summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/winbindd/winbindd_cache.c208
1 files changed, 103 insertions, 105 deletions
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 3913d965ca..80ec688a75 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -13,12 +13,12 @@
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -189,7 +189,7 @@ static struct winbind_cache *get_cache(struct winbindd_domain *domain)
if (ret)
return ret;
-
+
ret = SMB_XMALLOC_P(struct winbind_cache);
ZERO_STRUCTP(ret);
@@ -393,27 +393,27 @@ static NTSTATUS fetch_cache_seqnum( struct winbindd_domain *domain, time_t now )
TDB_DATA data;
fstring key;
uint32 time_diff;
-
+
if (!wcache->tdb) {
DEBUG(10,("fetch_cache_seqnum: tdb == NULL\n"));
return NT_STATUS_UNSUCCESSFUL;
}
-
+
fstr_sprintf( key, "SEQNUM/%s", domain->name );
-
+
data = tdb_fetch_bystring( wcache->tdb, key );
if ( !data.dptr || data.dsize!=8 ) {
DEBUG(10,("fetch_cache_seqnum: invalid data size key [%s]\n", key ));
return NT_STATUS_UNSUCCESSFUL;
}
-
+
domain->sequence_number = IVAL(data.dptr, 0);
domain->last_seq_check = IVAL(data.dptr, 4);
-
+
SAFE_FREE(data.dptr);
/* have we expired? */
-
+
time_diff = now - domain->last_seq_check;
if ( time_diff > lp_winbind_cache_time() ) {
DEBUG(10,("fetch_cache_seqnum: timeout [%s][%u @ %u]\n",
@@ -434,19 +434,19 @@ static NTSTATUS store_cache_seqnum( struct winbindd_domain *domain )
TDB_DATA data;
fstring key_str;
uint8 buf[8];
-
+
if (!wcache->tdb) {
DEBUG(10,("store_cache_seqnum: tdb == NULL\n"));
return NT_STATUS_UNSUCCESSFUL;
}
-
+
fstr_sprintf( key_str, "SEQNUM/%s", domain->name );
-
+
SIVAL(buf, 0, domain->sequence_number);
SIVAL(buf, 4, domain->last_seq_check);
data.dptr = buf;
data.dsize = 8;
-
+
if ( tdb_store_bystring( wcache->tdb, key_str, data, TDB_REPLACE) == -1 ) {
DEBUG(10,("store_cache_seqnum: tdb_store fail key [%s]\n", key_str ));
return NT_STATUS_UNSUCCESSFUL;
@@ -455,7 +455,7 @@ static NTSTATUS store_cache_seqnum( struct winbindd_domain *domain )
DEBUG(10,("store_cache_seqnum: success [%s][%u @ %u]\n",
domain->name, domain->sequence_number,
(uint32)domain->last_seq_check));
-
+
return NT_STATUS_OK;
}
@@ -474,7 +474,7 @@ static void refresh_sequence_number(struct winbindd_domain *domain, bool force)
if ( IS_DOMAIN_OFFLINE(domain) ) {
return;
}
-
+
get_cache( domain );
#if 0 /* JERRY -- disable as the default cache time is now 5 minutes */
@@ -493,10 +493,10 @@ static void refresh_sequence_number(struct winbindd_domain *domain, bool force)
DEBUG(10, ("refresh_sequence_number: %s time ok\n", domain->name));
goto done;
}
-
+
/* try to get the sequence number from the tdb cache first */
/* this will update the timestamp as well */
-
+
status = fetch_cache_seqnum( domain, t );
if (NT_STATUS_IS_OK(status) &&
(domain->sequence_number != DOM_SEQUENCE_NONE) &&
@@ -526,10 +526,10 @@ static void refresh_sequence_number(struct winbindd_domain *domain, bool force)
DEBUG(10,("refresh_sequence_number: failed with %s\n", nt_errstr(status)));
domain->sequence_number = DOM_SEQUENCE_NONE;
}
-
+
domain->last_status = status;
domain->last_seq_check = time(NULL);
-
+
/* save the new sequence number in the cache */
store_cache_seqnum( domain );
@@ -610,7 +610,7 @@ static struct cache_entry *wcache_fetch_raw(char *kstr)
