2 Unix SMB/CIFS implementation.
4 Winbind cache backend functions
6 Copyright (C) Andrew Tridgell 2001
7 Copyright (C) Gerald Carter 2003
8 Copyright (C) Volker Lendecke 2005
9 Copyright (C) Guenther Deschner 2005
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 2 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, write to the Free Software
23 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
30 #define DBGC_CLASS DBGC_WINBIND
32 extern struct winbindd_methods reconnect_methods;
33 extern BOOL opt_nocache;
35 extern struct winbindd_methods ads_methods;
38 /* Global online/offline state - False when online. winbindd starts up online
39 and sets this to true if the first query fails and there's an entry in
40 the cache tdb telling us to stay offline. */
42 static BOOL global_winbindd_offline_state;
44 struct winbind_cache {
50 uint32 sequence_number;
55 #define WINBINDD_MAX_CACHE_SIZE (50*1024*1024)
57 static struct winbind_cache *wcache;
59 void winbindd_check_cache_size(time_t t)
61 static time_t last_check_time;
64 if (last_check_time == (time_t)0)
67 if (t - last_check_time < 60 && t - last_check_time > 0)
70 if (wcache == NULL || wcache->tdb == NULL) {
71 DEBUG(0, ("Unable to check size of tdb cache - cache not open !\n"));
75 if (fstat(tdb_fd(wcache->tdb), &st) == -1) {
76 DEBUG(0, ("Unable to check size of tdb cache %s!\n", strerror(errno) ));
80 if (st.st_size > WINBINDD_MAX_CACHE_SIZE) {
81 DEBUG(10,("flushing cache due to size (%lu) > (%lu)\n",
82 (unsigned long)st.st_size,
83 (unsigned long)WINBINDD_MAX_CACHE_SIZE));
88 /* get the winbind_cache structure */
89 static struct winbind_cache *get_cache(struct winbindd_domain *domain)
91 struct winbind_cache *ret = wcache;
93 struct winbindd_domain *our_domain = domain;
96 /* We have to know what type of domain we are dealing with first. */
98 if ( !domain->initialized ) {
99 init_dc_connection( domain );
103 OK. listen up becasue I'm only going to say this once.
104 We have the following scenarios to consider
105 (a) trusted AD domains on a Samba DC,
106 (b) trusted AD domains and we are joined to a non-kerberos domain
107 (c) trusted AD domains and we are joined to a kerberos (AD) domain
109 For (a) we can always contact the trusted domain using krb5
110 since we have the domain trust account password
112 For (b) we can only use RPC since we have no way of
113 getting a krb5 ticket in our own domain
115 For (c) we can always use krb5 since we have a kerberos trust
120 if (!domain->backend) {
122 /* find our domain first so we can figure out if we
123 are joined to a kerberized domain */
125 if ( !domain->primary )
126 our_domain = find_our_domain();
128 if ( (our_domain->active_directory || IS_DC) && domain->active_directory ) {
129 DEBUG(5,("get_cache: Setting ADS methods for domain %s\n", domain->name));
130 domain->backend = &ads_methods;
132 #endif /* HAVE_ADS */
133 DEBUG(5,("get_cache: Setting MS-RPC methods for domain %s\n", domain->name));
134 domain->backend = &reconnect_methods;
137 #endif /* HAVE_ADS */
143 ret = SMB_XMALLOC_P(struct winbind_cache);
147 wcache_flush_cache();
153 free a centry structure
155 static void centry_free(struct cache_entry *centry)
159 SAFE_FREE(centry->data);
164 pull a uint32 from a cache entry
166 static uint32 centry_uint32(struct cache_entry *centry)
169 if (centry->len - centry->ofs < 4) {
170 DEBUG(0,("centry corruption? needed 4 bytes, have %d\n",
171 centry->len - centry->ofs));
172 smb_panic("centry_uint32");
174 ret = IVAL(centry->data, centry->ofs);
180 pull a uint16 from a cache entry
182 static uint16 centry_uint16(struct cache_entry *centry)
185 if (centry->len - centry->ofs < 2) {
186 DEBUG(0,("centry corruption? needed 2 bytes, have %d\n",
187 centry->len - centry->ofs));
188 smb_panic("centry_uint16");
190 ret = CVAL(centry->data, centry->ofs);
196 pull a uint8 from a cache entry
198 static uint8 centry_uint8(struct cache_entry *centry)
201 if (centry->len - centry->ofs < 1) {
202 DEBUG(0,("centry corruption? needed 1 bytes, have %d\n",
203 centry->len - centry->ofs));
204 smb_panic("centry_uint32");
206 ret = CVAL(centry->data, centry->ofs);
212 pull a NTTIME from a cache entry
214 static NTTIME centry_nttime(struct cache_entry *centry)
217 if (centry->len - centry->ofs < 8) {
218 DEBUG(0,("centry corruption? needed 8 bytes, have %d\n",
219 centry->len - centry->ofs));
220 smb_panic("centry_nttime");
222 ret = IVAL(centry->data, centry->ofs);
224 ret += (uint64_t)IVAL(centry->data, centry->ofs) << 32;
230 pull a time_t from a cache entry
232 static time_t centry_time(struct cache_entry *centry)
235 if (centry->len - centry->ofs < sizeof(time_t)) {
236 DEBUG(0,("centry corruption? needed %u bytes, have %u\n",
237 (unsigned int)sizeof(time_t), (unsigned int)(centry->len - centry->ofs)));
238 smb_panic("centry_time");
240 ret = IVAL(centry->data, centry->ofs); /* FIXME: correct ? */
241 centry->ofs += sizeof(time_t);
245 /* pull a string from a cache entry, using the supplied
248 static char *centry_string(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
253 len = centry_uint8(centry);
256 /* a deliberate NULL string */
