1257 : {
1258 0 : struct winbind_cache *cache = get_cache(domain);
1259 : int ret;
1260 : struct dom_sid_buf tmp;
1261 : fstring key_str;
1262 : uint32_t rid;
1263 :
1264 0 : if (!cache->tdb) {
1265 0 : return NT_STATUS_INTERNAL_DB_ERROR;
1266 : }
1267 :
1268 0 : if (is_null_sid(sid)) {
1269 0 : return NT_STATUS_INVALID_SID;
1270 : }
1271 :
1272 0 : if (!(sid_peek_rid(sid, &rid)) || (rid == 0)) {
1273 0 : return NT_STATUS_INVALID_SID;
1274 : }
1275 :
1276 0 : fstr_sprintf(key_str, "CRED/%s", dom_sid_str_buf(sid, &tmp));
1277 :
1278 0 : ret = tdb_exists(cache->tdb, string_tdb_data(key_str));
1279 0 : if (ret != 1) {
1280 0 : return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1281 : }
1282 :
1283 0 : return NT_STATUS_OK;
1284 : }
1285 :
1286 : /* Lookup creds for a SID - copes with old (unsalted) creds as well
1287 : as new salted ones. */
1288 :
1289 0 : NTSTATUS wcache_get_creds(struct winbindd_domain *domain,
1290 : TALLOC_CTX *mem_ctx,
1291 : const struct dom_sid *sid,
1292 : const uint8_t **cached_nt_pass,
1293 : const uint8_t **cached_salt)
1294 : {
1295 0 : struct winbind_cache *cache = get_cache(domain);
1296 0 : struct cache_entry *centry = NULL;
1297 : NTSTATUS status;
1298 : uint32_t rid;
1299 : struct dom_sid_buf sidstr;
1300 :
1301 0 : if (!cache->tdb) {
1302 0 : return NT_STATUS_INTERNAL_DB_ERROR;
1303 : }
1304 :
1305 0 : if (is_null_sid(sid)) {
1306 0 : return NT_STATUS_INVALID_SID;
1307 : }
1308 :
1309 0 : if (!(sid_peek_rid(sid, &rid)) || (rid == 0)) {
1310 0 : return NT_STATUS_INVALID_SID;
1311 : }
1312 :
1313 : /* Try and get a salted cred first. If we can't
1314 : fall back to an unsalted cred. */
1315 :
1316 0 : centry = wcache_fetch(cache, domain, "CRED/%s",
1317 : dom_sid_str_buf(sid, &sidstr));
1318 0 : if (!centry) {
1319 0 : DEBUG(10,("wcache_get_creds: entry for [CRED/%s] not found\n",
1320 : dom_sid_str_buf(sid, &sidstr)));
1321 0 : return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1322 : }
1323 :
1324 : /*
1325 : * We don't use the time element at this moment,
1326 : * but we have to consume it, so that we don't
1327 : * neet to change the disk format of the cache.
1328 : */
1329 0 : (void)centry_time(centry);
1330 :
1331 : /* In the salted case this isn't actually the nt_hash itself,
1332 : but the MD5 of the salt + nt_hash. Let the caller
1333 : sort this out. It can tell as we only return the cached_salt
1334 : if we are returning a salted cred. */
1335 :
1336 0 : *cached_nt_pass = (const uint8_t *)centry_hash16(centry, mem_ctx);
1337 0 : if (*cached_nt_pass == NULL) {
1338 :
1339 0 : dom_sid_str_buf(sid, &sidstr);
1340 :
1341 : /* Bad (old) cred cache. Delete and pretend we
1342 : don't have it. */
1343 0 : DEBUG(0,("wcache_get_creds: bad entry for [CRED/%s] - deleting\n",
1344 : sidstr.buf));
1345 0 : wcache_delete("CRED/%s", sidstr.buf);
1346 0 : centry_free(centry);
1347 0 : return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1348 : }
1349 :
1350 : /* We only have 17 bytes more data in the salted cred case. */
1351 0 : if (centry->len - centry->ofs == 17) {
1352 0 : *cached_salt = (const uint8_t *)centry_hash16(centry, mem_ctx);
1353 : } else {
1354 0 : *cached_salt = NULL;
1355 : }
1356 :
1357 0 : dump_data_pw("cached_nt_pass", *cached_nt_pass, NT_HASH_LEN);
1358 0 : if (*cached_salt) {
1359 0 : dump_data_pw("cached_salt", *cached_salt, NT_HASH_LEN);
1360 : }
1361 :
1362 0 : status = centry->status;
1363 :
1364 0 : DEBUG(10,("wcache_get_creds: [Cached] - cached creds for user %s status: %s\n",
1365 : dom_sid_str_buf(sid, &sidstr),
1366 : nt_errstr(status) ));
1367 :
1368 0 : centry_free(centry);
1369 0 : return status;
1370 : }
1371 :
1372 : /* Store creds for a SID - only writes out new salted ones. */
1373 :
1374 0 : NTSTATUS wcache_save_creds(struct winbindd_domain *domain,
1375 : const struct dom_sid *sid,
1376 : const uint8_t nt_pass[NT_HASH_LEN])
1377 : {
1378 : struct cache_entry *centry;
1379 : struct dom_sid_buf sid_str;
1380 : uint32_t rid;
1381 : uint8_t cred_salt[NT_HASH_LEN];
1382 : uint8_t salted_hash[NT_HASH_LEN];
1383 0 : gnutls_hash_hd_t hash_hnd = NULL;
1384 : int rc;
1385 :
1386 0 : if (is_null_sid(sid)) {
1387 0 : return NT_STATUS_INVALID_SID;
1388 : }
1389 :
1390 0 : if (!(sid_peek_rid(sid, &rid)) || (rid == 0)) {
1391 0 : return NT_STATUS_INVALID_SID;
1392 : }
1393 :
1394 0 : centry = centry_start(domain, NT_STATUS_OK);
1395 0 : if (!centry) {
1396 0 : return NT_STATUS_INTERNAL_DB_ERROR;
1397 : }
1398 :
1399 0 : dump_data_pw("nt_pass", nt_pass, NT_HASH_LEN);
1400 :
1401 0 : centry_put_time(centry, time(NULL));
1402 :
1403 : /* Create a salt and then salt the hash. */
1404 0 : generate_random_buffer(cred_salt, NT_HASH_LEN);
1405 :
1406 0 : rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
1407 0 : if (rc < 0) {
1408 0 : centry_free(centry);
1409 0 : return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
1410 : }
1411 :
1412 0 : rc = gnutls_hash(hash_hnd, cred_salt, 16);
1413 0 : if (rc < 0) {
1414 0 : gnutls_hash_deinit(hash_hnd, NULL);
1415 0 : centry_free(centry);
1416 0 : return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
1417 : }
1418 0 : rc = gnutls_hash(hash_hnd, nt_pass, 16);
1419 0 : if (rc < 0) {
1420 0 : gnutls_hash_deinit(hash_hnd, NULL);
1421 0 : centry_free(centry);
1422 0 : return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
1423 : }
1424 0 : gnutls_hash_deinit(hash_hnd, salted_hash);
1425 :
1426 0 : centry_put_hash16(centry, salted_hash);
1427 0 : centry_put_hash16(centry, cred_salt);
1428 0 : centry_end(centry, "CRED/%s", dom_sid_str_buf(sid, &sid_str));
1429 :
1430 0 : DEBUG(10,("wcache_save_creds: %s\n", sid_str.buf));
1431 :
1432 0 : centry_free(centry);
1433 :
1434 0 : return NT_STATUS_OK;
1435 : }
1436 :
1437 :
1438 : /* Query display info. This is the basic user list fn */
1439 0 : NTSTATUS wb_cache_query_user_list(struct winbindd_domain *domain,
1440 : TALLOC_CTX *mem_ctx,
1441 : uint32_t **prids)
1442 : {
1443 0 : struct winbind_cache *cache = get_cache(domain);
1444 0 : struct cache_entry *centry = NULL;
1445 0 : uint32_t num_rids = 0;
1446 0 : uint32_t *rids = NULL;
1447 : NTSTATUS status;
1448 : unsigned int i, retry;
1449 0 : bool old_status = domain->online;
1450 :
1451 0 : *prids = NULL;
1452 :
1453 0 : if (!cache->tdb)
1454 0 : goto do_query;
1455 :
1456 0 : centry = wcache_fetch(cache, domain, "UL/%s", domain->name);
1457 0 : if (!centry)
1458 0 : goto do_query;
1459 :
1460 0 : do_fetch_cache:
1461 0 : num_rids = centry_uint32(centry);
1462 :
1463 0 : if (num_rids == 0) {
1464 0 : goto do_cached;
1465 : }
1466 :
1467 0 : rids = talloc_array(mem_ctx, uint32_t, num_rids);
1468 0 : if (rids == NULL) {
1469 0 : centry_free(centry);
1470 0 : return NT_STATUS_NO_MEMORY;
1471 : }
1472 :
1473 0 : for (i=0; i<num_rids; i++) {
1474 0 : rids[i] = centry_uint32(centry);
1475 : }
1476 :
1477 0 : do_cached:
1478 0 : status = centry->status;
1479 :
1480 0 : DEBUG(10,("query_user_list: [Cached] - cached list for domain %s status: %s\n",
1481 : domain->name, nt_errstr(status) ));
1482 :
1483 0 : centry_free(centry);
1484 0 : return status;
1485 :
1486 0 : do_query:
1487 :
1488 : /* Put the query_user_list() in a retry loop. There appears to be
1489 : * some bug either with Windows 2000 or Samba's handling of large
1490 : * rpc replies. This manifests itself as sudden disconnection
1491 : * at a random point in the enumeration of a large (60k) user list.
1492 : * The retry loop simply tries the operation again. )-: It's not
1493 : * pretty but an acceptable workaround until we work out what the
1494 : * real problem is. */
1495 :
1496 0 : retry = 0;
1497 : do {
1498 :
1499 0 : DEBUG(10,("query_user_list: [Cached] - doing backend query for list for domain %s\n",
1500 : domain->name ));
1501 :
1502 0 : rids = NULL;
1503 0 : status = domain->backend->query_user_list(domain, mem_ctx,
1504 : &rids);
1505 0 : num_rids = talloc_array_length(rids);
1506 :
1507 0 : if (!NT_STATUS_IS_OK(status)) {
1508 0 : DEBUG(3, ("query_user_list: returned 0x%08x, "
1509 : "retrying\n", NT_STATUS_V(status)));
1510 : }
1511 0 : reset_cm_connection_on_error(domain, NULL, status);
1512 0 : if (NT_STATUS_EQUAL(status, NT_STATUS_UNSUCCESSFUL)) {
1513 0 : DEBUG(3, ("query_user_list: flushing "
1514 : "connection cache\n"));
1515 0 : invalidate_cm_connection(domain);
1516 : }
1517 0 : if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
1518 0 : NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
1519 0 : if (!domain->internal && old_status) {
1520 0 : set_domain_offline(domain);
1521 : }
1522 : /* store partial response. */
1523 0 : if (num_rids > 0) {
1524 : /*
1525 : * humm, what about the status used for cache?
1526 : * Should it be NT_STATUS_OK?
1527 : */
1528 0 : break;
1529 : }
1530 : /*
1531 : * domain is offline now, and there is no user entries,
1532 : * try to fetch from cache again.
1533 : */
1534 0 : if (cache->tdb && !domain->online && !domain->internal && old_status) {
1535 0 : centry = wcache_fetch(cache, domain, "UL/%s", domain->name);
1536 : /* partial response... */
1537 0 : if (!centry) {
1538 0 : goto skip_save;
1539 : } else {
1540 0 : goto do_fetch_cache;
1541 : }
1542 : } else {
1543 0 : goto skip_save;
1544 : }
1545 : }
1546 :
1547 0 : } while (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) &&
1548 0 : (retry++ < 5));
1549 :
1550 : /* and save it */
1551 0 : refresh_sequence_number(domain);
1552 0 : if (!NT_STATUS_IS_OK(status)) {
1553 0 : return status;
1554 : }
1555 0 : centry = centry_start(domain, status);
1556 0 : if (!centry)
1557 0 : goto skip_save;
1558 0 : centry_put_uint32(centry, num_rids);
1559 0 : for (i=0; i<num_rids; i++) {
1560 0 : centry_put_uint32(centry, rids[i]);
1561 : }
1562 0 : centry_end(centry, "UL/%s", domain->name);
1563 0 : centry_free(centry);
1564 :
1565 0 : *prids = rids;
1566 :
1567 0 : skip_save:
1568 0 : return status;
1569 : }
1570 :
1571 : /* list all domain groups */
1572 0 : NTSTATUS wb_cache_enum_dom_groups(struct winbindd_domain *domain,
1573 : TALLOC_CTX *mem_ctx,
1574 : uint32_t *num_entries,
1575 : struct wb_acct_info **info)
1576 : {
1577 0 : struct winbind_cache *cache = get_cache(domain);
1578 0 : struct cache_entry *centry = NULL;
1579 : NTSTATUS status;
1580 : unsigned int i;
1581 : bool old_status;
1582 :
1583 0 : old_status = domain->online;
1584 0 : if (!cache->tdb)
1585 0 : goto do_query;
1586 :
1587 0 : centry = wcache_fetch(cache, domain, "GL/%s/domain", domain->name);
1588 0 : if (!centry)
1589 0 : goto do_query;
1590 :
1591 0 : do_fetch_cache:
1592 0 : *num_entries = centry_uint32(centry);
1593 :
1594 0 : if (*num_entries == 0)
1595 0 : goto do_cached;
1596 :
1597 0 : (*info) = talloc_array(mem_ctx, struct wb_acct_info, *num_entries);
1598 0 : if (! (*info)) {
1599 0 : smb_panic_fn("enum_dom_groups out of memory");
1600 : }
1601 0 : for (i=0; i<(*num_entries); i++) {
1602 0 : (*info)[i].acct_name = centry_string(centry, (*info));
1603 0 : (*info)[i].acct_desc = centry_string(centry, (*info));
1604 0 : (*info)[i].rid = centry_uint32(centry);
1605 : }
1606 :
1607 0 : do_cached:
1608 0 : status = centry->status;
1609 :
1610 0 : DEBUG(10,("enum_dom_groups: [Cached] - cached list for domain %s status: %s\n",
1611 : domain->name, nt_errstr(status) ));
1612 :
1613 0 : centry_free(centry);
1614 0 : return status;
1615 :
1616 0 : do_query:
1617 0 : *num_entries = 0;
1618 0 : *info = NULL;
1619 :
1620 0 : DEBUG(10,("enum_dom_groups: [Cached] - doing backend query for list for domain %s\n",
1621 : domain->name ));
1622 :
1623 0 : status = domain->backend->enum_dom_groups(domain, mem_ctx, num_entries, info);
1624 :
1625 0 : if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
1626 0 : NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
1627 0 : if (!domain->internal && old_status) {
1628 0 : set_domain_offline(domain);
1629 : }
1630 0 : if (cache->tdb &&
1631 0 : !domain->online &&
1632 0 : !domain->internal &&
1633 : old_status) {
1634 0 : centry = wcache_fetch(cache, domain, "GL/%s/domain", domain->name);
1635 0 : if (centry) {
1636 0 : goto do_fetch_cache;
1637 : }
1638 : }
1639 : }
1640 : /* and save it */
1641 0 : refresh_sequence_number(domain);
1642 0 : if (!NT_STATUS_IS_OK(status)) {
1643 0 : return status;
1644 : }
1645 0 : centry = centry_start(domain, status);
1646 0 : if (!centry)
1647 0 : goto skip_save;
1648 0 : centry_put_uint32(centry, *num_entries);
1649 0 : for (i=0; i<(*num_entries); i++) {
1650 0 : centry_put_string(centry, (*info)[i].acct_name);
1651 0 : centry_put_string(centry, (*info)[i].acct_desc);
1652 0 : centry_put_uint32(centry, (*info)[i].rid);
1653 : }
1654 0 : centry_end(centry, "GL/%s/domain", domain->name);
1655 0 : centry_free(centry);
1656 :
1657 0 : skip_save:
1658 0 : return status;
1659 : }
1660 :
1661 : /* list all domain groups */
1662 0 : NTSTATUS wb_cache_enum_local_groups(struct winbindd_domain *domain,
1663 : TALLOC_CTX *mem_ctx,
1664 : uint32_t *num_entries,
1665 : struct wb_acct_info **info)
1666 : {
1667 0 : struct winbind_cache *cache = get_cache(domain);
1668 0 : struct cache_entry *centry = NULL;
1669 : NTSTATUS status;
1670 : unsigned int i;
1671 : bool old_status;
1672 :
1673 0 : old_status = domain->online;
1674 0 : if (!cache->tdb)
1675 0 : goto do_query;
1676 :
1677 0 : centry = wcache_fetch(cache, domain, "GL/%s/local", domain->name);
1678 0 : if (!centry)
1679 0 : goto do_query;
1680 :
1681 0 : do_fetch_cache:
1682 0 : *num_entries = centry_uint32(centry);
1683 :
1684 0 : if (*num_entries == 0)
1685 0 : goto do_cached;
1686 :
1687 0 : (*info) = talloc_array(mem_ctx, struct wb_acct_info, *num_entries);
1688 0 : if (! (*info)) {
1689 0 : smb_panic_fn("enum_dom_groups out of memory");
1690 : }
1691 0 : for (i=0; i<(*num_entries); i++) {
1692 0 : (*info)[i].acct_name = centry_string(centry, (*info));
1693 0 : (*info)[i].acct_desc = centry_string(centry, (*info));
1694 0 : (*info)[i].rid = centry_uint32(centry);
1695 : }
1696 :
1697 0 : do_cached:
1698 :
1699 : /* If we are returning cached data and the domain controller
1700 : is down then we don't know whether the data is up to date
1701 : or not. Return NT_STATUS_MORE_PROCESSING_REQUIRED to
1702 : indicate this. */
1703 :
1704 0 : if (wcache_server_down(domain)) {