centry_free(centry);
return NULL;
}
-
+
centry->status = centry_ntstatus(centry);
centry->sequence_number = centry_uint32(centry);
@@ -1345,7 +1345,7 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
goto do_query;
*num_entries = centry_uint32(centry);
-
+
if (*num_entries == 0)
goto do_cached;
@@ -1462,7 +1462,7 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
goto do_query;
*num_entries = centry_uint32(centry);
-
+
if (*num_entries == 0)
goto do_cached;
@@ -1536,7 +1536,7 @@ static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
goto do_query;
*num_entries = centry_uint32(centry);
-
+
if (*num_entries == 0)
goto do_cached;
@@ -1670,7 +1670,7 @@ do_query:
wcache_save_sid_to_name(domain, status, sid, domain_name, name, *type);
}
}
-
+
return status;
}
@@ -1847,7 +1847,7 @@ static NTSTATUS rids_to_names(struct winbindd_domain *domain,
const char *name = "";
const enum lsa_SidType type = SID_NAME_UNKNOWN;
NTSTATUS status = NT_STATUS_NONE_MAPPED;
-
+
if (!sid_compose(&sid, domain_sid, rids[i])) {
return NT_STATUS_INTERNAL_ERROR;
}
@@ -1888,7 +1888,6 @@ static NTSTATUS rids_to_names(struct winbindd_domain *domain,
return result;
error:
-
TALLOC_FREE(*names);
TALLOC_FREE(*types);
return result;
@@ -1910,7 +1909,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
centry = wcache_fetch(cache, domain, "U/%s",
sid_to_fstring(tmp, user_sid));
-
+
/* If we have an access denied cache entry and a cached info3 in the
samlogon cache then do a query. This will force the rpc back end
to return the info3 data. */
@@ -1922,10 +1921,10 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
centry_free(centry);
goto do_query;
}
-
+
if (!centry)
goto do_query;
-
+
/* if status is not ok then this is a negative hit
and the rest of the data doesn't matter */
status = centry->status;
@@ -1952,7 +1951,7 @@ do_query:
if (!NT_STATUS_IS_OK(domain->last_status))
return domain->last_status;
-
+
DEBUG(10,("query_user: [Cached] - doing backend query for info for domain %s\n",
domain->name ));
@@ -1983,7 +1982,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
centry = wcache_fetch(cache, domain, "UG/%s",
sid_to_fstring(sid_string, user_sid));
-
+
/* If we have an access denied cache entry and a cached info3 in the
samlogon cache then do a query. This will force the rpc back end
to return the info3 data. */
@@ -1995,12 +1994,12 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
centry_free(centry);
goto do_query;
}
-
+
if (!centry)
goto do_query;
*num_groups = centry_uint32(centry);
-
+
if (*num_groups == 0)
goto do_cached;
@@ -2037,7 +2036,7 @@ do_query:
if ( NT_STATUS_EQUAL(status, NT_STATUS_SYNCHRONIZATION_REQUIRED) )
goto skip_save;
-
+
/* and save it */
refresh_sequence_number(domain, false);
centry = centry_start(domain, status);
@@ -2168,7 +2167,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
goto do_query;
*num_names = centry_uint32(centry);
-
+
if (*num_names == 0)
goto do_cached;
@@ -2200,7 +2199,7 @@ do_query:
(*sid_mem) = NULL;
(*names) = NULL;
(*name_types) = NULL;
-
+
/* Return status value returned by seq number check */
if (!NT_STATUS_IS_OK(domain->last_status))
@@ -2254,23 +2253,23 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
struct cache_entry *centry = NULL;