260 if (centry->len - centry->ofs < len) {
261 DEBUG(0,("centry corruption? needed %d bytes, have %d\n",
262 len, centry->len - centry->ofs));
263 smb_panic("centry_string");
266 ret = TALLOC_ARRAY(mem_ctx, char, len+1);
268 smb_panic("centry_string out of memory\n");
270 memcpy(ret,centry->data + centry->ofs, len);
276 /* pull a hash16 from a cache entry, using the supplied
279 static char *centry_hash16(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
284 len = centry_uint8(centry);
287 DEBUG(0,("centry corruption? hash len (%u) != 16\n",
292 if (centry->len - centry->ofs < 16) {
293 DEBUG(0,("centry corruption? needed 16 bytes, have %d\n",
294 centry->len - centry->ofs));
298 ret = TALLOC_ARRAY(mem_ctx, char, 16);
300 smb_panic("centry_hash out of memory\n");
302 memcpy(ret,centry->data + centry->ofs, 16);
307 /* pull a sid from a cache entry, using the supplied
310 static BOOL centry_sid(struct cache_entry *centry, TALLOC_CTX *mem_ctx, DOM_SID *sid)
313 sid_string = centry_string(centry, mem_ctx);
314 if ((sid_string == NULL) || (!string_to_sid(sid, sid_string))) {
320 /* the server is considered down if it can't give us a sequence number */
321 static BOOL wcache_server_down(struct winbindd_domain *domain)
328 ret = (domain->sequence_number == DOM_SEQUENCE_NONE);
331 DEBUG(10,("wcache_server_down: server for Domain %s down\n",
336 static NTSTATUS fetch_cache_seqnum( struct winbindd_domain *domain, time_t now )
343 DEBUG(10,("fetch_cache_seqnum: tdb == NULL\n"));
344 return NT_STATUS_UNSUCCESSFUL;
347 fstr_sprintf( key, "SEQNUM/%s", domain->name );
349 data = tdb_fetch_bystring( wcache->tdb, key );
350 if ( !data.dptr || data.dsize!=8 ) {
351 DEBUG(10,("fetch_cache_seqnum: invalid data size key [%s]\n", key ));
352 return NT_STATUS_UNSUCCESSFUL;
355 domain->sequence_number = IVAL(data.dptr, 0);
356 domain->last_seq_check = IVAL(data.dptr, 4);
358 SAFE_FREE(data.dptr);
360 /* have we expired? */
362 time_diff = now - domain->last_seq_check;
363 if ( time_diff > lp_winbind_cache_time() ) {
364 DEBUG(10,("fetch_cache_seqnum: timeout [%s][%u @ %u]\n",
365 domain->name, domain->sequence_number,
366 (uint32)domain->last_seq_check));
367 return NT_STATUS_UNSUCCESSFUL;
370 DEBUG(10,("fetch_cache_seqnum: success [%s][%u @ %u]\n",
371 domain->name, domain->sequence_number,
372 (uint32)domain->last_seq_check));
377 static NTSTATUS store_cache_seqnum( struct winbindd_domain *domain )
384 DEBUG(10,("store_cache_seqnum: tdb == NULL\n"));
385 return NT_STATUS_UNSUCCESSFUL;
388 fstr_sprintf( key_str, "SEQNUM/%s", domain->name );
390 SIVAL(buf, 0, domain->sequence_number);
391 SIVAL(buf, 4, domain->last_seq_check);
395 if ( tdb_store_bystring( wcache->tdb, key_str, data, TDB_REPLACE) == -1 ) {
396 DEBUG(10,("store_cache_seqnum: tdb_store fail key [%s]\n", key_str ));
397 return NT_STATUS_UNSUCCESSFUL;
400 DEBUG(10,("store_cache_seqnum: success [%s][%u @ %u]\n",
401 domain->name, domain->sequence_number,
402 (uint32)domain->last_seq_check));
408 refresh the domain sequence number. If force is True
409 then always refresh it, no matter how recently we fetched it
412 static void refresh_sequence_number(struct winbindd_domain *domain, BOOL force)
416 time_t t = time(NULL);
417 unsigned cache_time = lp_winbind_cache_time();
421 #if 0 /* JERRY -- disable as the default cache time is now 5 minutes */
422 /* trying to reconnect is expensive, don't do it too often */
423 if (domain->sequence_number == DOM_SEQUENCE_NONE) {
428 time_diff = t - domain->last_seq_check;
430 /* see if we have to refetch the domain sequence number */
431 if (!force && (time_diff < cache_time)) {
432 DEBUG(10, ("refresh_sequence_number: %s time ok\n", domain->name));
436 /* try to get the sequence number from the tdb cache first */
437 /* this will update the timestamp as well */
439 status = fetch_cache_seqnum( domain, t );
440 if ( NT_STATUS_IS_OK(status) )
443 /* important! make sure that we know if this is a native
444 mode domain or not */
446 status = domain->backend->sequence_number(domain, &domain->sequence_number);
448 /* the above call could have set our domain->backend to NULL when
449 * coming from offline to online mode, make sure to reinitialize the
450 * backend - Guenther */
453 if (!NT_STATUS_IS_OK(status)) {
454 DEBUG(10,("refresh_sequence_number: failed with %s\n", nt_errstr(status)));
455 domain->sequence_number = DOM_SEQUENCE_NONE;
458 domain->last_status = status;
459 domain->last_seq_check = time(NULL);
461 /* save the new sequence number ni the cache */
462 store_cache_seqnum( domain );
465 DEBUG(10, ("refresh_sequence_number: %s seq number is now %d\n",
466 domain->name, domain->sequence_number));
472 decide if a cache entry has expired
474 static BOOL centry_expired(struct winbindd_domain *domain, const char *keystr, struct cache_entry *centry)
476 /* If we've been told to be offline - stay in that state... */
477 if (lp_winbind_offline_logon() && global_winbindd_offline_state) {
478 DEBUG(10,("centry_expired: Key %s for domain %s valid as winbindd is globally offline.\n",
479 keystr, domain->name ));
483 /* when the domain is offline return the cached entry.