1705 0 : DEBUG(10, ("enum_local_groups: returning cached user list and server was down\n"));
1706 0 : status = NT_STATUS_MORE_PROCESSING_REQUIRED;
1707 : } else
1708 0 : status = centry->status;
1709 :
1710 0 : DEBUG(10,("enum_local_groups: [Cached] - cached list for domain %s status: %s\n",
1711 : domain->name, nt_errstr(status) ));
1712 :
1713 0 : centry_free(centry);
1714 0 : return status;
1715 :
1716 0 : do_query:
1717 0 : *num_entries = 0;
1718 0 : *info = NULL;
1719 :
1720 0 : DEBUG(10,("enum_local_groups: [Cached] - doing backend query for list for domain %s\n",
1721 : domain->name ));
1722 :
1723 0 : status = domain->backend->enum_local_groups(domain, mem_ctx, num_entries, info);
1724 :
1725 0 : if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
1726 0 : NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
1727 0 : if (!domain->internal && old_status) {
1728 0 : set_domain_offline(domain);
1729 : }
1730 0 : if (cache->tdb &&
1731 0 : !domain->internal &&
1732 0 : !domain->online &&
1733 : old_status) {
1734 0 : centry = wcache_fetch(cache, domain, "GL/%s/local", domain->name);
1735 0 : if (centry) {
1736 0 : goto do_fetch_cache;
1737 : }
1738 : }
1739 : }
1740 : /* and save it */
1741 0 : refresh_sequence_number(domain);
1742 0 : if (!NT_STATUS_IS_OK(status)) {
1743 0 : return status;
1744 : }
1745 0 : centry = centry_start(domain, status);
1746 0 : if (!centry)
1747 0 : goto skip_save;
1748 0 : centry_put_uint32(centry, *num_entries);
1749 0 : for (i=0; i<(*num_entries); i++) {
1750 0 : centry_put_string(centry, (*info)[i].acct_name);
1751 0 : centry_put_string(centry, (*info)[i].acct_desc);
1752 0 : centry_put_uint32(centry, (*info)[i].rid);
1753 : }
1754 0 : centry_end(centry, "GL/%s/local", domain->name);
1755 0 : centry_free(centry);
1756 :
1757 0 : skip_save:
1758 0 : return status;
1759 : }
1760 :
1761 : struct wcache_name_to_sid_state {
1762 : struct dom_sid *sid;
1763 : enum lsa_SidType *type;
1764 : bool offline;
1765 : bool found;
1766 : };
1767 :
1768 0 : static void wcache_name_to_sid_fn(const struct dom_sid *sid,
1769 : enum lsa_SidType type,
1770 : bool expired,
1771 : void *private_data)
1772 : {
1773 0 : struct wcache_name_to_sid_state *state = private_data;
1774 :
1775 0 : *state->sid = *sid;
1776 0 : *state->type = type;
1777 0 : state->found = (!expired || state->offline);
1778 0 : }
1779 :
1780 0 : static NTSTATUS wcache_name_to_sid(struct winbindd_domain *domain,
1781 : const char *domain_name,
1782 : const char *name,
1783 : struct dom_sid *sid,
1784 : enum lsa_SidType *type)
1785 : {
1786 0 : struct wcache_name_to_sid_state state = {
1787 : .sid = sid, .type = type, .found = false,
1788 0 : .offline = is_domain_offline(domain),
1789 : };
1790 : bool ok;
1791 :
1792 0 : ok = namemap_cache_find_name(domain_name, name, wcache_name_to_sid_fn,
1793 : &state);
1794 0 : if (!ok) {
1795 0 : DBG_DEBUG("namemap_cache_find_name failed\n");
1796 0 : return NT_STATUS_NOT_FOUND;
1797 : }
1798 0 : if (!state.found) {
1799 0 : DBG_DEBUG("cache entry not found\n");
1800 0 : return NT_STATUS_NOT_FOUND;
1801 : }
1802 0 : if (*type == SID_NAME_UNKNOWN) {
1803 0 : return NT_STATUS_NONE_MAPPED;
1804 : }
1805 :
1806 0 : return NT_STATUS_OK;
1807 : }
1808 :
1809 : /* convert a single name to a sid in a domain */
1810 0 : NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain,
1811 : TALLOC_CTX *mem_ctx,
1812 : const char *domain_name,
1813 : const char *name,
1814 : uint32_t flags,
1815 : struct dom_sid *sid,
1816 : enum lsa_SidType *type)
1817 : {
1818 : NTSTATUS status;
1819 : bool old_status;
1820 : const char *dom_name;
1821 :
1822 0 : old_status = domain->online;
1823 :
1824 0 : status = wcache_name_to_sid(domain, domain_name, name, sid, type);
1825 0 : if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
1826 0 : return status;
1827 : }
1828 :
1829 0 : ZERO_STRUCTP(sid);
1830 :
1831 0 : DEBUG(10,("name_to_sid: [Cached] - doing backend query for name for domain %s\n",
1832 : domain->name ));
1833 :
1834 0 : winbindd_domain_init_backend(domain);
1835 0 : status = domain->backend->name_to_sid(domain, mem_ctx, domain_name,
1836 : name, flags, &dom_name, sid, type);
1837 :
1838 0 : if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
1839 0 : NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
1840 0 : if (!domain->internal && old_status) {
1841 0 : set_domain_offline(domain);
1842 : }
1843 0 : if (!domain->internal &&
1844 0 : !domain->online &&
1845 : old_status) {
1846 : NTSTATUS cache_status;
1847 0 : cache_status = wcache_name_to_sid(domain, domain_name, name, sid, type);
1848 0 : return cache_status;
1849 : }
1850 : }
1851 : /* and save it */
1852 :
1853 0 : if (domain->online &&
1854 0 : (NT_STATUS_IS_OK(status) || NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED))) {
1855 0 : enum lsa_SidType save_type = *type;
1856 :
1857 0 : if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
1858 0 : save_type = SID_NAME_UNKNOWN;
1859 : }
1860 :
1861 0 : wcache_save_name_to_sid(domain, status, domain_name, name, sid,
1862 : save_type);
1863 :
1864 : /* Only save the reverse mapping if this was not a UPN */
1865 0 : if (!strchr(name, '@')) {
1866 0 : if (!strupper_m(discard_const_p(char, domain_name))) {
1867 0 : return NT_STATUS_INVALID_PARAMETER;
1868 : }
1869 0 : (void)strlower_m(discard_const_p(char, name));
1870 0 : wcache_save_sid_to_name(domain, status, sid,
1871 : dom_name, name, save_type);
1872 : }
1873 : }
1874 :
1875 0 : return status;
1876 : }
1877 :
1878 : struct wcache_sid_to_name_state {
1879 : TALLOC_CTX *mem_ctx;
1880 : char **domain_name;
1881 : char **name;
1882 : enum lsa_SidType *type;
1883 : bool offline;
1884 : bool found;
1885 : };
1886 :
1887 0 : static void wcache_sid_to_name_fn(const char *domain,
1888 : const char *name,
1889 : enum lsa_SidType type,
1890 : bool expired,
1891 : void *private_data)
1892 : {
1893 0 : struct wcache_sid_to_name_state *state = private_data;
1894 :
1895 0 : *state->domain_name = talloc_strdup(state->mem_ctx, domain);
1896 0 : if (*state->domain_name == NULL) {
1897 0 : return;
1898 : }
1899 0 : *state->name = talloc_strdup(state->mem_ctx, name);
1900 0 : if (*state->name == NULL) {
1901 0 : return;
1902 : }
1903 0 : *state->type = type;
1904 0 : state->found = (!expired || state->offline);
1905 : }
1906 :
1907 0 : static NTSTATUS wcache_sid_to_name(struct winbindd_domain *domain,
1908 : const struct dom_sid *sid,
1909 : TALLOC_CTX *mem_ctx,
1910 : char **domain_name,
1911 : char **name,
1912 : enum lsa_SidType *type)
1913 : {
1914 0 : struct wcache_sid_to_name_state state = {
1915 : .mem_ctx = mem_ctx, .found = false,
1916 : .domain_name = domain_name, .name = name, .type = type,
1917 0 : .offline = is_domain_offline(domain)
1918 : };
1919 : bool ok;
1920 :
1921 0 : ok = namemap_cache_find_sid(sid, wcache_sid_to_name_fn, &state);
1922 0 : if (!ok) {
1923 0 : DBG_DEBUG("namemap_cache_find_name failed\n");
1924 0 : return NT_STATUS_NOT_FOUND;
1925 : }
1926 0 : if (!state.found) {
1927 0 : DBG_DEBUG("cache entry not found\n");
1928 0 : return NT_STATUS_NOT_FOUND;
1929 : }
1930 0 : if (*type == SID_NAME_UNKNOWN) {
1931 0 : return NT_STATUS_NONE_MAPPED;
1932 : }
1933 :
1934 0 : return NT_STATUS_OK;
1935 : }
1936 :
1937 : /* convert a sid to a user or group name. The sid is guaranteed to be in the domain
1938 : given */
1939 0 : NTSTATUS wb_cache_sid_to_name(struct winbindd_domain *domain,
1940 : TALLOC_CTX *mem_ctx,
1941 : const struct dom_sid *sid,
1942 : char **domain_name,
1943 : char **name,
1944 : enum lsa_SidType *type)
1945 : {
1946 : NTSTATUS status;
1947 : bool old_status;
1948 :
1949 0 : old_status = domain->online;
1950 0 : status = wcache_sid_to_name(domain, sid, mem_ctx, domain_name, name,
1951 : type);
1952 0 : if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
1953 0 : return status;
1954 : }
1955 :
1956 0 : *name = NULL;
1957 0 : *domain_name = NULL;
1958 :
1959 0 : DEBUG(10,("sid_to_name: [Cached] - doing backend query for name for domain %s\n",
1960 : domain->name ));
1961 :
1962 0 : winbindd_domain_init_backend(domain);
1963 :
1964 0 : status = domain->backend->sid_to_name(domain, mem_ctx, sid, domain_name, name, type);
1965 :
1966 0 : if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
1967 0 : NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
1968 0 : if (!domain->internal && old_status) {
1969 0 : set_domain_offline(domain);
1970 : }
1971 0 : if (!domain->internal &&
1972 0 : !domain->online &&
1973 : old_status) {
1974 : NTSTATUS cache_status;
1975 0 : cache_status = wcache_sid_to_name(domain, sid, mem_ctx,
1976 : domain_name, name, type);
1977 0 : return cache_status;
1978 : }
1979 : }
1980 : /* and save it */
1981 0 : if (!NT_STATUS_IS_OK(status)) {
1982 0 : return status;
1983 : }
1984 0 : wcache_save_sid_to_name(domain, status, sid, *domain_name, *name, *type);
1985 :
1986 : /* We can't save the name to sid mapping here, as with sid history a
1987 : * later name2sid would give the wrong sid. */
1988 :
1989 0 : return status;
1990 : }
1991 :
1992 0 : NTSTATUS wb_cache_rids_to_names(struct winbindd_domain *domain,
1993 : TALLOC_CTX *mem_ctx,
1994 : const struct dom_sid *domain_sid,
1995 : uint32_t *rids,
1996 : size_t num_rids,
1997 : char **domain_name,
1998 : char ***names,
1999 : enum lsa_SidType **types)
2000 : {
2001 0 : struct winbind_cache *cache = get_cache(domain);
2002 : size_t i;
2003 0 : NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2004 : bool have_mapped;
2005 : bool have_unmapped;
2006 : bool old_status;
2007 :
2008 0 : old_status = domain->online;
2009 0 : *domain_name = NULL;
2010 0 : *names = NULL;
2011 0 : *types = NULL;
2012 :
2013 0 : if (!cache->tdb) {
2014 0 : goto do_query;
2015 : }
2016 :
2017 0 : if (num_rids == 0) {
2018 0 : return NT_STATUS_OK;
2019 : }
2020 :
2021 0 : *names = talloc_array(mem_ctx, char *, num_rids);
2022 0 : *types = talloc_array(mem_ctx, enum lsa_SidType, num_rids);
2023 :
2024 0 : if ((*names == NULL) || (*types == NULL)) {
2025 0 : result = NT_STATUS_NO_MEMORY;
2026 0 : goto error;
2027 : }
2028 :
2029 0 : have_mapped = have_unmapped = false;
2030 :
2031 0 : for (i=0; i<num_rids; i++) {
2032 : struct dom_sid sid;
2033 : NTSTATUS status;
2034 : enum lsa_SidType type;
2035 : char *dom, *name;
2036 :
2037 0 : if (!sid_compose(&sid, domain_sid, rids[i])) {
2038 0 : result = NT_STATUS_INTERNAL_ERROR;
2039 0 : goto error;
2040 : }
2041 :
2042 0 : status = wcache_sid_to_name(domain, &sid, *names, &dom,
2043 : &name, &type);
2044 :
2045 0 : (*types)[i] = SID_NAME_UNKNOWN;
2046 0 : (*names)[i] = talloc_strdup(*names, "");
2047 :
2048 0 : if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
2049 : /* not cached */
2050 0 : goto do_query;
2051 : }
2052 :
2053 0 : if (NT_STATUS_IS_OK(status)) {
2054 0 : have_mapped = true;
2055 0 : (*types)[i] = type;
2056 :
2057 0 : if (*domain_name == NULL) {
2058 0 : *domain_name = dom;
2059 : } else {
2060 0 : TALLOC_FREE(dom);
2061 : }
2062 :
2063 0 : (*names)[i] = name;
2064 :
2065 0 : } else if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
2066 0 : have_unmapped = true;
2067 : } else {
2068 : /* something's definitely wrong */
2069 0 : result = status;
2070 0 : goto error;
2071 : }
2072 : }
2073 :
2074 0 : if (!have_mapped) {
2075 0 : return NT_STATUS_NONE_MAPPED;
2076 : }
2077 0 : if (!have_unmapped) {
2078 0 : return NT_STATUS_OK;
2079 : }
2080 0 : return STATUS_SOME_UNMAPPED;
2081 :
2082 0 : do_query:
2083 :
2084 0 : TALLOC_FREE(*names);
2085 0 : TALLOC_FREE(*types);
2086 :
2087 0 : result = domain->backend->rids_to_names(domain, mem_ctx, domain_sid,
2088 : rids, num_rids, domain_name,
2089 : names, types);
2090 :
2091 0 : if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT) ||
2092 0 : NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
2093 0 : if (!domain->internal && old_status) {
2094 0 : set_domain_offline(domain);
2095 : }
2096 0 : if (cache->tdb &&
2097 0 : !domain->internal &&
2098 0 : !domain->online &&
2099 : old_status) {
2100 0 : have_mapped = have_unmapped = false;
2101 :
2102 0 : *names = talloc_array(mem_ctx, char *, num_rids);
2103 0 : if (*names == NULL) {
2104 0 : result = NT_STATUS_NO_MEMORY;
2105 0 : goto error;
2106 : }
2107 :
2108 0 : *types = talloc_array(mem_ctx, enum lsa_SidType,
2109 : num_rids);
2110 0 : if (*types == NULL) {
2111 0 : result = NT_STATUS_NO_MEMORY;
2112 0 : goto error;
2113 : }
2114 :
2115 0 : for (i=0; i<num_rids; i++) {
2116 : struct dom_sid sid;
2117 : NTSTATUS status;
2118 : enum lsa_SidType type;
2119 : char *dom, *name;
2120 :
2121 0 : if (!sid_compose(&sid, domain_sid, rids[i])) {
2122 0 : result = NT_STATUS_INTERNAL_ERROR;
2123 0 : goto error;
2124 : }
2125 :
2126 0 : status = wcache_sid_to_name(domain, &sid,
2127 : *names, &dom,
2128 : &name, &type);
2129 :
2130 0 : (*types)[i] = SID_NAME_UNKNOWN;
2131 0 : (*names)[i] = talloc_strdup(*names, "");
2132 :
2133 0 : if (NT_STATUS_IS_OK(status)) {
2134 0 : have_mapped = true;
2135 0 : (*types)[i] = type;
2136 :
2137 0 : if (*domain_name == NULL) {
2138 0 : *domain_name = dom;
2139 : } else {
2140 0 : TALLOC_FREE(dom);
2141 : }
2142 :
2143 0 : (*names)[i] = name;
2144 :
2145 0 : } else if (NT_STATUS_EQUAL(
2146 : status,
2147 : NT_STATUS_NONE_MAPPED)) {
2148 0 : have_unmapped = true;
2149 : } else {
2150 : /* something's definitely wrong */
2151 0 : result = status;
2152 0 : goto error;
2153 : }
2154 : }
2155 :
2156 0 : if (!have_mapped) {
2157 0 : return NT_STATUS_NONE_MAPPED;
2158 : }
2159 0 : if (!have_unmapped) {
2160 0 : return NT_STATUS_OK;
2161 : }
2162 0 : return STATUS_SOME_UNMAPPED;
2163 : }
2164 : }
2165 : /*
2166 : None of the queried rids has been found so save all negative entries
2167 : */
2168 0 : if (NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED)) {
2169 0 : for (i = 0; i < num_rids; i++) {
2170 : struct dom_sid sid;
2171 0 : const char *name = "";
2172 0 : const enum lsa_SidType type = SID_NAME_UNKNOWN;
2173 0 : NTSTATUS status = NT_STATUS_NONE_MAPPED;
2174 :
2175 0 : if (!sid_compose(&sid, domain_sid, rids[i])) {
2176 0 : return NT_STATUS_INTERNAL_ERROR;
2177 : }
2178 :
2179 0 : wcache_save_sid_to_name(domain, status, &sid, *domain_name,
2180 : name, type);
2181 : }
2182 :
2183 0 : return result;
2184 : }
2185 :
2186 : /*
2187 : Some or all of the queried rids have been found.