NTSTATUS status;
int i;
-
+
if (!cache->tdb)
goto do_query;
-
+
centry = wcache_fetch(cache, domain, "TRUSTDOMS/%s", domain->name);
-
+
if (!centry) {
goto do_query;
}
-
+
*num_domains = centry_uint32(centry);
-
+
if (*num_domains) {
(*names) = TALLOC_ARRAY(mem_ctx, char *, *num_domains);
(*alt_names) = TALLOC_ARRAY(mem_ctx, char *, *num_domains);
(*dom_sids) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_domains);
-
+
if (! (*dom_sids) || ! (*names) || ! (*alt_names)) {
smb_panic_fn("trusted_domains out of memory");
}
@@ -2279,7 +2278,7 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
(*alt_names) = NULL;
(*dom_sids) = NULL;
}
-
+
for (i=0; i<(*num_domains); i++) {
(*names)[i] = centry_string(centry, mem_ctx);
(*alt_names)[i] = centry_string(centry, mem_ctx);
@@ -2289,27 +2288,27 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
}
status = centry->status;
-
+
DEBUG(10,("trusted_domains: [Cached] - cached info for domain %s (%d trusts) status: %s\n",
domain->name, *num_domains, nt_errstr(status) ));
-
+
centry_free(centry);
return status;
-
+
do_query:
(*num_domains) = 0;
(*dom_sids) = NULL;
(*names) = NULL;
(*alt_names) = NULL;
-
+
/* Return status value returned by seq number check */
if (!NT_STATUS_IS_OK(domain->last_status))
return domain->last_status;
-
+
DEBUG(10,("trusted_domains: [Cached] - doing backend query for info for domain %s\n",
domain->name ));
-
+
status = domain->backend->trusted_domains(domain, mem_ctx, num_domains,
names, alt_names, dom_sids);
@@ -2327,7 +2326,7 @@ do_query:
/* and save it */
refresh_sequence_number(domain, false);
-
+
centry = centry_start(domain, status);
if (!centry)
goto skip_save;
@@ -2339,11 +2338,11 @@ do_query:
centry_put_string(centry, (*alt_names)[i]);
centry_put_sid(centry, &(*dom_sids)[i]);
}
-
+
centry_end(centry, "TRUSTDOMS/%s", domain->name);
-
+
centry_free(centry);
-
+
skip_save:
#endif
@@ -2681,15 +2680,15 @@ bool lookup_cached_name(TALLOC_CTX *mem_ctx,
fstrcpy(uname, name);
strupper_m(uname);
-
+
/* If we are doing a cached logon, temporarily set the domain
offline so the cache won't expire the entry */
-
+
original_online_state = domain->online;
domain->online = false;
centry = wcache_fetch(cache, domain, "NS/%s/%s", domain_name, uname);
domain->online = original_online_state;
-
+
if (centry == NULL) {
return false;
}
@@ -2701,7 +2700,7 @@ bool lookup_cached_name(TALLOC_CTX *mem_ctx,
status = centry->status;
centry_free(centry);
-
+
return NT_STATUS_IS_OK(status);
}
@@ -2822,13 +2821,13 @@ static int traverse_fn_get_credlist(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DAT
}
ZERO_STRUCTP(cred);
-
+
/* save a copy of the key */
-
+
fstrcpy(cred->name, (const char *)kbuf.dptr);
DLIST_ADD(wcache_cred_list, cred);
}
-
+
return 0;
}
@@ -2845,7 +2844,7 @@ NTSTATUS wcache_remove_oldest_cached_creds(struct winbindd_domain *domain, const
/* we possibly already have an entry */
if (sid && NT_STATUS_IS_OK(wcache_cached_creds_exist(domain, sid))) {
-
+
fstring key_str, tmp;
DEBUG(11,("we already have an entry, deleting that\n"));
@@ -2878,7 +2877,7 @@ NTSTATUS wcache_remove_oldest_cached_creds(struct winbindd_domain *domain, const
status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
goto done;
}
-
+