484 * This deals with transient offline states... */
486 if (!domain->online) {
487 DEBUG(10,("centry_expired: Key %s for domain %s valid as domain is offline.\n",
488 keystr, domain->name ));
492 /* if the server is OK and our cache entry came from when it was down then
493 the entry is invalid */
494 if ((domain->sequence_number != DOM_SEQUENCE_NONE) &&
495 (centry->sequence_number == DOM_SEQUENCE_NONE)) {
496 DEBUG(10,("centry_expired: Key %s for domain %s invalid sequence.\n",
497 keystr, domain->name ));
501 /* if the server is down or the cache entry is not older than the
502 current sequence number then it is OK */
503 if (wcache_server_down(domain) ||
504 centry->sequence_number == domain->sequence_number) {
505 DEBUG(10,("centry_expired: Key %s for domain %s is good.\n",
506 keystr, domain->name ));
510 DEBUG(10,("centry_expired: Key %s for domain %s expired\n",
511 keystr, domain->name ));
517 static struct cache_entry *wcache_fetch_raw(char *kstr)
520 struct cache_entry *centry;
524 key.dsize = strlen(kstr);
525 data = tdb_fetch(wcache->tdb, key);
531 centry = SMB_XMALLOC_P(struct cache_entry);
532 centry->data = (unsigned char *)data.dptr;
533 centry->len = data.dsize;
536 if (centry->len < 8) {
537 /* huh? corrupt cache? */
538 DEBUG(10,("wcache_fetch_raw: Corrupt cache for key %s (len < 8) ?\n", kstr));
543 centry->status = NT_STATUS(centry_uint32(centry));
544 centry->sequence_number = centry_uint32(centry);
550 fetch an entry from the cache, with a varargs key. auto-fetch the sequence
551 number and return status
553 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
554 struct winbindd_domain *domain,
555 const char *format, ...) PRINTF_ATTRIBUTE(3,4);
556 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
557 struct winbindd_domain *domain,
558 const char *format, ...)
562 struct cache_entry *centry;
568 refresh_sequence_number(domain, False);
570 va_start(ap, format);
571 smb_xvasprintf(&kstr, format, ap);
574 centry = wcache_fetch_raw(kstr);
575 if (centry == NULL) {
580 if (centry_expired(domain, kstr, centry)) {
582 DEBUG(10,("wcache_fetch: entry %s expired for domain %s\n",
583 kstr, domain->name ));
590 DEBUG(10,("wcache_fetch: returning entry %s for domain %s\n",
591 kstr, domain->name ));
597 static void wcache_delete(const char *format, ...) PRINTF_ATTRIBUTE(1,2);
598 static void wcache_delete(const char *format, ...)
604 va_start(ap, format);
605 smb_xvasprintf(&kstr, format, ap);
609 key.dsize = strlen(kstr);
611 tdb_delete(wcache->tdb, key);
616 make sure we have at least len bytes available in a centry
618 static void centry_expand(struct cache_entry *centry, uint32 len)
620 if (centry->len - centry->ofs >= len)
623 centry->data = SMB_REALLOC_ARRAY(centry->data, unsigned char,
626 DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len));
627 smb_panic("out of memory in centry_expand");
632 push a uint32 into a centry
634 static void centry_put_uint32(struct cache_entry *centry, uint32 v)
636 centry_expand(centry, 4);
637 SIVAL(centry->data, centry->ofs, v);
642 push a uint16 into a centry
644 static void centry_put_uint16(struct cache_entry *centry, uint16 v)
646 centry_expand(centry, 2);
647 SIVAL(centry->data, centry->ofs, v);
652 push a uint8 into a centry
654 static void centry_put_uint8(struct cache_entry *centry, uint8 v)
656 centry_expand(centry, 1);
657 SCVAL(centry->data, centry->ofs, v);
662 push a string into a centry
664 static void centry_put_string(struct cache_entry *centry, const char *s)
669 /* null strings are marked as len 0xFFFF */
670 centry_put_uint8(centry, 0xFF);
675 /* can't handle more than 254 char strings. Truncating is probably best */
677 DEBUG(10,("centry_put_string: truncating len (%d) to: 254\n", len));
680 centry_put_uint8(centry, len);
681 centry_expand(centry, len);
682 memcpy(centry->data + centry->ofs, s, len);
687 push a 16 byte hash into a centry - treat as 16 byte string.
689 static void centry_put_hash16(struct cache_entry *centry, const uint8 val[16])
691 centry_put_uint8(centry, 16);
692 centry_expand(centry, 16);
693 memcpy(centry->data + centry->ofs, val, 16);
697 static void centry_put_sid(struct cache_entry *centry, const DOM_SID *sid)
700 centry_put_string(centry, sid_to_string(sid_string, sid));
704 push a NTTIME into a centry
706 static void centry_put_nttime(struct cache_entry *centry, NTTIME nt)
708 centry_expand(centry, 8);
709 SIVAL(centry->data, centry->ofs, nt & 0xFFFFFFFF);
711 SIVAL(centry->data, centry->ofs, nt >> 32);
716 push a time_t into a centry
718 static void centry_put_time(struct cache_entry *centry, time_t t)
720 centry_expand(centry, sizeof(time_t));
721 SIVAL(centry->data, centry->ofs, t); /* FIXME: is this correct ?? */
722 centry->ofs += sizeof(time_t);
726 start a centry for output. When finished, call centry_end()
728 struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status)
730 struct cache_entry *centry;
735 centry = SMB_XMALLOC_P(struct cache_entry);
737 centry->len = 8192; /* reasonable default */
738 centry->data = SMB_XMALLOC_ARRAY(uint8, centry->len);
740 centry->sequence_number = domain->sequence_number;
741 centry_put_uint32(centry, NT_STATUS_V(status));
742 centry_put_uint32(centry, centry->sequence_number);
747 finish a centry and write it to the tdb
749 static void centry_end(struct cache_entry *centry, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
750 static void centry_end(struct cache_entry *centry, const char *format, ...)