2188 : */
2189 0 : if (!NT_STATUS_IS_OK(result) &&
2190 0 : !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
2191 0 : return result;
2192 : }
2193 :
2194 0 : refresh_sequence_number(domain);
2195 :
2196 0 : for (i=0; i<num_rids; i++) {
2197 : struct dom_sid sid;
2198 : NTSTATUS status;
2199 :
2200 0 : if (!sid_compose(&sid, domain_sid, rids[i])) {
2201 0 : result = NT_STATUS_INTERNAL_ERROR;
2202 0 : goto error;
2203 : }
2204 :
2205 0 : status = (*types)[i] == SID_NAME_UNKNOWN ?
2206 0 : NT_STATUS_NONE_MAPPED : NT_STATUS_OK;
2207 :
2208 0 : wcache_save_sid_to_name(domain, status, &sid, *domain_name,
2209 0 : (*names)[i], (*types)[i]);
2210 : }
2211 :
2212 0 : return result;
2213 :
2214 0 : error:
2215 0 : TALLOC_FREE(*names);
2216 0 : TALLOC_FREE(*types);
2217 0 : return result;
2218 : }
2219 :
2220 0 : static NTSTATUS wcache_query_user(struct winbindd_domain *domain,
2221 : TALLOC_CTX *mem_ctx,
2222 : const struct dom_sid *user_sid,
2223 : struct wbint_userinfo *info)
2224 : {
2225 0 : struct winbind_cache *cache = get_cache(domain);
2226 0 : struct cache_entry *centry = NULL;
2227 : NTSTATUS status;
2228 : struct dom_sid_buf sid_string;
2229 :
2230 0 : if (cache->tdb == NULL) {
2231 0 : return NT_STATUS_NOT_FOUND;
2232 : }
2233 :
2234 0 : centry = wcache_fetch(
2235 : cache, domain, "U/%s", dom_sid_str_buf(user_sid, &sid_string));
2236 0 : if (centry == NULL) {
2237 0 : return NT_STATUS_NOT_FOUND;
2238 : }
2239 :
2240 : /* if status is not ok then this is a negative hit
2241 : and the rest of the data doesn't matter */
2242 0 : status = centry->status;
2243 0 : if (NT_STATUS_IS_OK(status)) {
2244 0 : info->domain_name = centry_string(centry, mem_ctx);
2245 0 : info->acct_name = centry_string(centry, mem_ctx);
2246 0 : info->full_name = centry_string(centry, mem_ctx);
2247 0 : info->homedir = centry_string(centry, mem_ctx);
2248 0 : info->shell = centry_string(centry, mem_ctx);
2249 0 : info->uid = centry_uint32(centry);
2250 0 : info->primary_gid = centry_uint32(centry);
2251 0 : info->primary_group_name = centry_string(centry, mem_ctx);
2252 0 : centry_sid(centry, &info->user_sid);
2253 0 : centry_sid(centry, &info->group_sid);
2254 : }
2255 :
2256 0 : DEBUG(10,("query_user: [Cached] - cached info for domain %s status: "
2257 : "%s\n", domain->name, nt_errstr(status) ));
2258 :
2259 0 : centry_free(centry);
2260 0 : return status;
2261 : }
2262 :
2263 :
2264 : /**
2265 : * @brief Query a fullname from the username cache (for further gecos processing)
2266 : *
2267 : * @param domain A pointer to the winbindd_domain struct.
2268 : * @param mem_ctx The talloc context.
2269 : * @param user_sid The user sid.
2270 : * @param full_name A pointer to the full_name string.
2271 : *
2272 : * @return NTSTATUS code
2273 : */
2274 0 : NTSTATUS wcache_query_user_fullname(struct winbindd_domain *domain,
2275 : TALLOC_CTX *mem_ctx,
2276 : const struct dom_sid *user_sid,
2277 : const char **full_name)
2278 : {
2279 : NTSTATUS status;
2280 : struct wbint_userinfo info;
2281 :
2282 0 : status = wcache_query_user(domain, mem_ctx, user_sid, &info);
2283 0 : if (!NT_STATUS_IS_OK(status)) {
2284 0 : return status;
2285 : }
2286 :
2287 0 : if (info.full_name != NULL) {
2288 0 : *full_name = talloc_strdup(mem_ctx, info.full_name);
2289 0 : if (*full_name == NULL) {
2290 0 : return NT_STATUS_NO_MEMORY;
2291 : }
2292 : }
2293 :
2294 0 : return NT_STATUS_OK;
2295 : }
2296 :
2297 0 : static NTSTATUS wcache_lookup_usergroups(struct winbindd_domain *domain,
2298 : TALLOC_CTX *mem_ctx,
2299 : const struct dom_sid *user_sid,
2300 : uint32_t *pnum_sids,
2301 : struct dom_sid **psids)
2302 : {
2303 0 : struct winbind_cache *cache = get_cache(domain);
2304 0 : struct cache_entry *centry = NULL;
2305 : NTSTATUS status;
2306 : uint32_t i, num_sids;
2307 : struct dom_sid *sids;
2308 : struct dom_sid_buf sid_string;
2309 :
2310 0 : if (cache->tdb == NULL) {
2311 0 : return NT_STATUS_NOT_FOUND;
2312 : }
2313 :
2314 0 : centry = wcache_fetch(
2315 : cache,
2316 : domain,
2317 : "UG/%s",
2318 : dom_sid_str_buf(user_sid, &sid_string));
2319 0 : if (centry == NULL) {
2320 0 : return NT_STATUS_NOT_FOUND;
2321 : }
2322 :
2323 0 : num_sids = centry_uint32(centry);
2324 0 : sids = talloc_array(mem_ctx, struct dom_sid, num_sids);
2325 0 : if (sids == NULL) {
2326 0 : centry_free(centry);
2327 0 : return NT_STATUS_NO_MEMORY;
2328 : }
2329 :
2330 0 : for (i=0; i<num_sids; i++) {
2331 0 : centry_sid(centry, &sids[i]);
2332 : }
2333 :
2334 0 : status = centry->status;
2335 :
2336 0 : DEBUG(10,("lookup_usergroups: [Cached] - cached info for domain %s "
2337 : "status: %s\n", domain->name, nt_errstr(status)));
2338 :
2339 0 : centry_free(centry);
2340 :
2341 0 : *pnum_sids = num_sids;
2342 0 : *psids = sids;
2343 0 : return status;
2344 : }
2345 :
2346 : /* Lookup groups a user is a member of. */
2347 0 : NTSTATUS wb_cache_lookup_usergroups(struct winbindd_domain *domain,
2348 : TALLOC_CTX *mem_ctx,
2349 : const struct dom_sid *user_sid,
2350 : uint32_t *num_groups,
2351 : struct dom_sid **user_gids)
2352 : {
2353 0 : struct cache_entry *centry = NULL;
2354 : NTSTATUS status;
2355 : unsigned int i;
2356 : struct dom_sid_buf sid_string;
2357 : bool old_status;
2358 :
2359 0 : old_status = domain->online;
2360 0 : status = wcache_lookup_usergroups(domain, mem_ctx, user_sid,
2361 : num_groups, user_gids);
2362 0 : if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
2363 0 : return status;
2364 : }
2365 :
2366 0 : (*num_groups) = 0;
2367 0 : (*user_gids) = NULL;
2368 :
2369 0 : DEBUG(10,("lookup_usergroups: [Cached] - doing backend query for info for domain %s\n",
2370 : domain->name ));
2371 :
2372 0 : status = domain->backend->lookup_usergroups(domain, mem_ctx, user_sid, num_groups, user_gids);
2373 :
2374 0 : if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
2375 0 : NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
2376 0 : if (!domain->internal && old_status) {
2377 0 : set_domain_offline(domain);
2378 : }
2379 0 : if (!domain->internal &&
2380 0 : !domain->online &&
2381 : old_status) {
2382 : NTSTATUS cache_status;
2383 0 : cache_status = wcache_lookup_usergroups(domain, mem_ctx, user_sid,
2384 : num_groups, user_gids);
2385 0 : return cache_status;
2386 : }
2387 : }
2388 0 : if ( NT_STATUS_EQUAL(status, NT_STATUS_SYNCHRONIZATION_REQUIRED) )
2389 0 : goto skip_save;
2390 :
2391 : /* and save it */
2392 0 : refresh_sequence_number(domain);
2393 0 : if (!NT_STATUS_IS_OK(status)) {
2394 0 : return status;
2395 : }
2396 0 : centry = centry_start(domain, status);
2397 0 : if (!centry)
2398 0 : goto skip_save;
2399 :
2400 0 : centry_put_uint32(centry, *num_groups);
2401 0 : for (i=0; i<(*num_groups); i++) {
2402 0 : centry_put_sid(centry, &(*user_gids)[i]);
2403 : }
2404 :
2405 0 : centry_end(centry, "UG/%s", dom_sid_str_buf(user_sid, &sid_string));
2406 0 : centry_free(centry);
2407 :
2408 0 : skip_save:
2409 0 : return status;
2410 : }
2411 :
2412 0 : static char *wcache_make_sidlist(TALLOC_CTX *mem_ctx, uint32_t num_sids,
2413 : const struct dom_sid *sids)
2414 : {
2415 : uint32_t i;
2416 : char *sidlist;
2417 :
2418 0 : sidlist = talloc_strdup(mem_ctx, "");
2419 0 : if (sidlist == NULL) {
2420 0 : return NULL;
2421 : }
2422 0 : for (i=0; i<num_sids; i++) {
2423 : struct dom_sid_buf tmp;
2424 0 : sidlist = talloc_asprintf_append_buffer(
2425 : sidlist,
2426 : "/%s",
2427 0 : dom_sid_str_buf(&sids[i], &tmp));
2428 0 : if (sidlist == NULL) {
2429 0 : return NULL;
2430 : }
2431 : }
2432 0 : return sidlist;
2433 : }
2434 :
2435 0 : static NTSTATUS wcache_lookup_useraliases(struct winbindd_domain *domain,
2436 : TALLOC_CTX *mem_ctx,
2437 : uint32_t num_sids,
2438 : const struct dom_sid *sids,
2439 : uint32_t *pnum_aliases,
2440 : uint32_t **paliases)
2441 : {
2442 0 : struct winbind_cache *cache = get_cache(domain);
2443 0 : struct cache_entry *centry = NULL;
2444 : uint32_t i, num_aliases;
2445 : uint32_t *aliases;
2446 : NTSTATUS status;
2447 : char *sidlist;
2448 :
2449 0 : if (cache->tdb == NULL) {
2450 0 : return NT_STATUS_NOT_FOUND;
2451 : }
2452 :
2453 0 : if (num_sids == 0) {
2454 0 : *pnum_aliases = 0;
2455 0 : *paliases = NULL;
2456 0 : return NT_STATUS_OK;
2457 : }
2458 :
2459 : /* We need to cache indexed by the whole list of SIDs, the aliases
2460 : * resulting might come from any of the SIDs. */
2461 :
2462 0 : sidlist = wcache_make_sidlist(talloc_tos(), num_sids, sids);
2463 0 : if (sidlist == NULL) {
2464 0 : return NT_STATUS_NO_MEMORY;
2465 : }
2466 :
2467 0 : centry = wcache_fetch(cache, domain, "UA%s", sidlist);
2468 0 : TALLOC_FREE(sidlist);
2469 0 : if (centry == NULL) {
2470 0 : return NT_STATUS_NOT_FOUND;
2471 : }
2472 :
2473 0 : num_aliases = centry_uint32(centry);
2474 0 : aliases = talloc_array(mem_ctx, uint32_t, num_aliases);
2475 0 : if (aliases == NULL) {
2476 0 : centry_free(centry);
2477 0 : return NT_STATUS_NO_MEMORY;
2478 : }
2479 :
2480 0 : for (i=0; i<num_aliases; i++) {
2481 0 : aliases[i] = centry_uint32(centry);
2482 : }
2483 :
2484 0 : status = centry->status;
2485 :
2486 0 : DEBUG(10,("lookup_useraliases: [Cached] - cached info for domain: %s "
2487 : "status %s\n", domain->name, nt_errstr(status)));
2488 :
2489 0 : centry_free(centry);
2490 :
2491 0 : *pnum_aliases = num_aliases;
2492 0 : *paliases = aliases;
2493 :
2494 0 : return status;
2495 : }
2496 :
2497 0 : NTSTATUS wb_cache_lookup_useraliases(struct winbindd_domain *domain,
2498 : TALLOC_CTX *mem_ctx,
2499 : uint32_t num_sids,
2500 : const struct dom_sid *sids,
2501 : uint32_t *num_aliases,
2502 : uint32_t **alias_rids)
2503 : {
2504 0 : struct cache_entry *centry = NULL;
2505 : NTSTATUS status;
2506 : char *sidlist;
2507 : uint32_t i;
2508 : bool old_status;
2509 :
2510 0 : old_status = domain->online;
2511 0 : status = wcache_lookup_useraliases(domain, mem_ctx, num_sids, sids,
2512 : num_aliases, alias_rids);
2513 0 : if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
2514 0 : return status;
2515 : }
2516 :
2517 0 : (*num_aliases) = 0;
2518 0 : (*alias_rids) = NULL;
2519 :
2520 0 : DEBUG(10,("lookup_usergroups: [Cached] - doing backend query for info "
2521 : "for domain %s\n", domain->name ));
2522 :
2523 0 : sidlist = wcache_make_sidlist(talloc_tos(), num_sids, sids);
2524 0 : if (sidlist == NULL) {
2525 0 : return NT_STATUS_NO_MEMORY;
2526 : }
2527 :
2528 0 : status = domain->backend->lookup_useraliases(domain, mem_ctx,
2529 : num_sids, sids,
2530 : num_aliases, alias_rids);
2531 :
2532 0 : if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
2533 0 : NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
2534 0 : if (!domain->internal && old_status) {
2535 0 : set_domain_offline(domain);
2536 : }
2537 0 : if (!domain->internal &&
2538 0 : !domain->online &&
2539 : old_status) {
2540 : NTSTATUS cache_status;
2541 0 : cache_status = wcache_lookup_useraliases(domain, mem_ctx, num_sids,
2542 : sids, num_aliases, alias_rids);
2543 0 : return cache_status;
2544 : }
2545 : }
2546 : /* and save it */
2547 0 : refresh_sequence_number(domain);
2548 0 : if (!NT_STATUS_IS_OK(status)) {
2549 0 : return status;
2550 : }
2551 0 : centry = centry_start(domain, status);
2552 0 : if (!centry)
2553 0 : goto skip_save;
2554 0 : centry_put_uint32(centry, *num_aliases);
2555 0 : for (i=0; i<(*num_aliases); i++)
2556 0 : centry_put_uint32(centry, (*alias_rids)[i]);
2557 0 : centry_end(centry, "UA%s", sidlist);
2558 0 : centry_free(centry);
2559 :
2560 0 : skip_save:
2561 0 : return status;
2562 : }
2563 :
2564 0 : static NTSTATUS wcache_lookup_groupmem(struct winbindd_domain *domain,
2565 : TALLOC_CTX *mem_ctx,
2566 : const struct dom_sid *group_sid,
2567 : uint32_t *num_names,
2568 : struct dom_sid **sid_mem, char ***names,
2569 : uint32_t **name_types)
2570 : {
2571 0 : struct winbind_cache *cache = get_cache(domain);
2572 0 : struct cache_entry *centry = NULL;
2573 : NTSTATUS status;
2574 : unsigned int i;
2575 : struct dom_sid_buf sid_string;
2576 :
2577 0 : if (cache->tdb == NULL) {
2578 0 : return NT_STATUS_NOT_FOUND;
2579 : }
2580 :
2581 0 : centry = wcache_fetch(
2582 : cache,
2583 : domain,
2584 : "GM/%s",
2585 : dom_sid_str_buf(group_sid, &sid_string));
2586 0 : if (centry == NULL) {
2587 0 : return NT_STATUS_NOT_FOUND;
2588 : }
2589 :
2590 0 : *sid_mem = NULL;
2591 0 : *names = NULL;
2592 0 : *name_types = NULL;
2593 :
2594 0 : *num_names = centry_uint32(centry);
2595 0 : if (*num_names == 0) {
2596 0 : centry_free(centry);
2597 0 : return NT_STATUS_OK;
2598 : }
2599 :
2600 0 : *sid_mem = talloc_array(mem_ctx, struct dom_sid, *num_names);
2601 0 : *names = talloc_array(mem_ctx, char *, *num_names);
2602 0 : *name_types = talloc_array(mem_ctx, uint32_t, *num_names);
2603 :
2604 0 : if ((*sid_mem == NULL) || (*names == NULL) || (*name_types == NULL)) {
2605 0 : TALLOC_FREE(*sid_mem);
2606 0 : TALLOC_FREE(*names);
2607 0 : TALLOC_FREE(*name_types);
2608 0 : centry_free(centry);
2609 0 : return NT_STATUS_NO_MEMORY;
2610 : }
2611 :
2612 0 : for (i=0; i<(*num_names); i++) {
2613 0 : centry_sid(centry, &(*sid_mem)[i]);
2614 0 : (*names)[i] = centry_string(centry, mem_ctx);
2615 0 : (*name_types)[i] = centry_uint32(centry);
2616 : }
2617 :
2618 0 : status = centry->status;
2619 :