t = IVAL(data.dptr, 0);
SAFE_FREE(data.dptr);
@@ -2908,7 +2907,7 @@ NTSTATUS wcache_remove_oldest_cached_creds(struct winbindd_domain *domain, const
done:
SAFE_FREE(wcache_cred_list);
SAFE_FREE(oldest);
-
+
return status;
}
@@ -3210,7 +3209,7 @@ static int validate_gl(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
}
num_entries = centry_uint32(centry);
-
+
for (i=0; i< num_entries; i++) {
(void)centry_string(centry, mem_ctx);
(void)centry_string(centry, mem_ctx);
@@ -3413,7 +3412,7 @@ static int validate_trustdoms(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA
}
num_domains = centry_uint32(centry);
-
+
for (i=0; i< num_domains; i++) {
DOM_SID sid;
(void)centry_string(centry, mem_ctx);
@@ -3676,19 +3675,19 @@ static bool add_wbdomain_to_tdc_array( struct winbindd_domain *new_dom,
size_t idx;
int i;
bool set_only = false;
-
+
/* don't allow duplicates */
idx = *num_domains;
list = *domains;
-
+
for ( i=0; i< (*num_domains); i++ ) {
if ( strequal( new_dom->name, list[i].domain_name ) ) {
DEBUG(10,("add_wbdomain_to_tdc_array: Found existing record for %s\n",
new_dom->name));
idx = i;
set_only = true;
-
+
break;
}
}
@@ -3727,7 +3726,7 @@ static bool add_wbdomain_to_tdc_array( struct winbindd_domain *new_dom,
if ( new_dom->domain_trust_attribs != 0x0 )
list[idx].trust_attribs = new_dom->domain_trust_attribs;
-
+
if ( !set_only ) {
*domains = list;
*num_domains = idx + 1;
@@ -3743,18 +3742,17 @@ static TDB_DATA make_tdc_key( const char *domain_name )
{
char *keystr = NULL;
TDB_DATA key = { NULL, 0 };
-
+
if ( !domain_name ) {
DEBUG(5,("make_tdc_key: Keyname workgroup is NULL!\n"));
return key;
}
-
-
+
if (asprintf( &keystr, "TRUSTDOMCACHE/%s", domain_name ) == -1) {
return key;
}
key = string_term_tdb_data(keystr);
-
+
return key;
}
@@ -3772,12 +3770,12 @@ static int pack_tdc_domains( struct winbindd_tdc_domain *domains,
DEBUG(10,("pack_tdc_domains: Packing %d trusted domains\n",
(int)num_domains));
-
+
buflen = 0;
-
+
again:
len = 0;
-
+
/* Store the number of array items first */
len += tdb_pack( buffer+len, buflen-len, "d",
num_domains );
@@ -3792,7 +3790,7 @@ static int pack_tdc_domains( struct winbindd_tdc_domain *domains,
domains[i].domain_name,
domains[i].dns_name ? domains[i].dns_name : "UNKNOWN" ));
}
-
+
len += tdb_pack( buffer+len, buflen-len, "fffddd",
domains[i].domain_name,
domains[i].dns_name,
@@ -3814,7 +3812,7 @@ static int pack_tdc_domains( struct winbindd_tdc_domain *domains,
}
*buf = buffer;
-
+
done:
return buflen;
}
@@ -3844,7 +3842,7 @@ static size_t unpack_tdc_domains( unsigned char *buf, int buflen,
DEBUG(0,("unpack_tdc_domains: Failed to talloc() domain list!\n"));
return 0;
}
-
+
for ( i=0; i<num_domains; i++ ) {
len += tdb_unpack( buf+len, buflen-len, "fffddd",
domain_name,
@@ -3864,7 +3862,7 @@ static size_t unpack_tdc_domains( unsigned char *buf, int buflen,
"SID %s, flags = 0x%x, attribs = 0x%x, type = 0x%x\n",
domain_name, dns_name, sid_string,
flags, attribs, type));
-
+
list[i].domain_name = talloc_strdup( list, domain_name );
list[i].dns_name = talloc_strdup( list, dns_name );
if ( !string_to_sid( &(list[i].sid), sid_string ) ) {
@@ -3877,7 +3875,7 @@ static size_t unpack_tdc_domains( unsigned char *buf, int buflen,
}
*domains = list;
-
+
return num_domains;