756 va_start(ap, format);
757 smb_xvasprintf(&kstr, format, ap);
761 key.dsize = strlen(kstr);
762 data.dptr = (char *)centry->data;
763 data.dsize = centry->ofs;
765 tdb_store(wcache->tdb, key, data, TDB_REPLACE);
769 static void wcache_save_name_to_sid(struct winbindd_domain *domain,
770 NTSTATUS status, const char *domain_name,
771 const char *name, const DOM_SID *sid,
772 enum lsa_SidType type)
774 struct cache_entry *centry;
777 centry = centry_start(domain, status);
780 centry_put_uint32(centry, type);
781 centry_put_sid(centry, sid);
782 fstrcpy(uname, name);
784 centry_end(centry, "NS/%s/%s", domain_name, uname);
785 DEBUG(10,("wcache_save_name_to_sid: %s\\%s -> %s\n", domain_name, uname,
786 sid_string_static(sid)));
790 static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS status,
791 const DOM_SID *sid, const char *domain_name, const char *name, enum lsa_SidType type)
793 struct cache_entry *centry;
796 if (is_null_sid(sid)) {
800 centry = centry_start(domain, status);
803 if (NT_STATUS_IS_OK(status)) {
804 centry_put_uint32(centry, type);
805 centry_put_string(centry, domain_name);
806 centry_put_string(centry, name);
808 centry_end(centry, "SN/%s", sid_to_string(sid_string, sid));
809 DEBUG(10,("wcache_save_sid_to_name: %s -> %s\n", sid_string, name));
814 static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WINBIND_USERINFO *info)
816 struct cache_entry *centry;
819 if (is_null_sid(&info->user_sid)) {
823 centry = centry_start(domain, status);
826 centry_put_string(centry, info->acct_name);
827 centry_put_string(centry, info->full_name);
828 centry_put_string(centry, info->homedir);
829 centry_put_string(centry, info->shell);
830 centry_put_sid(centry, &info->user_sid);
831 centry_put_sid(centry, &info->group_sid);
832 centry_end(centry, "U/%s", sid_to_string(sid_string, &info->user_sid));
833 DEBUG(10,("wcache_save_user: %s (acct_name %s)\n", sid_string, info->acct_name));
837 static void wcache_save_lockout_policy(struct winbindd_domain *domain, NTSTATUS status, SAM_UNK_INFO_12 *lockout_policy)
839 struct cache_entry *centry;
841 centry = centry_start(domain, status);
845 centry_put_nttime(centry, lockout_policy->duration);
846 centry_put_nttime(centry, lockout_policy->reset_count);
847 centry_put_uint16(centry, lockout_policy->bad_attempt_lockout);
849 centry_end(centry, "LOC_POL/%s", domain->name);
851 DEBUG(10,("wcache_save_lockout_policy: %s\n", domain->name));
856 static void wcache_save_password_policy(struct winbindd_domain *domain, NTSTATUS status, SAM_UNK_INFO_1 *policy)
858 struct cache_entry *centry;
860 centry = centry_start(domain, status);
864 centry_put_uint16(centry, policy->min_length_password);
865 centry_put_uint16(centry, policy->password_history);
866 centry_put_uint32(centry, policy->password_properties);
867 centry_put_nttime(centry, policy->expire);
868 centry_put_nttime(centry, policy->min_passwordage);
870 centry_end(centry, "PWD_POL/%s", domain->name);
872 DEBUG(10,("wcache_save_password_policy: %s\n", domain->name));
877 NTSTATUS wcache_cached_creds_exist(struct winbindd_domain *domain, const DOM_SID *sid)
879 struct winbind_cache *cache = get_cache(domain);
885 return NT_STATUS_INTERNAL_DB_ERROR;
888 if (is_null_sid(sid)) {
889 return NT_STATUS_INVALID_SID;
892 if (!(sid_peek_rid(sid, &rid)) || (rid == 0)) {
893 return NT_STATUS_INVALID_SID;
896 fstr_sprintf(key_str, "CRED/%s", sid_string_static(sid));
898 data = tdb_fetch(cache->tdb, make_tdb_data(key_str, strlen(key_str)));
900 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
903 SAFE_FREE(data.dptr);
907 /* Lookup creds for a SID - copes with old (unsalted) creds as well
908 as new salted ones. */
910 NTSTATUS wcache_get_creds(struct winbindd_domain *domain,
913 const uint8 **cached_nt_pass,
914 const uint8 **cached_salt)
916 struct winbind_cache *cache = get_cache(domain);
917 struct cache_entry *centry = NULL;
923 return NT_STATUS_INTERNAL_DB_ERROR;
926 if (is_null_sid(sid)) {
927 return NT_STATUS_INVALID_SID;
930 if (!(sid_peek_rid(sid, &rid)) || (rid == 0)) {
931 return NT_STATUS_INVALID_SID;
934 /* Try and get a salted cred first. If we can't
935 fall back to an unsalted cred. */
937 centry = wcache_fetch(cache, domain, "CRED/%s", sid_string_static(sid));
939 DEBUG(10,("wcache_get_creds: entry for [CRED/%s] not found\n",
940 sid_string_static(sid)));
941 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
944 t = centry_time(centry);
946 /* In the salted case this isn't actually the nt_hash itself,
947 but the MD5 of the salt + nt_hash. Let the caller
948 sort this out. It can tell as we only return the cached_salt
949 if we are returning a salted cred. */
951 *cached_nt_pass = (const uint8 *)centry_hash16(centry, mem_ctx);
952 if (*cached_nt_pass == NULL) {
953 const char *sidstr = sid_string_static(sid);
955 /* Bad (old) cred cache. Delete and pretend we
957 DEBUG(0,("wcache_get_creds: bad entry for [CRED/%s] - deleting\n",
959 wcache_delete("CRED/%s", sidstr);
961 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
964 /* We only have 17 bytes more data in the salted cred case. */
965 if (centry->len - centry->ofs == 17) {
966 *cached_salt = (const uint8 *)centry_hash16(centry, mem_ctx);
972 dump_data(100, (const char *)*cached_nt_pass, NT_HASH_LEN);
974 dump_data(100, (const char *)*cached_salt, NT_HASH_LEN);
977 status = centry->status;
979 DEBUG(10,("wcache_get_creds: [Cached] - cached creds for user %s status: %s\n",
980 sid_string_static(sid), nt_errstr(status) ));
986 /* Store creds for a SID - only writes out new salted ones. */
988 NTSTATUS wcache_save_creds(struct winbindd_domain *domain,
991 const uint8 nt_pass[NT_HASH_LEN])
993 struct cache_entry *centry;
996 uint8 cred_salt[NT_HASH_LEN];
997 uint8 salted_hash[NT_HASH_LEN];
999 if (is_null_sid(sid)) {
1000 return NT_STATUS_INVALID_SID;
1003 if (!(sid_peek_rid(sid, &rid)) || (rid == 0)) {
1004 return NT_STATUS_INVALID_SID;
1007 centry = centry_start(domain, NT_STATUS_OK);
1009 return NT_STATUS_INTERNAL_DB_ERROR;
1013 dump_data(100, (const char *)nt_pass, NT_HASH_LEN);
1016 centry_put_time(centry, time(NULL));
1018 /* Create a salt and then salt the hash. */
1019 generate_random_buffer(cred_salt, NT_HASH_LEN);
1020 E_md5hash(cred_salt, nt_pass, salted_hash);