2620 0 : DEBUG(10,("lookup_groupmem: [Cached] - cached info for domain %s "
2621 : "status: %s\n", domain->name, nt_errstr(status)));
2622 :
2623 0 : centry_free(centry);
2624 0 : return status;
2625 : }
2626 :
2627 0 : NTSTATUS wb_cache_lookup_groupmem(struct winbindd_domain *domain,
2628 : TALLOC_CTX *mem_ctx,
2629 : const struct dom_sid *group_sid,
2630 : enum lsa_SidType type,
2631 : uint32_t *num_names,
2632 : struct dom_sid **sid_mem,
2633 : char ***names,
2634 : uint32_t **name_types)
2635 : {
2636 0 : struct cache_entry *centry = NULL;
2637 : NTSTATUS status;
2638 : unsigned int i;
2639 : struct dom_sid_buf sid_string;
2640 : bool old_status;
2641 :
2642 0 : old_status = domain->online;
2643 0 : status = wcache_lookup_groupmem(domain, mem_ctx, group_sid, num_names,
2644 : sid_mem, names, name_types);
2645 0 : if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
2646 0 : return status;
2647 : }
2648 :
2649 0 : (*num_names) = 0;
2650 0 : (*sid_mem) = NULL;
2651 0 : (*names) = NULL;
2652 0 : (*name_types) = NULL;
2653 :
2654 0 : DEBUG(10,("lookup_groupmem: [Cached] - doing backend query for info for domain %s\n",
2655 : domain->name ));
2656 :
2657 0 : status = domain->backend->lookup_groupmem(domain, mem_ctx, group_sid,
2658 : type, num_names,
2659 : sid_mem, names, name_types);
2660 :
2661 0 : if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
2662 0 : NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
2663 0 : if (!domain->internal && old_status) {
2664 0 : set_domain_offline(domain);
2665 : }
2666 0 : if (!domain->internal &&
2667 0 : !domain->online &&
2668 : old_status) {
2669 : NTSTATUS cache_status;
2670 0 : cache_status = wcache_lookup_groupmem(domain, mem_ctx, group_sid,
2671 : num_names, sid_mem, names,
2672 : name_types);
2673 0 : return cache_status;
2674 : }
2675 : }
2676 : /* and save it */
2677 0 : refresh_sequence_number(domain);
2678 0 : if (!NT_STATUS_IS_OK(status)) {
2679 0 : return status;
2680 : }
2681 0 : centry = centry_start(domain, status);
2682 0 : if (!centry)
2683 0 : goto skip_save;
2684 0 : centry_put_uint32(centry, *num_names);
2685 0 : for (i=0; i<(*num_names); i++) {
2686 0 : centry_put_sid(centry, &(*sid_mem)[i]);
2687 0 : centry_put_string(centry, (*names)[i]);
2688 0 : centry_put_uint32(centry, (*name_types)[i]);
2689 : }
2690 0 : centry_end(centry,
2691 : "GM/%s",
2692 : dom_sid_str_buf(group_sid, &sid_string));
2693 0 : centry_free(centry);
2694 :
2695 0 : skip_save:
2696 0 : return status;
2697 : }
2698 :
2699 : /* find the sequence number for a domain */
2700 0 : NTSTATUS wb_cache_sequence_number(struct winbindd_domain *domain,
2701 : uint32_t *seq)
2702 : {
2703 0 : refresh_sequence_number(domain);
2704 :
2705 0 : *seq = domain->sequence_number;
2706 :
2707 0 : return NT_STATUS_OK;
2708 : }
2709 :
2710 : /* enumerate trusted domains
2711 : * (we need to have the list of trustdoms in the cache when we go offline) -
2712 : * Guenther */
2713 0 : NTSTATUS wb_cache_trusted_domains(struct winbindd_domain *domain,
2714 : TALLOC_CTX *mem_ctx,
2715 : struct netr_DomainTrustList *trusts)
2716 : {
2717 : NTSTATUS status;
2718 : struct winbind_cache *cache;
2719 0 : struct winbindd_tdc_domain *dom_list = NULL;
2720 0 : size_t num_domains = 0;
2721 0 : bool retval = false;
2722 : size_t i;
2723 : bool old_status;
2724 :
2725 0 : old_status = domain->online;
2726 0 : trusts->count = 0;
2727 0 : trusts->array = NULL;
2728 :
2729 0 : cache = get_cache(domain);
2730 0 : if (!cache || !cache->tdb) {
2731 0 : goto do_query;
2732 : }
2733 :
2734 0 : if (domain->online) {
2735 0 : goto do_query;
2736 : }
2737 :
2738 0 : retval = wcache_tdc_fetch_list(&dom_list, &num_domains);
2739 0 : if (!retval || !num_domains || !dom_list) {
2740 0 : TALLOC_FREE(dom_list);
2741 0 : goto do_query;
2742 : }
2743 :
2744 0 : do_fetch_cache:
2745 0 : trusts->array = talloc_zero_array(mem_ctx, struct netr_DomainTrust, num_domains);
2746 0 : if (!trusts->array) {
2747 0 : TALLOC_FREE(dom_list);
2748 0 : return NT_STATUS_NO_MEMORY;
2749 : }
2750 :
2751 0 : for (i = 0; i < num_domains; i++) {
2752 : struct netr_DomainTrust *trust;
2753 : struct dom_sid *sid;
2754 : struct winbindd_domain *dom;
2755 :
2756 0 : dom = find_domain_from_name_noinit(dom_list[i].domain_name);
2757 0 : if (dom && dom->internal) {
2758 0 : continue;
2759 : }
2760 :
2761 0 : trust = &trusts->array[trusts->count];
2762 0 : trust->netbios_name = talloc_strdup(trusts->array, dom_list[i].domain_name);
2763 0 : trust->dns_name = talloc_strdup(trusts->array, dom_list[i].dns_name);
2764 0 : sid = talloc(trusts->array, struct dom_sid);
2765 0 : if (!trust->netbios_name || !trust->dns_name ||
2766 : !sid) {
2767 0 : TALLOC_FREE(dom_list);
2768 0 : TALLOC_FREE(trusts->array);
2769 0 : return NT_STATUS_NO_MEMORY;
2770 : }
2771 :
2772 0 : trust->trust_flags = dom_list[i].trust_flags;
2773 0 : trust->trust_attributes = dom_list[i].trust_attribs;
2774 0 : trust->trust_type = dom_list[i].trust_type;
2775 0 : sid_copy(sid, &dom_list[i].sid);
2776 0 : trust->sid = sid;
2777 0 : trusts->count++;
2778 : }
2779 :
2780 0 : TALLOC_FREE(dom_list);
2781 0 : return NT_STATUS_OK;
2782 :
2783 0 : do_query:
2784 0 : DEBUG(10,("trusted_domains: [Cached] - doing backend query for info for domain %s\n",
2785 : domain->name ));
2786 :
2787 0 : status = domain->backend->trusted_domains(domain, mem_ctx, trusts);
2788 :
2789 0 : if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
2790 0 : NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
2791 0 : if (!domain->internal && old_status) {
2792 0 : set_domain_offline(domain);
2793 : }
2794 0 : if (!domain->internal &&
2795 0 : !domain->online &&
2796 : old_status) {
2797 0 : retval = wcache_tdc_fetch_list(&dom_list, &num_domains);
2798 0 : if (retval && num_domains && dom_list) {
2799 0 : TALLOC_FREE(trusts->array);
2800 0 : trusts->count = 0;
2801 0 : goto do_fetch_cache;
2802 : }
2803 : }
2804 : }
2805 : /* no trusts gives NT_STATUS_NO_MORE_ENTRIES resetting to NT_STATUS_OK
2806 : * so that the generic centry handling still applies correctly -
2807 : * Guenther*/
2808 :
2809 0 : if (!NT_STATUS_IS_ERR(status)) {
2810 0 : status = NT_STATUS_OK;
2811 : }
2812 0 : return status;
2813 : }
2814 :
2815 : /* get lockout policy */
2816 0 : NTSTATUS wb_cache_lockout_policy(struct winbindd_domain *domain,
2817 : TALLOC_CTX *mem_ctx,
2818 : struct samr_DomInfo12 *policy)
2819 : {
2820 0 : struct winbind_cache *cache = get_cache(domain);
2821 0 : struct cache_entry *centry = NULL;
2822 : NTSTATUS status;
2823 : bool old_status;
2824 :
2825 0 : old_status = domain->online;
2826 0 : if (!cache->tdb)
2827 0 : goto do_query;
2828 :
2829 0 : centry = wcache_fetch(cache, domain, "LOC_POL/%s", domain->name);
2830 :
2831 0 : if (!centry)
2832 0 : goto do_query;
2833 :
2834 0 : do_fetch_cache:
2835 0 : policy->lockout_duration = centry_nttime(centry);
2836 0 : policy->lockout_window = centry_nttime(centry);
2837 0 : policy->lockout_threshold = centry_uint16(centry);
2838 :
2839 0 : status = centry->status;
2840 :
2841 0 : DEBUG(10,("lockout_policy: [Cached] - cached info for domain %s status: %s\n",
2842 : domain->name, nt_errstr(status) ));
2843 :
2844 0 : centry_free(centry);
2845 0 : return status;
2846 :
2847 0 : do_query:
2848 0 : ZERO_STRUCTP(policy);
2849 :
2850 0 : DEBUG(10,("lockout_policy: [Cached] - doing backend query for info for domain %s\n",
2851 : domain->name ));
2852 :
2853 0 : status = domain->backend->lockout_policy(domain, mem_ctx, policy);
2854 :
2855 0 : if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
2856 0 : NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
2857 0 : if (!domain->internal && old_status) {
2858 0 : set_domain_offline(domain);
2859 : }
2860 0 : if (cache->tdb &&
2861 0 : !domain->internal &&
2862 0 : !domain->online &&
2863 : old_status) {
2864 0 : centry = wcache_fetch(cache, domain, "LOC_POL/%s", domain->name);
2865 0 : if (centry) {
2866 0 : goto do_fetch_cache;
2867 : }
2868 : }
2869 : }
2870 : /* and save it */
2871 0 : refresh_sequence_number(domain);
2872 0 : if (!NT_STATUS_IS_OK(status)) {
2873 0 : return status;
2874 : }
2875 0 : wcache_save_lockout_policy(domain, status, policy);
2876 :
2877 0 : return status;
2878 : }
2879 :
2880 : /* get password policy */
2881 0 : NTSTATUS wb_cache_password_policy(struct winbindd_domain *domain,
2882 : TALLOC_CTX *mem_ctx,
2883 : struct samr_DomInfo1 *policy)
2884 : {
2885 0 : struct winbind_cache *cache = get_cache(domain);
2886 0 : struct cache_entry *centry = NULL;
2887 : NTSTATUS status;
2888 : bool old_status;
2889 :
2890 0 : old_status = domain->online;
2891 0 : if (!cache->tdb)
2892 0 : goto do_query;
2893 :
2894 0 : centry = wcache_fetch(cache, domain, "PWD_POL/%s", domain->name);
2895 :
2896 0 : if (!centry)
2897 0 : goto do_query;
2898 :
2899 0 : do_fetch_cache:
2900 0 : policy->min_password_length = centry_uint16(centry);
2901 0 : policy->password_history_length = centry_uint16(centry);
2902 0 : policy->password_properties = centry_uint32(centry);
2903 0 : policy->max_password_age = centry_nttime(centry);
2904 0 : policy->min_password_age = centry_nttime(centry);
2905 :
2906 0 : status = centry->status;
2907 :
2908 0 : DEBUG(10,("lockout_policy: [Cached] - cached info for domain %s status: %s\n",
2909 : domain->name, nt_errstr(status) ));
2910 :
2911 0 : centry_free(centry);
2912 0 : return status;
2913 :
2914 0 : do_query:
2915 0 : ZERO_STRUCTP(policy);
2916 :
2917 0 : DEBUG(10,("password_policy: [Cached] - doing backend query for info for domain %s\n",
2918 : domain->name ));
2919 :
2920 0 : status = domain->backend->password_policy(domain, mem_ctx, policy);
2921 :
2922 0 : if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
2923 0 : NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
2924 0 : if (!domain->internal && old_status) {
2925 0 : set_domain_offline(domain);
2926 : }
2927 0 : if (cache->tdb &&
2928 0 : !domain->internal &&
2929 0 : !domain->online &&
2930 : old_status) {
2931 0 : centry = wcache_fetch(cache, domain, "PWD_POL/%s", domain->name);
2932 0 : if (centry) {
2933 0 : goto do_fetch_cache;
2934 : }
2935 : }
2936 : }
2937 : /* and save it */
2938 0 : refresh_sequence_number(domain);
2939 0 : if (!NT_STATUS_IS_OK(status)) {
2940 0 : return status;
2941 : }
2942 0 : wcache_save_password_policy(domain, status, policy);
2943 :
2944 0 : return status;
2945 : }
2946 :
2947 :
2948 : /* Invalidate cached user and group lists coherently */
2949 :
2950 22 : static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
2951 : void *state)
2952 : {
2953 33 : if (strncmp((const char *)kbuf.dptr, "UL/", 3) == 0 ||
2954 22 : strncmp((const char *)kbuf.dptr, "GL/", 3) == 0)
2955 0 : tdb_delete(the_tdb, kbuf);
2956 :
2957 22 : return 0;
2958 : }
2959 :
2960 : /* Invalidate the getpwnam and getgroups entries for a winbindd domain */
2961 :
2962 0 : void wcache_invalidate_samlogon(struct winbindd_domain *domain,
2963 : const struct dom_sid *sid)
2964 : {
2965 : fstring key_str;
2966 : struct dom_sid_buf sid_string;
2967 : struct winbind_cache *cache;
2968 :
2969 : /* don't clear cached U/SID and UG/SID entries when we want to logon
2970 : * offline - gd */
2971 :
2972 0 : if (lp_winbind_offline_logon()) {
2973 0 : return;
2974 : }
2975 :
2976 0 : if (!domain)
2977 0 : return;
2978 :
2979 0 : cache = get_cache(domain);
2980 :
2981 0 : if (!cache->tdb) {
2982 0 : return;
2983 : }
2984 :
2985 : /* Clear U/SID cache entry */
2986 0 : fstr_sprintf(key_str, "U/%s", dom_sid_str_buf(sid, &sid_string));
2987 0 : DEBUG(10, ("wcache_invalidate_samlogon: clearing %s\n", key_str));
2988 0 : tdb_delete(cache->tdb, string_tdb_data(key_str));
2989 :
2990 : /* Clear UG/SID cache entry */
2991 0 : fstr_sprintf(key_str, "UG/%s", dom_sid_str_buf(sid, &sid_string));
2992 0 : DEBUG(10, ("wcache_invalidate_samlogon: clearing %s\n", key_str));
2993 0 : tdb_delete(cache->tdb, string_tdb_data(key_str));
2994 :
2995 : /* Samba/winbindd never needs this. */
2996 0 : netsamlogon_clear_cached_user(sid);
2997 : }
2998 :
2999 6 : bool wcache_invalidate_cache(void)
3000 : {
3001 : struct winbindd_domain *domain;
3002 :
3003 28 : for (domain = domain_list(); domain; domain = domain->next) {
3004 22 : struct winbind_cache *cache = get_cache(domain);
3005 :
3006 22 : DEBUG(10, ("wcache_invalidate_cache: invalidating cache "
3007 : "entries for %s\n", domain->name));
3008 22 : if (cache) {
3009 22 : if (cache->tdb) {
3010 22 : tdb_traverse(cache->tdb, traverse_fn, NULL);
3011 : } else {
3012 0 : return false;
3013 : }
3014 : }
3015 : }
3016 6 : return true;
3017 : }
3018 :
3019 0 : bool wcache_invalidate_cache_noinit(void)
3020 : {
3021 : struct winbindd_domain *domain;
3022 :
3023 0 : for (domain = domain_list(); domain; domain = domain->next) {
3024 : struct winbind_cache *cache;
3025 :
3026 : /* Skip uninitialized domains. */
3027 0 : if (!domain->initialized && !domain->internal) {
3028 0 : continue;
3029 : }
3030 :
3031 0 : cache = get_cache(domain);
3032 :
3033 0 : DEBUG(10, ("wcache_invalidate_cache: invalidating cache "
3034 : "entries for %s\n", domain->name));
3035 0 : if (cache) {
3036 0 : if (cache->tdb) {
3037 0 : tdb_traverse(cache->tdb, traverse_fn, NULL);
3038 : /*
3039 : * Flushing cache has nothing to with domains.
