diff options
Diffstat (limited to 'source3/libsmb')
-rw-r--r-- | source3/libsmb/conncache.c | 158 | ||||
-rw-r--r-- | source3/libsmb/samlogon_cache.c | 238 |
2 files changed, 396 insertions, 0 deletions
diff --git a/source3/libsmb/conncache.c b/source3/libsmb/conncache.c new file mode 100644 index 0000000000..e6604617d6 --- /dev/null +++ b/source3/libsmb/conncache.c @@ -0,0 +1,158 @@ +/* + Unix SMB/CIFS implementation. + + Winbind daemon connection manager + + Copyright (C) Tim Potter 2001 + Copyright (C) Andrew Bartlett 2002 + Copyright (C) Gerald (Jerry) Carter 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + + +#include "includes.h" + +#define FAILED_CONNECTION_CACHE_TIMEOUT 30 /* Seconds between attempts */ + +#define CONNCACHE_ADDR 1 +#define CONNCACHE_NAME 2 + +/* cache entry contains either a server name **or** and IP address as + the key. This means that a server could have two entries (one for each key) */ + +struct failed_connection_cache { + fstring domain_name; + fstring controller; + time_t lookup_time; + NTSTATUS nt_status; + struct failed_connection_cache *prev, *next; +}; + +static struct failed_connection_cache *failed_connection_cache; + +/********************************************************************** + Check for a previously failed connection +**********************************************************************/ + +NTSTATUS check_negative_conn_cache( const char *domain, const char *server ) +{ + struct failed_connection_cache *fcc; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + + /* can't check if we don't have strings */ + + if ( !domain || !server ) + return NT_STATUS_OK; + + for (fcc = failed_connection_cache; fcc; fcc = fcc->next) { + + if ( !(strequal(domain, fcc->domain_name) && strequal(server, fcc->controller)) ) + continue; /* no match; check the next entry */ + + /* we have a match so see if it is still current */ + + if ((time(NULL) - fcc->lookup_time) > FAILED_CONNECTION_CACHE_TIMEOUT) + { + /* Cache entry has expired, delete it */ + + DEBUG(10, ("check_negative_conn_cache: cache entry expired for %s, %s\n", + domain, server )); + + DLIST_REMOVE(failed_connection_cache, fcc); + SAFE_FREE(fcc); + + return NT_STATUS_OK; + } + + /* The timeout hasn't expired yet so return false */ + + DEBUG(10, ("check_negative_conn_cache: returning negative entry for %s, %s\n", + domain, server )); + + result = fcc->nt_status; + return result; + } + + /* end of function means no cache entry */ + return NT_STATUS_OK; +} + +/********************************************************************** + Add an entry to the failed conneciton cache (aither a name of dotted + decimal IP +**********************************************************************/ + +void add_failed_connection_entry(const char *domain, const char *server, NTSTATUS result) +{ + struct failed_connection_cache *fcc; + + SMB_ASSERT(!NT_STATUS_IS_OK(result)); + + /* Check we already aren't in the cache. We always have to have + a domain, but maybe not a specific DC name. */ + + for (fcc = failed_connection_cache; fcc; fcc = fcc->next) { + if ( strequal(fcc->domain_name, domain) && strequal(fcc->controller, server) ) + { + DEBUG(10, ("add_failed_connection_entry: domain %s (%s) already tried and failed\n", + domain, server )); + return; + } + } + + /* Create negative lookup cache entry for this domain and controller */ + + if ( !(fcc = (struct failed_connection_cache *)malloc(sizeof(struct failed_connection_cache))) ) + { + DEBUG(0, ("malloc failed in add_failed_connection_entry!