1022 centry_put_hash16(centry, salted_hash);
1023 centry_put_hash16(centry, cred_salt);
1024 centry_end(centry, "CRED/%s", sid_to_string(sid_string, sid));
1026 DEBUG(10,("wcache_save_creds: %s\n", sid_string));
1028 centry_free(centry);
1030 return NT_STATUS_OK;
1034 /* Query display info. This is the basic user list fn */
1035 static NTSTATUS query_user_list(struct winbindd_domain *domain,
1036 TALLOC_CTX *mem_ctx,
1037 uint32 *num_entries,
1038 WINBIND_USERINFO **info)
1040 struct winbind_cache *cache = get_cache(domain);
1041 struct cache_entry *centry = NULL;
1043 unsigned int i, retry;
1048 centry = wcache_fetch(cache, domain, "UL/%s", domain->name);
1052 *num_entries = centry_uint32(centry);
1054 if (*num_entries == 0)
1057 (*info) = TALLOC_ARRAY(mem_ctx, WINBIND_USERINFO, *num_entries);
1059 smb_panic("query_user_list out of memory");
1060 for (i=0; i<(*num_entries); i++) {
1061 (*info)[i].acct_name = centry_string(centry, mem_ctx);
1062 (*info)[i].full_name = centry_string(centry, mem_ctx);
1063 (*info)[i].homedir = centry_string(centry, mem_ctx);
1064 (*info)[i].shell = centry_string(centry, mem_ctx);
1065 centry_sid(centry, mem_ctx, &(*info)[i].user_sid);
1066 centry_sid(centry, mem_ctx, &(*info)[i].group_sid);
1070 status = centry->status;
1072 DEBUG(10,("query_user_list: [Cached] - cached list for domain %s status: %s\n",
1073 domain->name, nt_errstr(status) ));
1075 centry_free(centry);
1082 /* Return status value returned by seq number check */
1084 if (!NT_STATUS_IS_OK(domain->last_status))
1085 return domain->last_status;
1087 /* Put the query_user_list() in a retry loop. There appears to be
1088 * some bug either with Windows 2000 or Samba's handling of large
1089 * rpc replies. This manifests itself as sudden disconnection
1090 * at a random point in the enumeration of a large (60k) user list.
1091 * The retry loop simply tries the operation again. )-: It's not
1092 * pretty but an acceptable workaround until we work out what the
1093 * real problem is. */
1098 DEBUG(10,("query_user_list: [Cached] - doing backend query for list for domain %s\n",
1101 status = domain->backend->query_user_list(domain, mem_ctx, num_entries, info);
1102 if (!NT_STATUS_IS_OK(status))
1103 DEBUG(3, ("query_user_list: returned 0x%08x, "
1104 "retrying\n", NT_STATUS_V(status)));
1105 if (NT_STATUS_EQUAL(status, NT_STATUS_UNSUCCESSFUL)) {
1106 DEBUG(3, ("query_user_list: flushing "
1107 "connection cache\n"));
1108 invalidate_cm_connection(&domain->conn);
1111 } while (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) &&
1115 refresh_sequence_number(domain, False);
1116 centry = centry_start(domain, status);
1119 centry_put_uint32(centry, *num_entries);
1120 for (i=0; i<(*num_entries); i++) {
1121 centry_put_string(centry, (*info)[i].acct_name);
1122 centry_put_string(centry, (*info)[i].full_name);
1123 centry_put_string(centry, (*info)[i].homedir);
1124 centry_put_string(centry, (*info)[i].shell);
1125 centry_put_sid(centry, &(*info)[i].user_sid);
1126 centry_put_sid(centry, &(*info)[i].group_sid);
1127 if (domain->backend && domain->backend->consistent) {
1128 /* when the backend is consistent we can pre-prime some mappings */
1129 wcache_save_name_to_sid(domain, NT_STATUS_OK,
1131 (*info)[i].acct_name,
1132 &(*info)[i].user_sid,
1134 wcache_save_sid_to_name(domain, NT_STATUS_OK,
1135 &(*info)[i].user_sid,
1137 (*info)[i].acct_name,
1139 wcache_save_user(domain, NT_STATUS_OK, &(*info)[i]);
1142 centry_end(centry, "UL/%s", domain->name);
1143 centry_free(centry);
1149 /* list all domain groups */
1150 static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
1151 TALLOC_CTX *mem_ctx,
1152 uint32 *num_entries,
1153 struct acct_info **info)
1155 struct winbind_cache *cache = get_cache(domain);
1156 struct cache_entry *centry = NULL;
1163 centry = wcache_fetch(cache, domain, "GL/%s/domain", domain->name);
1167 *num_entries = centry_uint32(centry);
1169 if (*num_entries == 0)
1172 (*info) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_entries);
1174 smb_panic("enum_dom_groups out of memory");
1175 for (i=0; i<(*num_entries); i++) {
1176 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
1177 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
1178 (*info)[i].rid = centry_uint32(centry);
1182 status = centry->status;
1184 DEBUG(10,("enum_dom_groups: [Cached] - cached list for domain %s status: %s\n",
1185 domain->name, nt_errstr(status) ));
1187 centry_free(centry);
1194 /* Return status value returned by seq number check */
1196 if (!NT_STATUS_IS_OK(domain->last_status))
1197 return domain->last_status;
1199 DEBUG(10,("enum_dom_groups: [Cached] - doing backend query for list for domain %s\n",
1202 status = domain->backend->enum_dom_groups(domain, mem_ctx, num_entries, info);
1205 refresh_sequence_number(domain, False);
1206 centry = centry_start(domain, status);
1209 centry_put_uint32(centry, *num_entries);
1210 for (i=0; i<(*num_entries); i++) {
1211 centry_put_string(centry, (*info)[i].acct_name);
1212 centry_put_string(centry, (*info)[i].acct_desc);
1213 centry_put_uint32(centry, (*info)[i].rid);
1215 centry_end(centry, "GL/%s/domain", domain->name);
1216 centry_free(centry);
1222 /* list all domain groups */
1223 static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
1224 TALLOC_CTX *mem_ctx,
1225 uint32 *num_entries,
1226 struct acct_info **info)
1228 struct winbind_cache *cache = get_cache(domain);
1229 struct cache_entry *centry = NULL;
1236 centry = wcache_fetch(cache, domain, "GL/%s/local", domain->name);
1240 *num_entries = centry_uint32(centry);
1242 if (*num_entries == 0)
1245 (*info) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_entries);
1247 smb_panic("enum_dom_groups out of memory");
1248 for (i=0; i<(*num_entries); i++) {
1249 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
1250 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
1251 (*info)[i].rid = centry_uint32(centry);
1256 /* If we are returning cached data and the domain controller
1257 is down then we don't know whether the data is up to date
1258 or not. Return NT_STATUS_MORE_PROCESSING_REQUIRED to
1261 if (wcache_server_down(domain)) {
1262 DEBUG(10, ("enum_local_groups: returning cached user list and server was down\n"));