3040 : * return here if we successfully flushed once.
3041 : * To avoid unnecessary traversing the cache.
3042 : */
3043 0 : return true;
3044 : } else {
3045 0 : return false;
3046 : }
3047 : }
3048 : }
3049 0 : return true;
3050 : }
3051 :
3052 419 : static bool init_wcache(void)
3053 : {
3054 : char *db_path;
3055 :
3056 419 : if (wcache == NULL) {
3057 68 : wcache = SMB_XMALLOC_P(struct winbind_cache);
3058 68 : ZERO_STRUCTP(wcache);
3059 : }
3060 :
3061 419 : if (wcache->tdb != NULL)
3062 223 : return true;
3063 :
3064 196 : db_path = wcache_path();
3065 196 : if (db_path == NULL) {
3066 0 : return false;
3067 : }
3068 :
3069 : /* when working offline we must not clear the cache on restart */
3070 196 : wcache->tdb = tdb_open_log(db_path,
3071 : WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
3072 : TDB_INCOMPATIBLE_HASH |
3073 196 : (lp_winbind_offline_logon() ? TDB_DEFAULT : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST)),
3074 : O_RDWR|O_CREAT, 0600);
3075 196 : TALLOC_FREE(db_path);
3076 196 : if (wcache->tdb == NULL) {
3077 0 : DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
3078 0 : return false;
3079 : }
3080 :
3081 196 : return true;
3082 : }
3083 :
3084 : /************************************************************************
3085 : This is called by the parent to initialize the cache file.
3086 : We don't need sophisticated locking here as we know we're the
3087 : only opener.
3088 : ************************************************************************/
3089 :
3090 68 : bool initialize_winbindd_cache(void)
3091 : {
3092 68 : bool cache_bad = false;
3093 68 : uint32_t vers = 0;
3094 : bool ok;
3095 :
3096 68 : if (!init_wcache()) {
3097 0 : DEBUG(0,("initialize_winbindd_cache: init_wcache failed.\n"));
3098 0 : return false;
3099 : }
3100 :
3101 : /* Check version number. */
3102 68 : ok = tdb_fetch_uint32(wcache->tdb, WINBINDD_CACHE_VERSION_KEYSTR, &vers);
3103 68 : if (!ok) {
3104 60 : DBG_DEBUG("Failed to get cache version\n");
3105 60 : cache_bad = true;
3106 : }
3107 68 : if (vers != WINBINDD_CACHE_VERSION) {
3108 60 : DBG_DEBUG("Invalid cache version %u != %u\n",
3109 : vers,
3110 : WINBINDD_CACHE_VERSION);
3111 60 : cache_bad = true;
3112 : }
3113 :
3114 68 : if (cache_bad) {
3115 : char *db_path;
3116 :
3117 60 : DEBUG(0,("initialize_winbindd_cache: clearing cache "
3118 : "and re-creating with version number %d\n",
3119 : WINBINDD_CACHE_VERSION ));
3120 :
3121 60 : tdb_close(wcache->tdb);
3122 60 : wcache->tdb = NULL;
3123 :
3124 60 : db_path = wcache_path();
3125 60 : if (db_path == NULL) {
3126 0 : return false;
3127 : }
3128 :
3129 60 : if (unlink(db_path) == -1) {
3130 0 : DEBUG(0,("initialize_winbindd_cache: unlink %s failed %s ",
3131 : db_path,
3132 : strerror(errno) ));
3133 0 : TALLOC_FREE(db_path);
3134 0 : return false;
3135 : }
3136 60 : TALLOC_FREE(db_path);
3137 60 : if (!init_wcache()) {
3138 0 : DEBUG(0,("initialize_winbindd_cache: re-initialization "
3139 : "init_wcache failed.\n"));
3140 0 : return false;
3141 : }
3142 :
3143 : /* Write the version. */
3144 60 : if (!tdb_store_uint32(wcache->tdb, WINBINDD_CACHE_VERSION_KEYSTR, WINBINDD_CACHE_VERSION)) {
3145 0 : DEBUG(0,("initialize_winbindd_cache: version number store failed %s\n",
3146 : tdb_errorstr(wcache->tdb) ));
3147 0 : return false;
3148 : }
3149 : }
3150 :
3151 68 : tdb_close(wcache->tdb);
3152 68 : wcache->tdb = NULL;
3153 68 : return true;
3154 : }
3155 :
3156 68 : void close_winbindd_cache(void)
3157 : {
3158 68 : if (!wcache) {
3159 68 : return;
3160 : }
3161 0 : if (wcache->tdb) {
3162 0 : tdb_close(wcache->tdb);
3163 0 : wcache->tdb = NULL;
3164 : }
3165 : }
3166 :
3167 0 : bool lookup_cached_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
3168 : char **domain_name, char **name,
3169 : enum lsa_SidType *type)
3170 : {
3171 : struct winbindd_domain *domain;
3172 : NTSTATUS status;
3173 :
3174 0 : domain = find_lookup_domain_from_sid(sid);
3175 0 : if (domain == NULL) {
3176 0 : return false;
3177 : }
3178 0 : status = wcache_sid_to_name(domain, sid, mem_ctx, domain_name, name,
3179 : type);
3180 0 : return NT_STATUS_IS_OK(status);
3181 : }
3182 :
3183 0 : bool lookup_cached_name(const char *namespace,
3184 : const char *domain_name,
3185 : const char *name,
3186 : struct dom_sid *sid,
3187 : enum lsa_SidType *type)
3188 : {
3189 : struct winbindd_domain *domain;
3190 : NTSTATUS status;
3191 : bool original_online_state;
3192 :
3193 0 : domain = find_lookup_domain_from_name(namespace);
3194 0 : if (domain == NULL) {
3195 0 : return false;
3196 : }
3197 :
3198 : /* If we are doing a cached logon, temporarily set the domain
3199 : offline so the cache won't expire the entry */
3200 :
3201 0 : original_online_state = domain->online;
3202 0 : domain->online = false;
3203 0 : status = wcache_name_to_sid(domain, domain_name, name, sid, type);
3204 0 : domain->online = original_online_state;
3205 :
3206 0 : return NT_STATUS_IS_OK(status);
3207 : }
3208 :
3209 : /*
3210 : * Cache a name to sid without checking the sequence number.
3211 : * Used when caching from a trusted PAC.
3212 : */
3213 :
3214 615 : void cache_name2sid_trusted(struct winbindd_domain *domain,
3215 : const char *domain_name,
3216 : const char *name,
3217 : enum lsa_SidType type,
3218 : const struct dom_sid *sid)
3219 : {
3220 : /*
3221 : * Ensure we store the mapping with the
3222 : * existing sequence number from the cache.
3223 : */
3224 615 : get_cache(domain);
3225 615 : (void)fetch_cache_seqnum(domain, time(NULL));
3226 615 : wcache_save_name_to_sid(domain,
3227 615 : NT_STATUS_OK,
3228 : domain_name,
3229 : name,
3230 : sid,
3231 : type);
3232 615 : }
3233 :
3234 0 : void cache_name2sid(struct winbindd_domain *domain,
3235 : const char *domain_name, const char *name,
3236 : enum lsa_SidType type, const struct dom_sid *sid)
3237 : {
3238 0 : refresh_sequence_number(domain);
3239 0 : wcache_save_name_to_sid(domain, NT_STATUS_OK, domain_name, name,
3240 : sid, type);
3241 0 : }
3242 :
3243 : /*
3244 : * The original idea that this cache only contains centries has
3245 : * been blurred - now other stuff gets put in here. Ensure we
3246 : * ignore these things on cleanup.
3247 : */
3248 :
3249 0 : static int traverse_fn_cleanup(TDB_CONTEXT *the_tdb, TDB_DATA kbuf,
3250 : TDB_DATA dbuf, void *state)
3251 : {
3252 : struct cache_entry *centry;
3253 :
3254 0 : if (is_non_centry_key(kbuf)) {
3255 0 : return 0;
3256 : }
3257 :
3258 0 : centry = wcache_fetch_raw((char *)kbuf.dptr);
3259 0 : if (!centry) {
3260 0 : return 0;
3261 : }
3262 :
3263 0 : if (!NT_STATUS_IS_OK(centry->status)) {
3264 0 : DEBUG(10,("deleting centry %s\n", (const char *)kbuf.dptr));
3265 0 : tdb_delete(the_tdb, kbuf);
3266 : }
3267 :
3268 0 : centry_free(centry);
3269 0 : return 0;
3270 : }
3271 :
3272 : /* flush the cache */
3273 0 : static void wcache_flush_cache(void)
3274 : {
3275 : char *db_path;
3276 :
3277 0 : if (!wcache)
3278 0 : return;
3279 0 : if (wcache->tdb) {
3280 0 : tdb_close(wcache->tdb);
3281 0 : wcache->tdb = NULL;
3282 : }
3283 0 : if (!winbindd_use_cache()) {
3284 0 : return;
3285 : }
3286 :
3287 0 : db_path = wcache_path();
3288 0 : if (db_path == NULL) {
3289 0 : return;
3290 : }
3291 :
3292 : /* when working offline we must not clear the cache on restart */
3293 0 : wcache->tdb = tdb_open_log(db_path,
3294 : WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
3295 : TDB_INCOMPATIBLE_HASH |
3296 0 : (lp_winbind_offline_logon() ? TDB_DEFAULT : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST)),
3297 : O_RDWR|O_CREAT, 0600);
3298 0 : TALLOC_FREE(db_path);
3299 0 : if (!wcache->tdb) {
3300 0 : DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
3301 0 : return;
3302 : }
3303 :
3304 0 : tdb_traverse(wcache->tdb, traverse_fn_cleanup, NULL);
3305 :
3306 0 : DEBUG(10,("wcache_flush_cache success\n"));
3307 : }
3308 :
3309 : /* Count cached creds */
3310 :
3311 0 : static int traverse_fn_cached_creds(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
3312 : void *state)
3313 : {
3314 0 : int *cred_count = (int*)state;
3315 :
3316 0 : if (strncmp((const char *)kbuf.dptr, "CRED/", 5) == 0) {
3317 0 : (*cred_count)++;
3318 : }
3319 0 : return 0;
3320 : }
3321 :
3322 0 : NTSTATUS wcache_count_cached_creds(struct winbindd_domain *domain, int *count)
3323 : {
3324 0 : struct winbind_cache *cache = get_cache(domain);
3325 :
3326 0 : *count = 0;
3327 :
3328 0 : if (!cache->tdb) {
3329 0 : return NT_STATUS_INTERNAL_DB_ERROR;
3330 : }
3331 :
3332 0 : tdb_traverse(cache->tdb, traverse_fn_cached_creds, (void *)count);
3333 :
3334 0 : return NT_STATUS_OK;
3335 : }
3336 :
3337 : struct cred_list {
3338 : struct cred_list *prev, *next;
3339 : TDB_DATA key;
3340 : fstring name;
3341 : time_t created;
3342 : };
3343 : static struct cred_list *wcache_cred_list;
3344 :
3345 0 : static int traverse_fn_get_credlist(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
3346 : void *state)
3347 : {
3348 : struct cred_list *cred;
3349 :
3350 0 : if (strncmp((const char *)kbuf.dptr, "CRED/", 5) == 0) {
3351 :
3352 0 : cred = SMB_MALLOC_P(struct cred_list);
3353 0 : if (cred == NULL) {
3354 0 : DEBUG(0,("traverse_fn_remove_first_creds: failed to malloc new entry for list\n"));
3355 0 : return -1;
3356 : }
3357 :
3358 0 : ZERO_STRUCTP(cred);
3359 :
3360 : /* save a copy of the key */
3361 :
3362 0 : fstrcpy(cred->name, (const char *)kbuf.dptr);
3363 0 : DLIST_ADD(wcache_cred_list, cred);
3364 : }
3365 :
3366 0 : return 0;
3367 : }
3368 :
3369 0 : NTSTATUS wcache_remove_oldest_cached_creds(struct winbindd_domain *domain, const struct dom_sid *sid)
3370 : {
3371 0 : struct winbind_cache *cache = get_cache(domain);
3372 : NTSTATUS status;
3373 : int ret;
3374 0 : struct cred_list *cred, *next, *oldest = NULL;
3375 :
3376 0 : if (!cache->tdb) {
3377 0 : return NT_STATUS_INTERNAL_DB_ERROR;
3378 : }
3379 :
3380 : /* we possibly already have an entry */
3381 0 : if (sid && NT_STATUS_IS_OK(wcache_cached_creds_exist(domain, sid))) {
3382 :
3383 : fstring key_str;
3384 : struct dom_sid_buf tmp;
3385 :
3386 0 : DEBUG(11,("we already have an entry, deleting that\n"));
3387 :
3388 0 : fstr_sprintf(key_str, "CRED/%s", dom_sid_str_buf(sid, &tmp));
3389 :
3390 0 : tdb_delete(cache->tdb, string_tdb_data(key_str));
3391 :
3392 0 : return NT_STATUS_OK;
3393 : }
3394 :
3395 0 : ret = tdb_traverse(cache->tdb, traverse_fn_get_credlist, NULL);
3396 0 : if (ret == 0) {
3397 0 : return NT_STATUS_OK;
3398 0 : } else if ((ret < 0) || (wcache_cred_list == NULL)) {
3399 0 : return NT_STATUS_OBJECT_NAME_NOT_FOUND;
3400 : }
3401 :
3402 0 : ZERO_STRUCTP(oldest);
3403 :
3404 0 : for (cred = wcache_cred_list; cred; cred = cred->next) {
3405 :
3406 : TDB_DATA data;
3407 : time_t t;
3408 :
3409 0 : data = tdb_fetch(cache->tdb, string_tdb_data(cred->name));
3410 0 : if (!data.dptr) {
3411 0 : DEBUG(10,("wcache_remove_oldest_cached_creds: entry for [%s] not found\n",
3412 : cred->name));
3413 0 : status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
3414 0 : goto done;
3415 : }
3416 :
3417 0 : t = IVAL(data.dptr, 0);
3418 0 : SAFE_FREE(data.dptr);
3419 :
3420 0 : if (!oldest) {
3421 0 : oldest = SMB_MALLOC_P(struct cred_list);
3422 0 : if (oldest == NULL) {
3423 0 : status = NT_STATUS_NO_MEMORY;
3424 0 : goto done;
3425 : }
3426 :
3427 0 : fstrcpy(oldest->name, cred->name);
3428 0 : oldest->created = t;
3429 0 : continue;
3430 : }
3431 :
3432 0 : if (t < oldest->created) {
3433 0 : fstrcpy(oldest->name, cred->name);
3434 0 : oldest->created = t;
3435 : }
3436 : }
3437 :
3438 0 : if (tdb_delete(cache->tdb, string_tdb_data(oldest->name)) == 0) {
3439 0 : status = NT_STATUS_OK;
3440 : } else {
3441 0 : status = NT_STATUS_UNSUCCESSFUL;
3442 : }
3443 0 : done:
3444 0 : for (cred = wcache_cred_list; cred; cred = next) {
3445 0 : next = cred->next;
3446 0 : DLIST_REMOVE(wcache_cred_list, cred);
3447 0 : SAFE_FREE(cred);
3448 : }
3449 0 : SAFE_FREE(oldest);
3450 :
3451 0 : return status;
3452 : }
3453 :
3454 : /* Change the global online/offline state. */
3455 4 : bool set_global_winbindd_state_offline(void)
3456 : {
3457 : bool ok;
3458 4 : uint8_t buf[4] = {0};
3459 4 : TDB_DATA data = {
3460 : .dptr = buf,
3461 : .dsize = sizeof(buf)
3462 : };
3463 : int rc;
3464 :
3465 4 : DBG_ERR("Offline requested\n");
3466 :
3467 4 : if (wcache == NULL || wcache->tdb == NULL) {
3468 0 : DBG_ERR("Winbind cache doesn't exist yet\n");
3469 0 : return false;
3470 : }
3471 :
3472 4 : if (!lp_winbind_offline_logon()) {
3473 0 : DBG_DEBUG("Rejecting request to set winbind offline, "
3474 : "offline logons are disabled in smb.conf\n");
3475 0 : return false;
3476 : }
3477 :
3478 4 : ok = get_global_winbindd_state_offline();
3479 4 : if (ok) {
3480 4 : return true;
3481 : }
3482 :
3483 0 : PUSH_LE_U32(buf, 0, time(NULL));
3484 :
3485 0 : rc = tdb_store_bystring(wcache->tdb,
3486 : "WINBINDD_OFFLINE",
3487 : data,
3488 : TDB_INSERT);
3489 0 : if (rc != 0) {
3490 0 : return false;
3491 : }
3492 :
3493 0 : return true;
3494 :
3495 : }
3496 :
3497 2 : void set_global_winbindd_state_online(void)
3498 : {
3499 2 : DEBUG(10,("set_global_winbindd_state_online: online requested.\n"));
3500 :
3501 2 : if (!lp_winbind_offline_logon()) {
3502 2 : DBG_DEBUG("Rejecting request to set winbind online, "
3503 : "offline logons are disabled in smb.conf.\n");
3504 2 : return;
3505 : }
3506 :
3507 0 : if (!wcache->tdb) {
3508 0 : return;
3509 : }
3510 :
3511 : /* Ensure there is no key "WINBINDD_OFFLINE" in the cache tdb. */
3512 0 : tdb_delete_bystring(wcache->tdb, "WINBINDD_OFFLINE");
3513 : }
3514 :
3515 10765 : bool get_global_winbindd_state_offline(void)
3516 : {
3517 : TDB_DATA data;
3518 :
3519 10765 : data = tdb_fetch_bystring(wcache->tdb, "WINBINDD_OFFLINE");
3520 10765 : if (data.dptr == NULL || data.dsize != 4) {
3521 10757 : DBG_DEBUG("Offline state not set.\n");
3522 10757 : SAFE_FREE(data.dptr);
3523 10757 : return false;
3524 : }
3525 :
3526 8 : return true;
3527 : }
3528 :
3529 : /***********************************************************************
3530 : Validate functions for all possible cache tdb keys.