\n")); + return; + } + + ZERO_STRUCTP(fcc); + + fstrcpy( fcc->domain_name, domain ); + fstrcpy( fcc->controller, server ); + fcc->lookup_time = time(NULL); + fcc->nt_status = result; + + DEBUG(10,("add_failed_connection_entry: added domain %s (%s) to failed conn cache\n", + domain, server )); + + DLIST_ADD(failed_connection_cache, fcc); +} + +/**************************************************************************** +****************************************************************************/ + +void flush_negative_conn_cache( void ) +{ + struct failed_connection_cache *fcc; + + fcc = failed_connection_cache; + + while (fcc) { + struct failed_connection_cache *fcc_next; + + fcc_next = fcc->next; + DLIST_REMOVE(failed_connection_cache, fcc); + free(fcc); + + fcc = fcc_next; + } + +} + + diff --git a/source3/libsmb/samlogon_cache.c b/source3/libsmb/samlogon_cache.c new file mode 100644 index 0000000000..72c10007bf --- /dev/null +++ b/source3/libsmb/samlogon_cache.c @@ -0,0 +1,238 @@ +/* + Unix SMB/CIFS implementation. + Net_sam_logon info3 helpers + Copyright (C) Alexander Bokovoy 2002. + Copyright (C) Andrew Bartlett 2002. + Copyright (C) Gerald Carter 2003. + Copyright (C) Tim Potter 2003. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +#define NETSAMLOGON_TDB "netsamlogon_cache.tdb" + +static TDB_CONTEXT *netsamlogon_tdb = NULL; + +/*********************************************************************** + open the tdb + ***********************************************************************/ + +BOOL netsamlogon_cache_init(void) +{ + if (!netsamlogon_tdb) { + netsamlogon_tdb = tdb_open_log(lock_path(NETSAMLOGON_TDB), 0, + TDB_DEFAULT, O_RDWR | O_CREAT, 0600); + } + + return (netsamlogon_tdb != NULL); +} + + +/*********************************************************************** + Shutdown samlogon_cache database +***********************************************************************/ + +BOOL netsamlogon_cache_shutdown(void) +{ + if(netsamlogon_tdb) + return (tdb_close(netsamlogon_tdb) == 0); + + return True; +} + +/*********************************************************************** + Clear cache getpwnam and getgroups entries from the winbindd cache +***********************************************************************/ +void netsamlogon_clear_cached_user(TDB_CONTEXT *tdb, NET_USER_INFO_3 *user) +{ + fstring domain; + TDB_DATA key; + BOOL got_tdb = False; + + /* We may need to call this function from smbd which will not have + winbindd_cache.tdb open. Open the tdb if a NULL is passed. */ + + if (!tdb) { + tdb = tdb_open_log(lock_path("winbindd_cache.tdb"), 5000, + TDB_DEFAULT, O_RDWR, 0600); + if (!tdb) { + DEBUG(5, ("netsamlogon_clear_cached_user: failed to open cache\n")); + return; + } + got_tdb = True; + } + + unistr2_to_ascii(domain, &user->uni_logon_dom, sizeof(domain) - 1); + + /* Clear U/DOMAIN/RID cache entry */ + + asprintf(&key.dptr, "U/%s/%d", domain, user->user_rid); + key.dsize = strlen(key.dptr) - 1; /* keys are not NULL terminated */ + + DEBUG(10, ("netsamlogon_clear_cached_user: clearing %s\n", key.dptr)); + + tdb_delete(tdb, key); + + SAFE_FREE(key.dptr); + + /* Clear UG/DOMAIN/RID cache entry */ + + asprintf(&key.dptr, "UG/%s/%d", domain, user->user_rid); + key.dsize = strlen(key.dptr) - 1; /* keys are not NULL terminated */ + + DEBUG(10, ("netsamlogon_clear_cached_user: clearing %s\n", key.dptr)); + + tdb_delete(tdb, key); + + SAFE_FREE(key.dptr); + + if (got_tdb) + tdb_close(tdb); +} + +/*********************************************************************** + Store a NET_USER_INFO_3 structure in a tdb for later user +***********************************************************************/ + +BOOL netsamlogon_cache_store(TALLOC_CTX *mem_ctx, NET_USER_INFO_3 *user) +{ + TDB_DATA data; + fstring keystr; + prs_struct ps; + BOOL result = False; + DOM_SID user_sid; + time_t t = time(NULL); + + + if (!netsamlogon_cache_init()) { + DEBUG(0,("netsamlogon_cache_store: cannot open %s for write!\n", NETSAMLOGON_TDB)); + return False; + } + + sid_copy( &user_sid, &user->dom_sid.sid ); + sid_append_rid( &user_sid, user->user_rid ); + + /* Prepare key as DOMAIN-SID/USER-RID string */ + slprintf(keystr, sizeof(keystr), "%s", sid_string_static(&user_sid)); + + DEBUG(10,("netsamlogon_cache_store: SID [%s]\n", keystr)); + + /* Prepare data */ + + prs_init( &ps,MAX_PDU_FRAG_LEN , mem_ctx, MARSHALL); + + if ( !prs_uint32( "timestamp", &ps, 0, (uint32*)&t ) ) + return False; + + if ( net_io_user_info3("", user, &ps, 0, 3) ) + { + data.dsize = prs_offset( &ps ); + data.dptr = prs_data_p( &ps ); + + if (tdb_store_bystring(netsamlogon_tdb, keystr, data, TDB_REPLACE) != -1) + result = True; + + prs_mem_free( &ps ); + } + + return result; +} + +/*********************************************************************** + Retrieves a NET_USER_INFO_3 structure from a tdb. Caller must + free the user_info struct (malloc()'d memory) +***********************************************************************/ + +NET_USER_INFO_3* netsamlogon_cache_get( TALLOC_CTX *mem_ctx, DOM_SID *user_sid) +{ + NET_USER_INFO_3 *user = NULL; + TDB_DATA data, key; + prs_struct ps; + fstring keystr; + uint32 t; + + if (!netsamlogon_cache_init()) { + DEBUG(0,("netsamlogon_cache_store: cannot open %s for write!\n", NETSAMLOGON_TDB)); + return False; + } + + /* Prepare key as DOMAIN-SID/USER-RID string */ + slprintf(keystr, sizeof(keystr), "%s", sid_string_static(user_sid)); + DEBUG(10,("netsamlogon_cache_get: SID [%s]\n", keystr)); + key.dptr = keystr; + key.dsize = strlen(keystr)+1; + data = tdb_fetch( netsamlogon_tdb, key ); + + if ( data.dptr ) { + + if ( (user = (NET_USER_INFO_3*)malloc(sizeof(NET_USER_INFO_3))) == NULL ) + return NULL; + + prs_init( &ps, 0, mem_ctx, UNMARSHALL ); + prs_give_memory( &ps, data.dptr, data.dsize, True ); + + if ( !prs_uint32( "timestamp", &ps, 0, &t ) ) { + prs_mem_free( &ps ); + return False; + } + + if ( !net_io_user_info3("", user, &ps, 0, 3) ) { + SAFE_FREE( user ); + } + + prs_mem_free( &ps ); + +#if 0 /* The netsamlogon cache needs to hang around. Something about + this feels wrong, but it is the only way we can get all of the + groups. The old universal groups cache didn't expire either. + --jerry */ + { + time_t now = time(NULL); + uint32 time_diff; + + /* is the entry expired? */ + time_diff = now - t; + + if ( (time_diff < 0 ) || (time_diff > lp_winbind_cache_time()) ) { + DEBUG(10,("netsamlogon_cache_get: cache entry expired \n")); + tdb_delete( netsamlogon_tdb, key ); + SAFE_FREE( user ); + } +#endif + } + + return user; +} + +BOOL netsamlogon_cache_have(DOM_SID *user_sid) +{ + TALLOC_CTX *mem_ctx = talloc_init("netsamlogon_cache_have"); + NET_USER_INFO_3 *user = NULL; + BOOL result; + + if (!mem_ctx) + return False; + + user = netsamlogon_cache_get(mem_ctx, user_sid); + + result = (user != NULL); + + talloc_destroy(mem_ctx); + SAFE_FREE(user); + + return result; +} |