1263 status = NT_STATUS_MORE_PROCESSING_REQUIRED;
1265 status = centry->status;
1267 DEBUG(10,("enum_local_groups: [Cached] - cached list for domain %s status: %s\n",
1268 domain->name, nt_errstr(status) ));
1270 centry_free(centry);
1277 /* Return status value returned by seq number check */
1279 if (!NT_STATUS_IS_OK(domain->last_status))
1280 return domain->last_status;
1282 DEBUG(10,("enum_local_groups: [Cached] - doing backend query for list for domain %s\n",
1285 status = domain->backend->enum_local_groups(domain, mem_ctx, num_entries, info);
1288 refresh_sequence_number(domain, False);
1289 centry = centry_start(domain, status);
1292 centry_put_uint32(centry, *num_entries);
1293 for (i=0; i<(*num_entries); i++) {
1294 centry_put_string(centry, (*info)[i].acct_name);
1295 centry_put_string(centry, (*info)[i].acct_desc);
1296 centry_put_uint32(centry, (*info)[i].rid);
1298 centry_end(centry, "GL/%s/local", domain->name);
1299 centry_free(centry);
1305 /* convert a single name to a sid in a domain */
1306 static NTSTATUS name_to_sid(struct winbindd_domain *domain,
1307 TALLOC_CTX *mem_ctx,
1308 const char *domain_name,
1311 enum lsa_SidType *type)
1313 struct winbind_cache *cache = get_cache(domain);
1314 struct cache_entry *centry = NULL;
1321 fstrcpy(uname, name);
1323 centry = wcache_fetch(cache, domain, "NS/%s/%s", domain_name, uname);
1326 *type = (enum lsa_SidType)centry_uint32(centry);
1327 status = centry->status;
1328 if (NT_STATUS_IS_OK(status)) {
1329 centry_sid(centry, mem_ctx, sid);
1332 DEBUG(10,("name_to_sid: [Cached] - cached name for domain %s status: %s\n",
1333 domain->name, nt_errstr(status) ));
1335 centry_free(centry);
1341 /* If the seq number check indicated that there is a problem
1342 * with this DC, then return that status... except for
1343 * access_denied. This is special because the dc may be in
1344 * "restrict anonymous = 1" mode, in which case it will deny
1345 * most unauthenticated operations, but *will* allow the LSA
1346 * name-to-sid that we try as a fallback. */
1348 if (!(NT_STATUS_IS_OK(domain->last_status)
1349 || NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)))
1350 return domain->last_status;
1352 DEBUG(10,("name_to_sid: [Cached] - doing backend query for name for domain %s\n",
1355 status = domain->backend->name_to_sid(domain, mem_ctx, domain_name, name, sid, type);
1358 refresh_sequence_number(domain, False);
1360 if (domain->online && !is_null_sid(sid)) {
1361 wcache_save_name_to_sid(domain, status, domain_name, name, sid, *type);
1364 if (NT_STATUS_IS_OK(status)) {
1365 strupper_m(CONST_DISCARD(char *,domain_name));
1366 strlower_m(CONST_DISCARD(char *,name));
1367 wcache_save_sid_to_name(domain, status, sid, domain_name, name, *type);
1373 /* convert a sid to a user or group name. The sid is guaranteed to be in the domain
1375 static NTSTATUS sid_to_name(struct winbindd_domain *domain,
1376 TALLOC_CTX *mem_ctx,
1380 enum lsa_SidType *type)
1382 struct winbind_cache *cache = get_cache(domain);
1383 struct cache_entry *centry = NULL;
1390 centry = wcache_fetch(cache, domain, "SN/%s", sid_to_string(sid_string, sid));
1393 if (NT_STATUS_IS_OK(centry->status)) {
1394 *type = (enum lsa_SidType)centry_uint32(centry);
1395 *domain_name = centry_string(centry, mem_ctx);
1396 *name = centry_string(centry, mem_ctx);
1398 status = centry->status;
1400 DEBUG(10,("sid_to_name: [Cached] - cached name for domain %s status: %s\n",
1401 domain->name, nt_errstr(status) ));
1403 centry_free(centry);
1408 *domain_name = NULL;
1410 /* If the seq number check indicated that there is a problem
1411 * with this DC, then return that status... except for
1412 * access_denied. This is special because the dc may be in
1413 * "restrict anonymous = 1" mode, in which case it will deny
1414 * most unauthenticated operations, but *will* allow the LSA
1415 * sid-to-name that we try as a fallback. */
1417 if (!(NT_STATUS_IS_OK(domain->last_status)
1418 || NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)))
1419 return domain->last_status;
1421 DEBUG(10,("sid_to_name: [Cached] - doing backend query for name for domain %s\n",
1424 status = domain->backend->sid_to_name(domain, mem_ctx, sid, domain_name, name, type);
1427 refresh_sequence_number(domain, False);
1428 wcache_save_sid_to_name(domain, status, sid, *domain_name, *name, *type);
1430 /* We can't save the name to sid mapping here, as with sid history a
1431 * later name2sid would give the wrong sid. */
1436 static NTSTATUS rids_to_names(struct winbindd_domain *domain,
1437 TALLOC_CTX *mem_ctx,
1438 const DOM_SID *domain_sid,
1443 enum lsa_SidType **types)
1445 struct winbind_cache *cache = get_cache(domain);
1447 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
1451 *domain_name = NULL;
1459 if (num_rids == 0) {
1460 return NT_STATUS_OK;
1463 *names = TALLOC_ARRAY(mem_ctx, char *, num_rids);
1464 *types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_rids);
1466 if ((*names == NULL) || (*types == NULL)) {
1467 result = NT_STATUS_NO_MEMORY;
1471 have_mapped = have_unmapped = False;
1473 for (i=0; i<num_rids; i++) {
1475 struct cache_entry *centry;
1477 if (!sid_compose(&sid, domain_sid, rids[i])) {
1478 result = NT_STATUS_INTERNAL_ERROR;
1482 centry = wcache_fetch(cache, domain, "SN/%s",
1483 sid_string_static(&sid));
1488 (*types)[i] = SID_NAME_UNKNOWN;
1489 (*names)[i] = talloc_strdup(*names, "");
1491 if (NT_STATUS_IS_OK(centry->status)) {
1494 (*types)[i] = (enum lsa_SidType)centry_uint32(centry);
1495 dom = centry_string(centry, mem_ctx);
1496 if (*domain_name == NULL) {
1501 (*names)[i] = centry_string(centry, *names);
1503 have_unmapped = True;
1506 centry_free(centry);
1510 return NT_STATUS_NONE_MAPPED;
1512 if (!have_unmapped) {
1513 return NT_STATUS_OK;
1515 return STATUS_SOME_UNMAPPED;
1519 TALLOC_FREE(*names);
1520 TALLOC_FREE(*types);
1522 result = domain->backend->rids_to_names(domain, mem_ctx, domain_sid,
1523 rids, num_rids, domain_name,
1526 if (!NT_STATUS_IS_OK(result) &&
1527 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
1531 refresh_sequence_number(domain, False);
1533 for (i=0; i<num_rids; i++) {
1537 if (!sid_compose(&sid, domain_sid, rids[i])) {
1538 result = NT_STATUS_INTERNAL_ERROR;
1542 status = (*types)[i] == SID_NAME_UNKNOWN ?