3531 : ***********************************************************************/
3532 :
3533 24 : static struct cache_entry *create_centry_validate(const char *kstr, TDB_DATA data,
3534 : struct tdb_validation_status *state)
3535 : {
3536 : struct cache_entry *centry;
3537 :
3538 24 : centry = SMB_XMALLOC_P(struct cache_entry);
3539 24 : centry->data = (unsigned char *)smb_memdup(data.dptr, data.dsize);
3540 24 : if (!centry->data) {
3541 0 : SAFE_FREE(centry);
3542 0 : return NULL;
3543 : }
3544 24 : centry->len = data.dsize;
3545 24 : centry->ofs = 0;
3546 :
3547 24 : if (centry->len < 16) {
3548 : /* huh? corrupt cache? */
3549 0 : DEBUG(0,("create_centry_validate: Corrupt cache for key %s "
3550 : "(len < 16) ?\n", kstr));
3551 0 : centry_free(centry);
3552 0 : state->bad_entry = true;
3553 0 : state->success = false;
3554 0 : return NULL;
3555 : }
3556 :
3557 24 : centry->status = NT_STATUS(centry_uint32(centry));
3558 24 : centry->sequence_number = centry_uint32(centry);
3559 24 : centry->timeout = centry_uint64_t(centry);
3560 24 : return centry;
3561 : }
3562 :
3563 8 : static int validate_seqnum(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3564 : struct tdb_validation_status *state)
3565 : {
3566 8 : if (dbuf.dsize != 8) {
3567 0 : DEBUG(0,("validate_seqnum: Corrupt cache for key %s (len %u != 8) ?\n",
3568 : keystr, (unsigned int)dbuf.dsize ));
3569 0 : state->bad_entry = true;
3570 0 : return 1;
3571 : }
3572 8 : return 0;
3573 : }
3574 :
3575 0 : static int validate_u(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3576 : struct tdb_validation_status *state)
3577 : {
3578 0 : struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3579 : struct dom_sid sid;
3580 :
3581 0 : if (!centry) {
3582 0 : return 1;
3583 : }
3584 :
3585 0 : (void)centry_string(centry, mem_ctx);
3586 0 : (void)centry_string(centry, mem_ctx);
3587 0 : (void)centry_string(centry, mem_ctx);
3588 0 : (void)centry_string(centry, mem_ctx);
3589 0 : (void)centry_string(centry, mem_ctx);
3590 0 : (void)centry_uint32(centry);
3591 0 : (void)centry_uint32(centry);
3592 0 : (void)centry_string(centry, mem_ctx);
3593 0 : (void)centry_sid(centry, &sid);
3594 0 : (void)centry_sid(centry, &sid);
3595 :
3596 0 : centry_free(centry);
3597 :
3598 0 : if (!(state->success)) {
3599 0 : return 1;
3600 : }
3601 0 : DEBUG(10,("validate_u: %s ok\n", keystr));
3602 0 : return 0;
3603 : }
3604 :
3605 8 : static int validate_loc_pol(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3606 : struct tdb_validation_status *state)
3607 : {
3608 8 : struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3609 :
3610 8 : if (!centry) {
3611 0 : return 1;
3612 : }
3613 :
3614 8 : (void)centry_nttime(centry);
3615 8 : (void)centry_nttime(centry);
3616 8 : (void)centry_uint16(centry);
3617 :
3618 8 : centry_free(centry);
3619 :
3620 8 : if (!(state->success)) {
3621 0 : return 1;
3622 : }
3623 8 : DEBUG(10,("validate_loc_pol: %s ok\n", keystr));
3624 8 : return 0;
3625 : }
3626 :
3627 0 : static int validate_pwd_pol(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3628 : struct tdb_validation_status *state)
3629 : {
3630 0 : struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3631 :
3632 0 : if (!centry) {
3633 0 : return 1;
3634 : }
3635 :
3636 0 : (void)centry_uint16(centry);
3637 0 : (void)centry_uint16(centry);
3638 0 : (void)centry_uint32(centry);
3639 0 : (void)centry_nttime(centry);
3640 0 : (void)centry_nttime(centry);
3641 :
3642 0 : centry_free(centry);
3643 :
3644 0 : if (!(state->success)) {
3645 0 : return 1;
3646 : }
3647 0 : DEBUG(10,("validate_pwd_pol: %s ok\n", keystr));
3648 0 : return 0;
3649 : }
3650 :
3651 16 : static int validate_cred(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3652 : struct tdb_validation_status *state)
3653 : {
3654 16 : struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3655 :
3656 16 : if (!centry) {
3657 0 : return 1;
3658 : }
3659 :
3660 16 : (void)centry_time(centry);
3661 16 : (void)centry_hash16(centry, mem_ctx);
3662 :
3663 : /* We only have 17 bytes more data in the salted cred case. */
3664 16 : if (centry->len - centry->ofs == 17) {
3665 16 : (void)centry_hash16(centry, mem_ctx);
3666 : }
3667 :
3668 16 : centry_free(centry);
3669 :
3670 16 : if (!(state->success)) {
3671 0 : return 1;
3672 : }
3673 16 : DEBUG(10,("validate_cred: %s ok\n", keystr));
3674 16 : return 0;
3675 : }
3676 :
3677 0 : static int validate_ul(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3678 : struct tdb_validation_status *state)
3679 : {
3680 0 : struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3681 : int32_t num_entries, i;
3682 :
3683 0 : if (!centry) {
3684 0 : return 1;
3685 : }
3686 :
3687 0 : num_entries = (int32_t)centry_uint32(centry);
3688 :
3689 0 : for (i=0; i< num_entries; i++) {
3690 0 : (void)centry_uint32(centry);
3691 : }
3692 :
3693 0 : centry_free(centry);
3694 :
3695 0 : if (!(state->success)) {
3696 0 : return 1;
3697 : }
3698 0 : DEBUG(10,("validate_ul: %s ok\n", keystr));
3699 0 : return 0;
3700 : }
3701 :
3702 0 : static int validate_gl(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3703 : struct tdb_validation_status *state)
3704 : {
3705 0 : struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3706 : int32_t num_entries, i;
3707 :
3708 0 : if (!centry) {
3709 0 : return 1;
3710 : }
3711 :
3712 0 : num_entries = centry_uint32(centry);
3713 :
3714 0 : for (i=0; i< num_entries; i++) {
3715 0 : (void)centry_string(centry, mem_ctx);
3716 0 : (void)centry_string(centry, mem_ctx);
3717 0 : (void)centry_uint32(centry);
3718 : }
3719 :
3720 0 : centry_free(centry);
3721 :
3722 0 : if (!(state->success)) {
3723 0 : return 1;
3724 : }
3725 0 : DEBUG(10,("validate_gl: %s ok\n", keystr));
3726 0 : return 0;
3727 : }
3728 :
3729 0 : static int validate_ug(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3730 : struct tdb_validation_status *state)
3731 : {
3732 0 : struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3733 : int32_t num_groups, i;
3734 :
3735 0 : if (!centry) {
3736 0 : return 1;
3737 : }
3738 :
3739 0 : num_groups = centry_uint32(centry);
3740 :
3741 0 : for (i=0; i< num_groups; i++) {
3742 : struct dom_sid sid;
3743 0 : centry_sid(centry, &sid);
3744 : }
3745 :
3746 0 : centry_free(centry);
3747 :
3748 0 : if (!(state->success)) {
3749 0 : return 1;
3750 : }
3751 0 : DEBUG(10,("validate_ug: %s ok\n", keystr));
3752 0 : return 0;
3753 : }
3754 :
3755 0 : static int validate_ua(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3756 : struct tdb_validation_status *state)
3757 : {
3758 0 : struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3759 : int32_t num_aliases, i;
3760 :
3761 0 : if (!centry) {
3762 0 : return 1;
3763 : }
3764 :
3765 0 : num_aliases = centry_uint32(centry);
3766 :
3767 0 : for (i=0; i < num_aliases; i++) {
3768 0 : (void)centry_uint32(centry);
3769 : }
3770 :
3771 0 : centry_free(centry);
3772 :
3773 0 : if (!(state->success)) {
3774 0 : return 1;
3775 : }
3776 0 : DEBUG(10,("validate_ua: %s ok\n", keystr));
3777 0 : return 0;
3778 : }
3779 :
3780 0 : static int validate_gm(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3781 : struct tdb_validation_status *state)
3782 : {
3783 0 : struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3784 : int32_t num_names, i;
3785 :
3786 0 : if (!centry) {
3787 0 : return 1;
3788 : }
3789 :
3790 0 : num_names = centry_uint32(centry);
3791 :
3792 0 : for (i=0; i< num_names; i++) {
3793 : struct dom_sid sid;
3794 0 : centry_sid(centry, &sid);
3795 0 : (void)centry_string(centry, mem_ctx);
3796 0 : (void)centry_uint32(centry);
3797 : }
3798 :
3799 0 : centry_free(centry);
3800 :
3801 0 : if (!(state->success)) {
3802 0 : return 1;
3803 : }
3804 0 : DEBUG(10,("validate_gm: %s ok\n", keystr));
3805 0 : return 0;
3806 : }
3807 :
3808 0 : static int validate_dr(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3809 : struct tdb_validation_status *state)
3810 : {
3811 : /* Can't say anything about this other than must be nonzero. */
3812 0 : if (dbuf.dsize == 0) {
3813 0 : DEBUG(0,("validate_dr: Corrupt cache for key %s (len == 0) ?\n",
3814 : keystr));
3815 0 : state->bad_entry = true;
3816 0 : state->success = false;
3817 0 : return 1;
3818 : }
3819 :
3820 0 : DEBUG(10,("validate_dr: %s ok\n", keystr));
3821 0 : return 0;
3822 : }
3823 :
3824 0 : static int validate_de(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3825 : struct tdb_validation_status *state)
3826 : {
3827 : /* Can't say anything about this other than must be nonzero. */
3828 0 : if (dbuf.dsize == 0) {
3829 0 : DEBUG(0,("validate_de: Corrupt cache for key %s (len == 0) ?\n",
3830 : keystr));
3831 0 : state->bad_entry = true;
3832 0 : state->success = false;
3833 0 : return 1;
3834 : }
3835 :
3836 0 : DEBUG(10,("validate_de: %s ok\n", keystr));
3837 0 : return 0;
3838 : }
3839 :
3840 0 : static int validate_nss_an(TALLOC_CTX *mem_ctx, const char *keystr,
3841 : TDB_DATA dbuf,
3842 : struct tdb_validation_status *state)
3843 : {
3844 0 : struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3845 :
3846 0 : if (!centry) {
3847 0 : return 1;
3848 : }
3849 :
3850 0 : (void)centry_string( centry, mem_ctx );
3851 :
3852 0 : centry_free(centry);
3853 :
3854 0 : if (!(state->success)) {
3855 0 : return 1;
3856 : }
3857 0 : DEBUG(10,("validate_pwinfo: %s ok\n", keystr));
3858 0 : return 0;
3859 : }
3860 :
3861 0 : static int validate_nss_na(TALLOC_CTX *mem_ctx, const char *keystr,
3862 : TDB_DATA dbuf,
3863 : struct tdb_validation_status *state)
3864 : {
3865 0 : struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3866 :
3867 0 : if (!centry) {
3868 0 : return 1;
3869 : }
3870 :
3871 0 : (void)centry_string( centry, mem_ctx );
3872 :
3873 0 : centry_free(centry);
3874 :
3875 0 : if (!(state->success)) {
3876 0 : return 1;
3877 : }
3878 0 : DBG_DEBUG("%s ok\n", keystr);
3879 0 : return 0;
3880 : }
3881 :
3882 8 : static int validate_trustdomcache(TALLOC_CTX *mem_ctx, const char *keystr,
3883 : TDB_DATA dbuf,
3884 : struct tdb_validation_status *state)
3885 : {
3886 8 : if (dbuf.dsize == 0) {
3887 0 : DEBUG(0, ("validate_trustdomcache: Corrupt cache for "
3888 : "key %s (len ==0) ?\n", keystr));
3889 0 : state->bad_entry = true;
3890 0 : state->success = false;
3891 0 : return 1;
3892 : }
3893 :
3894 8 : DEBUG(10, ("validate_trustdomcache: %s ok\n", keystr));
3895 8 : DEBUGADD(10, (" Don't trust me, I am a DUMMY!\n"));
3896 8 : return 0;
3897 : }
3898 :
3899 8 : static int validate_offline(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3900 : struct tdb_validation_status *state)
3901 : {
3902 8 : if (dbuf.dsize != 4) {
3903 0 : DEBUG(0,("validate_offline: Corrupt cache for key %s (len %u != 4) ?\n",
3904 : keystr, (unsigned int)dbuf.dsize ));
3905 0 : state->bad_entry = true;
3906 0 : state->success = false;
3907 0 : return 1;
3908 : }
3909 8 : DEBUG(10,("validate_offline: %s ok\n", keystr));
3910 8 : return 0;
3911 : }
3912 :
3913 0 : static int validate_ndr(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3914 : struct tdb_validation_status *state)
3915 : {
3916 : /*
3917 : * Ignore validation for now. The proper way to do this is with a
3918 : * checksum. Just pure parsing does not really catch much.
3919 : */
3920 0 : return 0;
3921 : }
3922 :
3923 12 : static int validate_cache_version(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3924 : struct tdb_validation_status *state)
3925 : {
3926 12 : if (dbuf.dsize != 4) {
3927 0 : DEBUG(0, ("validate_cache_version: Corrupt cache for "
3928 : "key %s (len %u != 4) ?\n",
3929 : keystr, (unsigned int)dbuf.dsize));
3930 0 : state->bad_entry = true;
3931 0 : state->success = false;
3932 0 : return 1;
3933 : }
3934 :
3935 12 : DEBUG(10, ("validate_cache_version: %s ok\n", keystr));
3936 12 : return 0;
3937 : }
3938 :
3939 : /***********************************************************************
3940 : A list of all possible cache tdb keys with associated validation
3941 : functions.