}
@@ -3889,30 +3887,30 @@ static bool wcache_tdc_store_list( struct winbindd_tdc_domain *domains, size_t n
TDB_DATA key = make_tdc_key( lp_workgroup() );
TDB_DATA data = { NULL, 0 };
int ret;
-
+
if ( !key.dptr )
return false;
-
+
/* See if we were asked to delete the cache entry */
if ( !domains ) {
ret = tdb_delete( wcache->tdb, key );
goto done;
}
-
+
data.dsize = pack_tdc_domains( domains, num_domains, &data.dptr );
-
+
if ( !data.dptr ) {
ret = -1;
goto done;
}
-
+
ret = tdb_store( wcache->tdb, key, data, 0 );
done:
SAFE_FREE( data.dptr );
SAFE_FREE( key.dptr );
-
+
return ( ret != -1 );
}
@@ -3929,18 +3927,18 @@ bool wcache_tdc_fetch_list( struct winbindd_tdc_domain **domains, size_t *num_do
if ( !key.dptr )
return false;
-
+
data = tdb_fetch( wcache->tdb, key );
SAFE_FREE( key.dptr );
-
+
if ( !data.dptr )
return false;
-
+
*num_domains = unpack_tdc_domains( data.dptr, data.dsize, domains );
SAFE_FREE( data.dptr );
-
+
if ( !*domains )
return false;
@@ -3963,15 +3961,15 @@ bool wcache_tdc_add_domain( struct winbindd_domain *domain )
domain->domain_flags,
domain->domain_trust_attribs,
domain->domain_type));
-
+
if ( !init_wcache() ) {
return false;
}
-
+
/* fetch the list */
wcache_tdc_fetch_list( &dom_list, &num_domains );
-
+
/* add the new domain */
if ( !add_wbdomain_to_tdc_array( domain, &dom_list, &num_domains ) ) {
@@ -3983,13 +3981,13 @@ bool wcache_tdc_add_domain( struct winbindd_domain *domain )
if ( !wcache_tdc_store_list( dom_list, num_domains ) ) {
goto done;
}
-
+
/* Success */
ret = true;
done:
TALLOC_FREE( dom_list );
-
+
return ret;
}
@@ -4008,22 +4006,22 @@ struct winbindd_tdc_domain * wcache_tdc_fetch_domain( TALLOC_CTX *ctx, const cha
if ( !init_wcache() ) {
return false;
}
-
+
/* fetch the list */
wcache_tdc_fetch_list( &dom_list, &num_domains );
-
+
for ( i=0; i<num_domains; i++ ) {
if ( strequal(name, dom_list[i].domain_name) ||
strequal(name, dom_list[i].dns_name) )
{
DEBUG(10,("wcache_tdc_fetch_domain: Found domain %s\n",
name));
-
+
d = TALLOC_P( ctx, struct winbindd_tdc_domain );
if ( !d )
break;
-
+
d->domain_name = talloc_strdup( d, dom_list[i].domain_name );
d->dns_name = talloc_strdup( d, dom_list[i].dns_name );
sid_copy( &d->sid, &dom_list[i].sid );
@@ -4036,7 +4034,7 @@ struct winbindd_tdc_domain * wcache_tdc_fetch_domain( TALLOC_CTX *ctx, const cha
}
TALLOC_FREE( dom_list );
-
+
return d;
}
@@ -4050,7 +4048,7 @@ void wcache_tdc_clear( void )
return;
wcache_tdc_store_list( NULL, 0 );
-
+
return;
}
@@ -4076,7 +4074,7 @@ static void wcache_save_user_pwinfo(struct winbindd_domain *domain,
centry_put_string( centry, shell );
centry_put_string( centry, gecos );
centry_put_uint32( centry, gid );
-
+
centry_end(centry, "NSS/PWINFO/%s", sid_to_fstring(tmp, user_sid) );
DEBUG(10,("wcache_save_user_pwinfo: %s\n", sid_string_dbg(user_sid) ));
@@ -4101,7 +4099,7 @@ NTSTATUS nss_get_info_cached( struct winbindd_domain *domain,
centry = wcache_fetch(cache, domain, "NSS/PWINFO/%s",
sid_to_fstring(tmp, user_sid));
-
+
if (!centry)
goto do_query;
@@ -4118,7 +4116,7 @@ NTSTATUS nss_get_info_cached( struct winbindd_domain *domain,
return NT_STATUS_OK;
do_query:
-
+
nt_status = nss_get_info( domain->name, user_sid, ctx, ads, msg,
homedir, shell, gecos, p_gid );