1543 NT_STATUS_NONE_MAPPED : NT_STATUS_OK;
1545 wcache_save_sid_to_name(domain, status, &sid, *domain_name,
1546 (*names)[i], (*types)[i]);
1553 TALLOC_FREE(*names);
1554 TALLOC_FREE(*types);
1558 /* Lookup user information from a rid */
1559 static NTSTATUS query_user(struct winbindd_domain *domain,
1560 TALLOC_CTX *mem_ctx,
1561 const DOM_SID *user_sid,
1562 WINBIND_USERINFO *info)
1564 struct winbind_cache *cache = get_cache(domain);
1565 struct cache_entry *centry = NULL;
1571 centry = wcache_fetch(cache, domain, "U/%s", sid_string_static(user_sid));
1573 /* If we have an access denied cache entry and a cached info3 in the
1574 samlogon cache then do a query. This will force the rpc back end
1575 to return the info3 data. */
1577 if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
1578 netsamlogon_cache_have(user_sid)) {
1579 DEBUG(10, ("query_user: cached access denied and have cached info3\n"));
1580 domain->last_status = NT_STATUS_OK;
1581 centry_free(centry);
1588 info->acct_name = centry_string(centry, mem_ctx);
1589 info->full_name = centry_string(centry, mem_ctx);
1590 info->homedir = centry_string(centry, mem_ctx);
1591 info->shell = centry_string(centry, mem_ctx);
1592 centry_sid(centry, mem_ctx, &info->user_sid);
1593 centry_sid(centry, mem_ctx, &info->group_sid);
1594 status = centry->status;
1596 DEBUG(10,("query_user: [Cached] - cached info for domain %s status: %s\n",
1597 domain->name, nt_errstr(status) ));
1599 centry_free(centry);
1605 /* Return status value returned by seq number check */
1607 if (!NT_STATUS_IS_OK(domain->last_status))
1608 return domain->last_status;
1610 DEBUG(10,("sid_to_name: [Cached] - doing backend query for info for domain %s\n",
1613 status = domain->backend->query_user(domain, mem_ctx, user_sid, info);
1616 refresh_sequence_number(domain, False);
1617 wcache_save_user(domain, status, info);
1623 /* Lookup groups a user is a member of. */
1624 static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
1625 TALLOC_CTX *mem_ctx,
1626 const DOM_SID *user_sid,
1627 uint32 *num_groups, DOM_SID **user_gids)
1629 struct winbind_cache *cache = get_cache(domain);
1630 struct cache_entry *centry = NULL;
1638 centry = wcache_fetch(cache, domain, "UG/%s", sid_to_string(sid_string, user_sid));
1640 /* If we have an access denied cache entry and a cached info3 in the
1641 samlogon cache then do a query. This will force the rpc back end
1642 to return the info3 data. */
1644 if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
1645 netsamlogon_cache_have(user_sid)) {
1646 DEBUG(10, ("lookup_usergroups: cached access denied and have cached info3\n"));
1647 domain->last_status = NT_STATUS_OK;
1648 centry_free(centry);
1655 *num_groups = centry_uint32(centry);
1657 if (*num_groups == 0)
1660 (*user_gids) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_groups);
1662 smb_panic("lookup_usergroups out of memory");
1663 for (i=0; i<(*num_groups); i++) {
1664 centry_sid(centry, mem_ctx, &(*user_gids)[i]);
1668 status = centry->status;
1670 DEBUG(10,("lookup_usergroups: [Cached] - cached info for domain %s status: %s\n",
1671 domain->name, nt_errstr(status) ));
1673 centry_free(centry);
1678 (*user_gids) = NULL;
1680 /* Return status value returned by seq number check */
1682 if (!NT_STATUS_IS_OK(domain->last_status))
1683 return domain->last_status;
1685 DEBUG(10,("lookup_usergroups: [Cached] - doing backend query for info for domain %s\n",
1688 status = domain->backend->lookup_usergroups(domain, mem_ctx, user_sid, num_groups, user_gids);
1691 refresh_sequence_number(domain, False);
1692 centry = centry_start(domain, status);
1695 centry_put_uint32(centry, *num_groups);
1696 for (i=0; i<(*num_groups); i++) {
1697 centry_put_sid(centry, &(*user_gids)[i]);
1699 centry_end(centry, "UG/%s", sid_to_string(sid_string, user_sid));
1700 centry_free(centry);
1706 static NTSTATUS lookup_useraliases(struct winbindd_domain *domain,
1707 TALLOC_CTX *mem_ctx,
1708 uint32 num_sids, const DOM_SID *sids,
1709 uint32 *num_aliases, uint32 **alias_rids)
1711 struct winbind_cache *cache = get_cache(domain);
1712 struct cache_entry *centry = NULL;
1714 char *sidlist = talloc_strdup(mem_ctx, "");
1720 if (num_sids == 0) {
1723 return NT_STATUS_OK;
1726 /* We need to cache indexed by the whole list of SIDs, the aliases
1727 * resulting might come from any of the SIDs. */
1729 for (i=0; i<num_sids; i++) {
1730 sidlist = talloc_asprintf(mem_ctx, "%s/%s", sidlist,
1731 sid_string_static(&sids[i]));
1732 if (sidlist == NULL)
1733 return NT_STATUS_NO_MEMORY;
1736 centry = wcache_fetch(cache, domain, "UA%s", sidlist);
1741 *num_aliases = centry_uint32(centry);
1744 (*alias_rids) = TALLOC_ARRAY(mem_ctx, uint32, *num_aliases);