3942 : ***********************************************************************/
3943 :
3944 : struct key_val_struct {
3945 : const char *keyname;
3946 : int (*validate_data_fn)(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf, struct tdb_validation_status* state);
3947 : } key_val[] = {
3948 : {"SEQNUM/", validate_seqnum},
3949 : {"U/", validate_u},
3950 : {"LOC_POL/", validate_loc_pol},
3951 : {"PWD_POL/", validate_pwd_pol},
3952 : {"CRED/", validate_cred},
3953 : {"UL/", validate_ul},
3954 : {"GL/", validate_gl},
3955 : {"UG/", validate_ug},
3956 : {"UA", validate_ua},
3957 : {"GM/", validate_gm},
3958 : {"DR/", validate_dr},
3959 : {"DE/", validate_de},
3960 : {"TRUSTDOMCACHE/", validate_trustdomcache},
3961 : {"NSS/NA/", validate_nss_na},
3962 : {"NSS/AN/", validate_nss_an},
3963 : {"WINBINDD_OFFLINE", validate_offline},
3964 : {"NDR/", validate_ndr},
3965 : {WINBINDD_CACHE_VERSION_KEYSTR, validate_cache_version},
3966 : {NULL, NULL}
3967 : };
3968 :
3969 : /***********************************************************************
3970 : Function to look at every entry in the tdb and validate it as far as
3971 : possible.
3972 : ***********************************************************************/
3973 :
3974 60 : static int cache_traverse_validate_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, void *state)
3975 : {
3976 : int i;
3977 60 : unsigned int max_key_len = 1024;
3978 60 : struct tdb_validation_status *v_state = (struct tdb_validation_status *)state;
3979 :
3980 : /* Paranoia check. */
3981 90 : if (strncmp("UA/", (const char *)kbuf.dptr, 3) == 0 ||
3982 60 : strncmp("NDR/", (const char *)kbuf.dptr, 4) == 0) {
3983 0 : max_key_len = 1024 * 1024;
3984 : }
3985 60 : if (kbuf.dsize > max_key_len) {
3986 0 : DEBUG(0, ("cache_traverse_validate_fn: key length too large: "
3987 : "(%u) > (%u)\n\n",
3988 : (unsigned int)kbuf.dsize, (unsigned int)max_key_len));
3989 0 : return 1;
3990 : }
3991 :
3992 560 : for (i = 0; key_val[i].keyname; i++) {
3993 560 : size_t namelen = strlen(key_val[i].keyname);
3994 840 : if (kbuf.dsize >= namelen && (
3995 560 : strncmp(key_val[i].keyname, (const char *)kbuf.dptr, namelen)) == 0) {
3996 : TALLOC_CTX *mem_ctx;
3997 : char *keystr;
3998 : int ret;
3999 :
4000 60 : keystr = SMB_MALLOC_ARRAY(char, kbuf.dsize+1);
4001 60 : if (!keystr) {
4002 0 : return 1;
4003 : }
4004 60 : memcpy(keystr, kbuf.dptr, kbuf.dsize);
4005 60 : keystr[kbuf.dsize] = '\0';
4006 :
4007 60 : mem_ctx = talloc_init("validate_ctx");
4008 60 : if (!mem_ctx) {
4009 0 : SAFE_FREE(keystr);
4010 0 : return 1;
4011 : }
4012 :
4013 60 : ret = key_val[i].validate_data_fn(mem_ctx, keystr, dbuf,
4014 : v_state);
4015 :
4016 60 : SAFE_FREE(keystr);
4017 60 : talloc_destroy(mem_ctx);
4018 60 : return ret;
4019 : }
4020 : }
4021 :
4022 0 : DEBUG(0,("cache_traverse_validate_fn: unknown cache entry\nkey :\n"));
4023 0 : dump_data(0, (uint8_t *)kbuf.dptr, kbuf.dsize);
4024 0 : DEBUG(0,("data :\n"));
4025 0 : dump_data(0, (uint8_t *)dbuf.dptr, dbuf.dsize);
4026 0 : v_state->unknown_key = true;
4027 0 : v_state->success = false;
4028 0 : return 1; /* terminate. */
4029 : }
4030 :
4031 0 : static void validate_panic(const char *const why)
4032 : {
4033 0 : DEBUG(0,("validating cache: would panic %s\n", why ));
4034 0 : DEBUGADD(0, ("exiting instead (cache validation mode)\n"));
4035 0 : exit(47);
4036 : }
4037 :
4038 0 : static int wbcache_update_centry_fn(TDB_CONTEXT *tdb,
4039 : TDB_DATA key,
4040 : TDB_DATA data,
4041 : void *state)
4042 : {
4043 : uint64_t ctimeout;
4044 : TDB_DATA blob;
4045 :
4046 0 : if (is_non_centry_key(key)) {
4047 0 : return 0;
4048 : }
4049 :
4050 0 : if (data.dptr == NULL || data.dsize == 0) {
4051 0 : if (tdb_delete(tdb, key) < 0) {
4052 0 : DEBUG(0, ("tdb_delete for [%s] failed!\n",
4053 : key.dptr));
4054 0 : return 1;
4055 : }
4056 : }
4057 :
4058 : /* add timeout to blob (uint64_t) */
4059 0 : blob.dsize = data.dsize + 8;
4060 :
4061 0 : blob.dptr = SMB_XMALLOC_ARRAY(uint8_t, blob.dsize);
4062 0 : if (blob.dptr == NULL) {
4063 0 : return 1;
4064 : }
4065 0 : memset(blob.dptr, 0, blob.dsize);
4066 :
4067 : /* copy status and seqnum */
4068 0 : memcpy(blob.dptr, data.dptr, 8);
4069 :
4070 : /* add timeout */
4071 0 : ctimeout = lp_winbind_cache_time() + time(NULL);
4072 0 : SBVAL(blob.dptr, 8, ctimeout);
4073 :
4074 : /* copy the rest */
4075 0 : memcpy(blob.dptr + 16, data.dptr + 8, data.dsize - 8);
4076 :
4077 0 : if (tdb_store(tdb, key, blob, TDB_REPLACE) < 0) {
4078 0 : DEBUG(0, ("tdb_store to update [%s] failed!\n",
4079 : key.dptr));
4080 0 : SAFE_FREE(blob.dptr);
4081 0 : return 1;
4082 : }
4083 :
4084 0 : SAFE_FREE(blob.dptr);
4085 0 : return 0;
4086 : }
4087 :
4088 0 : static bool wbcache_upgrade_v1_to_v2(TDB_CONTEXT *tdb)
4089 : {
4090 : int rc;
4091 :
4092 0 : DEBUG(1, ("Upgrade to version 2 of the winbindd_cache.tdb\n"));
4093 :
4094 0 : rc = tdb_traverse(tdb, wbcache_update_centry_fn, NULL);
4095 0 : if (rc < 0) {
4096 0 : return false;
4097 : }
4098 :
4099 0 : return true;
4100 : }
4101 :
4102 : /***********************************************************************
4103 : Try and validate every entry in the winbindd cache. If we fail here,
4104 : delete the cache tdb and return non-zero.
4105 : ***********************************************************************/
4106 :
4107 8 : int winbindd_validate_cache(void)
4108 : {
4109 8 : int ret = -1;
4110 8 : char *tdb_path = NULL;
4111 8 : TDB_CONTEXT *tdb = NULL;
4112 : uint32_t vers_id;
4113 : bool ok;
4114 :
4115 8 : DEBUG(10, ("winbindd_validate_cache: replacing panic function\n"));
4116 8 : smb_panic_fn = validate_panic;
4117 :
4118 8 : tdb_path = wcache_path();
4119 8 : if (tdb_path == NULL) {
4120 0 : goto done;
4121 : }
4122 :
4123 8 : tdb = tdb_open_log(tdb_path,
4124 : WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
4125 : TDB_INCOMPATIBLE_HASH |
4126 8 : ( lp_winbind_offline_logon()
4127 : ? TDB_DEFAULT
4128 : : TDB_DEFAULT | TDB_CLEAR_IF_FIRST ),
4129 : O_RDWR|O_CREAT,
4130 : 0600);
4131 8 : if (!tdb) {
4132 0 : DEBUG(0, ("winbindd_validate_cache: "
4133 : "error opening/initializing tdb\n"));
4134 0 : goto done;
4135 : }
4136 :
4137 : /* Version check and upgrade code. */
4138 8 : if (!tdb_fetch_uint32(tdb, WINBINDD_CACHE_VERSION_KEYSTR, &vers_id)) {
4139 4 : DEBUG(10, ("Fresh database\n"));
4140 4 : tdb_store_uint32(tdb, WINBINDD_CACHE_VERSION_KEYSTR, WINBINDD_CACHE_VERSION);
4141 4 : vers_id = WINBINDD_CACHE_VERSION;
4142 : }
4143 :
4144 8 : if (vers_id != WINBINDD_CACHE_VERSION) {
4145 0 : if (vers_id == WINBINDD_CACHE_VER1) {
4146 0 : ok = wbcache_upgrade_v1_to_v2(tdb);
4147 0 : if (!ok) {
4148 0 : DEBUG(10, ("winbindd_validate_cache: upgrade to version 2 failed.\n"));
4149 0 : unlink(tdb_path);
4150 0 : goto done;
4151 : }
4152 :
4153 0 : tdb_store_uint32(tdb,
4154 : WINBINDD_CACHE_VERSION_KEYSTR,
4155 : WINBINDD_CACHE_VERSION);
4156 0 : vers_id = WINBINDD_CACHE_VER2;
4157 : }
4158 : }
4159 :
4160 8 : tdb_close(tdb);
4161 :
4162 8 : ret = tdb_validate_and_backup(tdb_path, cache_traverse_validate_fn);
4163 :
4164 8 : if (ret != 0) {
4165 0 : DEBUG(10, ("winbindd_validate_cache: validation not successful.\n"));
4166 0 : DEBUGADD(10, ("removing tdb %s.\n", tdb_path));
4167 0 : unlink(tdb_path);
4168 : }
4169 :
4170 12 : done:
4171 8 : TALLOC_FREE(tdb_path);
4172 8 : DEBUG(10, ("winbindd_validate_cache: restoring panic function\n"));
4173 8 : smb_panic_fn = smb_panic;
4174 8 : return ret;
4175 : }
4176 :
4177 : /***********************************************************************
4178 : Try and validate every entry in the winbindd cache.
4179 : ***********************************************************************/
4180 :
4181 2 : int winbindd_validate_cache_nobackup(void)
4182 : {
4183 2 : int ret = -1;
4184 : char *tdb_path;
4185 :
4186 2 : DEBUG(10, ("winbindd_validate_cache: replacing panic function\n"));
4187 2 : smb_panic_fn = validate_panic;
4188 :
4189 2 : tdb_path = wcache_path();
4190 2 : if (tdb_path == NULL) {
4191 0 : goto err_panic_restore;
4192 : }
4193 :
4194 2 : if (wcache == NULL || wcache->tdb == NULL) {
4195 0 : ret = tdb_validate_open(tdb_path, cache_traverse_validate_fn);
4196 : } else {
4197 2 : ret = tdb_validate(wcache->tdb, cache_traverse_validate_fn);
4198 : }
4199 :
4200 0 : if (ret != 0) {
4201 0 : DEBUG(10, ("winbindd_validate_cache_nobackup: validation not "
4202 : "successful.\n"));
4203 : }
4204 :
4205 0 : TALLOC_FREE(tdb_path);
4206 0 : err_panic_restore:
4207 0 : DEBUG(10, ("winbindd_validate_cache_nobackup: restoring panic "
4208 : "function\n"));
4209 0 : smb_panic_fn = smb_panic;
4210 0 : return ret;
4211 : }
4212 :
4213 68 : bool winbindd_cache_validate_and_initialize(void)
4214 : {
4215 68 : close_winbindd_cache();
4216 :
4217 68 : if (lp_winbind_offline_logon()) {
4218 8 : if (winbindd_validate_cache() < 0) {
4219 0 : DEBUG(0, ("winbindd cache tdb corrupt and no backup "
4220 : "could be restored.\n"));
4221 : }
4222 : }
4223 :
4224 68 : return initialize_winbindd_cache();
4225 : }
4226 :
4227 : /*********************************************************************
4228 : ********************************************************************/
4229 :
4230 223 : static bool add_wbdomain_to_tdc_array( struct winbindd_domain *new_dom,
4231 : struct winbindd_tdc_domain **domains,
4232 : size_t *num_domains )
4233 : {
4234 223 : struct winbindd_tdc_domain *list = NULL;
4235 : size_t i, idx;
4236 223 : bool set_only = false;
4237 :
4238 : /* don't allow duplicates */
4239 :
4240 223 : idx = *num_domains;
4241 223 : list = *domains;
4242 :
4243 1143 : for ( i=0; i< (*num_domains); i++ ) {
4244 920 : if ( strequal( new_dom->name, list[i].domain_name ) ) {
4245 0 : DEBUG(10,("add_wbdomain_to_tdc_array: Found existing record for %s\n",
4246 : new_dom->name));
4247 0 : idx = i;
4248 0 : set_only = true;
4249 :
4250 0 : break;
4251 : }
4252 : }
4253 :
4254 223 : if ( !set_only ) {
4255 223 : if ( !*domains ) {
4256 68 : list = talloc_array( NULL, struct winbindd_tdc_domain, 1 );
4257 68 : idx = 0;
4258 : } else {
4259 155 : list = talloc_realloc( *domains, *domains,
4260 : struct winbindd_tdc_domain,
4261 : (*num_domains)+1);
4262 155 : idx = *num_domains;
4263 : }
4264 :
4265 223 : ZERO_STRUCT( list[idx] );
4266 : }
4267 :
4268 223 : if ( !list )
4269 0 : return false;
4270 :
4271 223 : list[idx].domain_name = talloc_strdup(list, new_dom->name);
4272 223 : if (list[idx].domain_name == NULL) {
4273 0 : return false;
4274 : }
4275 223 : if (new_dom->alt_name != NULL) {
4276 122 : list[idx].dns_name = talloc_strdup(list, new_dom->alt_name);
4277 122 : if (list[idx].dns_name == NULL) {
4278 0 : return false;
4279 : }
4280 : }
4281 :
4282 223 : if ( !is_null_sid( &new_dom->sid ) ) {
4283 223 : sid_copy( &list[idx].sid, &new_dom->sid );
4284 : } else {
4285 0 : sid_copy(&list[idx].sid, &global_sid_NULL);
4286 : }
4287 :
4288 223 : if ( new_dom->domain_flags != 0x0 )
4289 155 : list[idx].trust_flags = new_dom->domain_flags;
4290 :
4291 223 : if ( new_dom->domain_type != 0x0 )
4292 215 : list[idx].trust_type = new_dom->domain_type;
4293 :
4294 223 : if ( new_dom->domain_trust_attribs != 0x0 )
4295 71 : list[idx].trust_attribs = new_dom->domain_trust_attribs;
4296 :
4297 223 : if ( !set_only ) {
4298 223 : *domains = list;
4299 223 : *num_domains = idx + 1;
4300 : }
4301 :
4302 223 : return true;
4303 : }
4304 :
4305 : /*********************************************************************
4306 : ********************************************************************/
4307 :
4308 561 : static TDB_DATA make_tdc_key( const char *domain_name )
4309 : {
4310 561 : char *keystr = NULL;
4311 561 : TDB_DATA key = { NULL, 0 };
4312 :
4313 561 : if ( !domain_name ) {
4314 0 : DEBUG(5,("make_tdc_key: Keyname workgroup is NULL!\n"));
4315 0 : return key;
4316 : }
4317 :
4318 561 : if (asprintf( &keystr, "TRUSTDOMCACHE/%s", domain_name ) == -1) {
4319 0 : return key;
4320 : }
4321 561 : key = string_term_tdb_data(keystr);
4322 :
4323 561 : return key;
4324 : }
4325 :
4326 : /*********************************************************************
4327 : ********************************************************************/
4328 :
4329 223 : static int pack_tdc_domains( struct winbindd_tdc_domain *domains,
4330 : size_t num_domains,
4331 : unsigned char **buf )
4332 : {
4333 223 : unsigned char *buffer = NULL;
4334 223 : int len = 0;
4335 223 : int buflen = 0;
4336 223 : size_t i = 0;
4337 :
4338 223 : DEBUG(10,("pack_tdc_domains: Packing %d trusted domains\n",
4339 : (int)num_domains));
4340 :
4341 223 : buflen = 0;
4342 :
4343 446 : again:
4344 446 : len = 0;
4345 :
4346 : /* Store the number of array items first */
4347 446 : len += tdb_pack( buffer ? buffer+len : NULL,
4348 : buffer ? buflen-len : 0, "d",
4349 : num_domains );
4350 :
4351 : /* now pack each domain trust record */
4352 2732 : for ( i=0; i<num_domains; i++ ) {
4353 :
4354 : struct dom_sid_buf tmp;
4355 :
4356 2286 : if ( buflen > 0 ) {
4357 1143 : DEBUG(10,("pack_tdc_domains: Packing domain %s (%s)\n",
4358 : domains[i].domain_name,
4359 : domains[i].dns_name ? domains[i].dns_name : "UNKNOWN" ));
4360 : }
4361 :
4362 14564 : len += tdb_pack( buffer ? buffer+len : NULL,
4363 : buffer ? buflen-len : 0, "fffddd",
4364 2286 : domains[i].domain_name,
4365 3938 : domains[i].dns_name ? domains[i].dns_name : "",
4366 2286 : dom_sid_str_buf(&domains[i].sid, &tmp),
4367 2286 : domains[i].trust_flags,
4368 2286 : domains[i].trust_attribs,
4369 2286 : domains[i].trust_type );
4370 : }
4371 :
4372 446 : if ( buflen < len ) {
4373 223 : SAFE_FREE(buffer);
4374 223 : if ( (buffer = SMB_MALLOC_ARRAY(unsigned char, len)) == NULL ) {
4375 0 : DEBUG(0,("pack_tdc_domains: failed to alloc buffer!\n"));
4376 0 : buflen = -1;
4377 0 : goto done;
4378 : }
4379 223 : buflen = len;
4380 223 : goto again;
4381 : }
4382 :
4383 223 : *buf = buffer;
4384 :
4385 223 : done:
4386 223 : return buflen;
4387 : }
4388 :
4389 : /*********************************************************************
4390 : ********************************************************************/
4391 :
4392 202 : static size_t unpack_tdc_domains( unsigned char *buf, int buflen,
4393 : struct winbindd_tdc_domain **domains )
4394 : {
4395 : fstring domain_name, dns_name, sid_string;
4396 : uint32_t type, attribs, flags;
4397 : int num_domains;
4398 202 : int len = 0;
4399 : int i;
4400 202 : struct winbindd_tdc_domain *list = NULL;
4401 :
4402 : /* get the number of domains */
4403 202 : len += tdb_unpack( buf+len, buflen-len, "d", &num_domains);
4404 202 : if ( len == -1 ) {
4405 0 : DEBUG(5,("unpack_tdc_domains: Failed to unpack domain array\n"));
4406 0 : return 0;
4407 : }
4408 :
4409 202 : list = talloc_array( NULL, struct winbindd_tdc_domain, num_domains );
4410 202 : if ( !list ) {
4411 0 : DEBUG(0,("unpack_tdc_domains: Failed to talloc() domain list!\n"));
4412 0 : return 0;
4413 : }
4414 :
4415 1307 : for ( i=0; i<num_domains; i++ ) {
4416 : int this_len;
4417 :
4418 1105 : this_len = tdb_unpack( buf+len, buflen-len, "fffddd",
4419 : domain_name,
4420 : dns_name,
4421 : sid_string,
4422 : &flags,
4423 : &attribs,
4424 : &type );
4425 :
4426 1105 : if ( this_len == -1 ) {
4427 0 : DEBUG(5,("unpack_tdc_domains: Failed to unpack domain array\n"));
4428 0 : TALLOC_FREE( list );
4429 0 : return 0;
4430 : }
4431 1105 : len += this_len;
4432 :
4433 1105 : DEBUG(11,("unpack_tdc_domains: Unpacking domain %s (%s) "
4434 : "SID %s, flags = 0x%x, attribs = 0x%x, type = 0x%x\n",
4435 : domain_name, dns_name, sid_string,
4436 : flags, attribs, type));
4437 :
4438 1105 : list[i].domain_name = talloc_strdup( list, domain_name );
4439 1105 : list[i].dns_name = NULL;
4440 1105 : if (dns_name[0] != '\0') {
4441 834 : list[i].dns_name = talloc_strdup(list, dns_name);
4442 : }
4443 1105 : if ( !string_to_sid( &(list[i].sid), sid_string ) ) {
4444 0 : DEBUG(10,("unpack_tdc_domains: no SID for domain %s\n",
4445 : domain_name));
4446 : }
4447 1105 : list[i].trust_flags = flags;
4448 1105 : list[i].trust_attribs = attribs;
4449 1105 : list[i].trust_type = type;
4450 : }
4451 :
4452 202 : *domains = list;
4453 :
4454 202 : return num_domains;
4455 : }
4456 :
4457 : /*********************************************************************
4458 : ********************************************************************/
4459 :
4460 291 : static bool wcache_tdc_store_list( struct winbindd_tdc_domain *domains, size_t num_domains )
4461 : {
4462 291 : TDB_DATA key = make_tdc_key( lp_workgroup() );
4463 291 : TDB_DATA data = { NULL, 0 };
4464 : int ret;
4465 :
4466 291 : if ( !key.dptr )
4467 0 : return false;
4468 :
4469 : /* See if we were asked to delete the cache entry */
4470 :
4471 291 : if ( !domains ) {
4472 68 : ret = tdb_delete( wcache->tdb, key );
4473 68 : goto done;
4474 : }
4475 :
4476 223 : data.dsize = pack_tdc_domains( domains, num_domains, &data.dptr );
4477 :
4478 223 : if ( !data.dptr ) {
4479 0 : ret = -1;
4480 0 : goto done;
4481 : }
4482 :
4483 223 : ret = tdb_store( wcache->tdb, key, data, 0 );
4484 :
4485 291 : done:
4486 291 : SAFE_FREE( data.dptr );
4487 291 : SAFE_FREE( key.dptr );
4488 :
4489 291 : return ( ret == 0 );
4490 : }
4491 :
4492 : /*********************************************************************
4493 : ********************************************************************/
4494 :
4495 270 : bool wcache_tdc_fetch_list( struct winbindd_tdc_domain **domains, size_t *num_domains )
4496 : {
4497 270 : TDB_DATA key = make_tdc_key( lp_workgroup() );
4498 270 : TDB_DATA data = { NULL, 0 };
4499 :
4500 270 : *domains = NULL;
4501 270 : *num_domains = 0;
4502 :
4503 270 : if ( !key.dptr )
4504 0 : return false;
4505 :
4506 270 : data = tdb_fetch( wcache->tdb, key );
4507 :
4508 270 : SAFE_FREE( key.dptr );
4509 :
4510 270 : if ( !data.dptr )
4511 68 : return false;
4512 :
4513 202 : *num_domains = unpack_tdc_domains( data.dptr, data.dsize, domains );
4514 :
4515 202 : SAFE_FREE( data.dptr );
4516 :
4517 202 : if ( !*domains )
4518 0 : return false;
4519 :
4520 202 : return true;
4521 : }
4522 :
4523 : /*********************************************************************
4524 : ********************************************************************/
4525 :
4526 223 : bool wcache_tdc_add_domain( struct winbindd_domain *domain )
4527 : {
4528 223 : struct winbindd_tdc_domain *dom_list = NULL;
4529 223 : size_t num_domains = 0;
4530 223 : bool ret = false;
4531 : struct dom_sid_buf buf;
4532 :
4533 223 : DEBUG(10,("wcache_tdc_add_domain: Adding domain %s (%s), SID %s, "
4534 : "flags = 0x%x, attributes = 0x%x, type = 0x%x\n",
4535 : domain->name, domain->alt_name,
4536 : dom_sid_str_buf(&domain->sid, &buf),
4537 : domain->domain_flags,
4538 : domain->domain_trust_attribs,
4539 : domain->domain_type));
4540 :
4541 223 : if ( !init_wcache() ) {
4542 0 : return false;
4543 : }
4544 :
4545 : /* fetch the list */
4546 :
4547 223 : wcache_tdc_fetch_list( &dom_list, &num_domains );
4548 :
4549 : /* add the new domain */
4550 :
4551 223 : if ( !add_wbdomain_to_tdc_array( domain, &dom_list, &num_domains ) ) {
4552 0 : goto done;
4553 : }
4554 :
4555 : /* pack the domain */
4556 :
4557 223 : if ( !wcache_tdc_store_list( dom_list, num_domains ) ) {
4558 0 : goto done;
4559 : }
4560 :
4561 : /* Success */
4562 :
4563 223 : ret = true;
4564 223 : done:
4565 223 : TALLOC_FREE( dom_list );
4566 :
4567 223 : return ret;
4568 : }
4569 :
4570 0 : static struct winbindd_tdc_domain *wcache_tdc_dup_domain(
4571 : TALLOC_CTX *mem_ctx, const struct winbindd_tdc_domain *src)
4572 : {
4573 : struct winbindd_tdc_domain *dst;
4574 :
4575 0 : dst = talloc(mem_ctx, struct winbindd_tdc_domain);
4576 0 : if (dst == NULL) {
4577 0 : goto fail;
4578 : }
4579 0 : dst->domain_name = talloc_strdup(dst, src->domain_name);
4580 0 : if (dst->domain_name == NULL) {
4581 0 : goto fail;
4582 : }
4583 :
4584 0 : dst->dns_name = NULL;
4585 0 : if (src->dns_name != NULL) {
4586 0 : dst->dns_name = talloc_strdup(dst, src->dns_name);
4587 0 : if (dst->dns_name == NULL) {
4588 0 : goto fail;
4589 : }
4590 : }
4591 :
4592 0 : sid_copy(&dst->sid, &src->sid);
4593 0 : dst->trust_flags = src->trust_flags;
4594 0 : dst->trust_type = src->trust_type;
4595 0 : dst->trust_attribs = src->trust_attribs;
4596 0 : return dst;
4597 0 : fail:
4598 0 : TALLOC_FREE(dst);
4599 0 : return NULL;
4600 : }
4601 :
4602 : /*********************************************************************
4603 : ********************************************************************/
4604 :
4605 0 : struct winbindd_tdc_domain * wcache_tdc_fetch_domain( TALLOC_CTX *ctx, const char *name )
4606 : {
4607 0 : struct winbindd_tdc_domain *dom_list = NULL;
4608 0 : size_t num_domains = 0;
4609 : size_t i;
4610 0 : struct winbindd_tdc_domain *d = NULL;
4611 :
4612 0 : DEBUG(10,("wcache_tdc_fetch_domain: Searching for domain %s\n", name));
4613 :
4614 0 : if ( !init_wcache() ) {
4615 0 : return NULL;
4616 : }
4617 :
4618 : /* fetch the list */
4619 :
4620 0 : wcache_tdc_fetch_list( &dom_list, &num_domains );
4621 :
4622 0 : for ( i=0; i<num_domains; i++ ) {
4623 0 : if ( strequal(name, dom_list[i].domain_name) ||
4624 0 : strequal(name, dom_list[i].dns_name) )
4625 : {
4626 0 : DEBUG(10,("wcache_tdc_fetch_domain: Found domain %s\n",
4627 : name));
4628 :
4629 0 : d = wcache_tdc_dup_domain(ctx, &dom_list[i]);
4630 0 : break;
4631 : }
4632 : }
4633 :
4634 0 : TALLOC_FREE( dom_list );
4635 :
4636 0 : return d;
4637 : }
4638 :
4639 : /*********************************************************************
4640 : ********************************************************************/
4641 :
4642 68 : void wcache_tdc_clear( void )
4643 : {
4644 68 : if ( !init_wcache() )
4645 0 : return;
4646 :
4647 68 : wcache_tdc_store_list( NULL, 0 );
4648 :
4649 68 : return;
4650 : }
4651 :
4652 8877 : static bool wcache_ndr_key(TALLOC_CTX *mem_ctx, const char *domain_name,
4653 : uint32_t opnum, const DATA_BLOB *req,
4654 : TDB_DATA *pkey)
4655 : {
4656 : char *key;
4657 : size_t keylen;
4658 :
4659 8877 : key = talloc_asprintf(mem_ctx, "NDR/%s/%d/", domain_name, (int)opnum);
4660 8877 : if (key == NULL) {
4661 0 : return false;
4662 : }
4663 8877 : keylen = talloc_get_size(key) - 1;
4664 :
4665 8877 : key = talloc_realloc(mem_ctx, key, char, keylen + req->length);
4666 8877 : if (key == NULL) {
4667 0 : return false;
4668 : }
4669 8877 : memcpy(key + keylen, req->data, req->length);
4670 :
4671 8877 : pkey->dptr = (uint8_t *)key;
4672 8877 : pkey->dsize = talloc_get_size(key);
4673 8877 : return true;
4674 : }
4675 :
4676 27410 : static bool wcache_opnum_cacheable(uint32_t opnum)
4677 : {
4678 27410 : switch (opnum) {
4679 22072 : case NDR_WBINT_LOOKUPSID:
4680 : case NDR_WBINT_LOOKUPSIDS:
4681 : case NDR_WBINT_LOOKUPNAME:
4682 : case NDR_WBINT_SIDS2UNIXIDS:
4683 : case NDR_WBINT_UNIXIDS2SIDS:
4684 : case NDR_WBINT_GETNSSINFO:
4685 : case NDR_WBINT_LOOKUPUSERALIASES:
4686 : case NDR_WBINT_LOOKUPUSERGROUPS:
4687 : case NDR_WBINT_LOOKUPGROUPMEMBERS:
4688 : case NDR_WBINT_QUERYGROUPLIST:
4689 : case NDR_WBINT_QUERYUSERRIDLIST:
4690 : case NDR_WBINT_DSGETDCNAME:
4691 : case NDR_WBINT_LOOKUPRIDS:
4692 22072 : return true;
4693 : }
4694 5338 : return false;
4695 : }
4696 :
4697 16990 : bool wcache_fetch_ndr(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain,
4698 : uint32_t opnum, const DATA_BLOB *req, DATA_BLOB *resp)
4699 : {
4700 : TDB_DATA key, data;
4701 16990 : bool ret = false;
4702 :
4703 31310 : if (!wcache_opnum_cacheable(opnum) ||
4704 22907 : is_my_own_sam_domain(domain) ||
4705 8587 : is_builtin_domain(domain)) {
4706 8743 : return false;
4707 : }
4708 :
4709 8247 : if (wcache->tdb == NULL) {
4710 0 : return false;
4711 : }
4712 :
4713 8247 : if (!wcache_ndr_key(talloc_tos(), domain->name, opnum, req, &key)) {
4714 0 : return false;
4715 : }
4716 8247 : data = tdb_fetch(wcache->tdb, key);
4717 8247 : TALLOC_FREE(key.dptr);
4718 :
4719 8247 : if (data.dptr == NULL) {
4720 1515 : return false;
4721 : }
4722 6732 : if (data.dsize < 12) {
4723 0 : goto fail;
4724 : }
4725 :
4726 6732 : if (is_domain_online(domain)) {
4727 : uint32_t entry_seqnum, dom_seqnum, last_check;
4728 : uint64_t entry_timeout;
4729 :
4730 6732 : if (!wcache_fetch_seqnum(domain->name, &dom_seqnum,
4731 : &last_check)) {
4732 172 : goto fail;
4733 : }
4734 6732 : entry_seqnum = IVAL(data.dptr, 0);
4735 6732 : if (entry_seqnum != dom_seqnum) {
4736 164 : DEBUG(10, ("Entry has wrong sequence number: %d\n",
4737 : (int)entry_seqnum));
4738 164 : goto fail;
4739 : }
4740 6568 : entry_timeout = BVAL(data.dptr, 4);
4741 6568 : if (time(NULL) > (time_t)entry_timeout) {
4742 8 : DEBUG(10, ("Entry has timed out\n"));
4743 8 : goto fail;
4744 : }
4745 : }
4746 :
4747 6560 : resp->data = (uint8_t *)talloc_memdup(mem_ctx, data.dptr + 12,
4748 : data.dsize - 12);
4749 6560 : if (resp->data == NULL) {
4750 0 : DEBUG(10, ("talloc failed\n"));
4751 0 : goto fail;
4752 : }
4753 6560 : resp->length = data.dsize - 12;
4754 :
4755 6560 : ret = true;
4756 6732 : fail:
4757 6732 : SAFE_FREE(data.dptr);
4758 6732 : return ret;
4759 : }
4760 :
4761 10420 : void wcache_store_ndr(struct winbindd_domain *domain, uint32_t opnum,
4762 : const DATA_BLOB *req, const DATA_BLOB *resp)
4763 : {
4764 : TDB_DATA key, data;
4765 : uint32_t dom_seqnum, last_check;
4766 : uint64_t timeout;
4767 :
4768 18172 : if (!wcache_opnum_cacheable(opnum) ||
4769 9777 : is_my_own_sam_domain(domain) ||
4770 2025 : is_builtin_domain(domain)) {
4771 8733 : return;
4772 : }
4773 :
4774 1687 : if (wcache->tdb == NULL) {
4775 0 : return;
4776 : }
4777 :
4778 1687 : if (!wcache_fetch_seqnum(domain->name, &dom_seqnum, &last_check)) {
4779 1057 : DEBUG(10, ("could not fetch seqnum for domain %s\n",
4780 : domain->name));
4781 1057 : return;
4782 : }
4783 :
4784 630 : if (!wcache_ndr_key(talloc_tos(), domain->name, opnum, req, &key)) {
4785 0 : return;
4786 : }
4787 :
4788 630 : timeout = time(NULL) + lp_winbind_cache_time();
4789 :
4790 630 : data.dsize = resp->length + 12;
4791 630 : data.dptr = talloc_array(key.dptr, uint8_t, data.dsize);
4792 630 : if (data.dptr == NULL) {
4793 0 : goto done;
4794 : }
4795 :
4796 630 : SIVAL(data.dptr, 0, dom_seqnum);
4797 630 : SBVAL(data.dptr, 4, timeout);
4798 630 : memcpy(data.dptr + 12, resp->data, resp->length);
4799 :
4800 630 : tdb_store(wcache->tdb, key, data, 0);
4801 :
4802 630 : done:
4803 630 : TALLOC_FREE(key.dptr);
4804 630 : return;
4805 : }
|