1746 if ((*num_aliases != 0) && ((*alias_rids) == NULL)) {
1747 centry_free(centry);
1748 return NT_STATUS_NO_MEMORY;
1751 for (i=0; i<(*num_aliases); i++)
1752 (*alias_rids)[i] = centry_uint32(centry);
1754 status = centry->status;
1756 DEBUG(10,("lookup_useraliases: [Cached] - cached info for domain: %s "
1757 "status %s\n", domain->name, nt_errstr(status)));
1759 centry_free(centry);
1764 (*alias_rids) = NULL;
1766 if (!NT_STATUS_IS_OK(domain->last_status))
1767 return domain->last_status;
1769 DEBUG(10,("lookup_usergroups: [Cached] - doing backend query for info "
1770 "for domain %s\n", domain->name ));
1772 status = domain->backend->lookup_useraliases(domain, mem_ctx,
1774 num_aliases, alias_rids);
1777 refresh_sequence_number(domain, False);
1778 centry = centry_start(domain, status);
1781 centry_put_uint32(centry, *num_aliases);
1782 for (i=0; i<(*num_aliases); i++)
1783 centry_put_uint32(centry, (*alias_rids)[i]);
1784 centry_end(centry, "UA%s", sidlist);
1785 centry_free(centry);
1792 static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
1793 TALLOC_CTX *mem_ctx,
1794 const DOM_SID *group_sid, uint32 *num_names,
1795 DOM_SID **sid_mem, char ***names,
1796 uint32 **name_types)
1798 struct winbind_cache *cache = get_cache(domain);
1799 struct cache_entry *centry = NULL;
1807 centry = wcache_fetch(cache, domain, "GM/%s", sid_to_string(sid_string, group_sid));
1811 *num_names = centry_uint32(centry);
1813 if (*num_names == 0)
1816 (*sid_mem) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_names);
1817 (*names) = TALLOC_ARRAY(mem_ctx, char *, *num_names);
1818 (*name_types) = TALLOC_ARRAY(mem_ctx, uint32, *num_names);
1820 if (! (*sid_mem) || ! (*names) || ! (*name_types)) {
1821 smb_panic("lookup_groupmem out of memory");
1824 for (i=0; i<(*num_names); i++) {
1825 centry_sid(centry, mem_ctx, &(*sid_mem)[i]);
1826 (*names)[i] = centry_string(centry, mem_ctx);
1827 (*name_types)[i] = centry_uint32(centry);
1831 status = centry->status;
1833 DEBUG(10,("lookup_groupmem: [Cached] - cached info for domain %s status: %s\n",
1834 domain->name, nt_errstr(status)));
1836 centry_free(centry);
1843 (*name_types) = NULL;
1845 /* Return status value returned by seq number check */
1847 if (!NT_STATUS_IS_OK(domain->last_status))
1848 return domain->last_status;
1850 DEBUG(10,("lookup_groupmem: [Cached] - doing backend query for info for domain %s\n",
1853 status = domain->backend->lookup_groupmem(domain, mem_ctx, group_sid, num_names,
1854 sid_mem, names, name_types);
1857 refresh_sequence_number(domain, False);
1858 centry = centry_start(domain, status);
1861 centry_put_uint32(centry, *num_names);
1862 for (i=0; i<(*num_names); i++) {
1863 centry_put_sid(centry, &(*sid_mem)[i]);
1864 centry_put_string(centry, (*names)[i]);
1865 centry_put_uint32(centry, (*name_types)[i]);
1867 centry_end(centry, "GM/%s", sid_to_string(sid_string, group_sid));
1868 centry_free(centry);
1874 /* find the sequence number for a domain */
1875 static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
1877 refresh_sequence_number(domain, False);
1879 *seq = domain->sequence_number;
1881 return NT_STATUS_OK;
1884 /* enumerate trusted domains
1885 * (we need to have the list of trustdoms in the cache when we go offline) -
1887 static NTSTATUS trusted_domains(struct winbindd_domain *domain,
1888 TALLOC_CTX *mem_ctx,
1889 uint32 *num_domains,
1894 struct winbind_cache *cache = get_cache(domain);
1895 struct cache_entry *centry = NULL;
1902 centry = wcache_fetch(cache, domain, "TRUSTDOMS/%s", domain->name);
1908 *num_domains = centry_uint32(centry);
1910 (*names) = TALLOC_ARRAY(mem_ctx, char *, *num_domains);
1911 (*alt_names) = TALLOC_ARRAY(mem_ctx, char *, *num_domains);
1912 (*dom_sids) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_domains);
1914 if (! (*dom_sids) || ! (*names) || ! (*alt_names)) {
1915 smb_panic("trusted_domains out of memory");
1918 for (i=0; i<(*num_domains); i++) {
1919 (*names)[i] = centry_string(centry, mem_ctx);
1920 (*alt_names)[i] = centry_string(centry, mem_ctx);
1921 centry_sid(centry, mem_ctx, &(*dom_sids)[i]);
1924 status = centry->status;
1926 DEBUG(10,("trusted_domains: [Cached] - cached info for domain %s (%d trusts) status: %s\n",
1927 domain->name, *num_domains, nt_errstr(status) ));
1929 centry_free(centry);
1936 (*alt_names) = NULL;
1938 /* Return status value returned by seq number check */
1940 if (!NT_STATUS_IS_OK(domain->last_status))
1941 return domain->last_status;
1943 DEBUG(10,("trusted_domains: [Cached] - doing backend query for info for domain %s\n",
1946 status = domain->backend->trusted_domains(domain, mem_ctx, num_domains,
1947 names, alt_names, dom_sids);
1949 /* no trusts gives NT_STATUS_NO_MORE_ENTRIES resetting to NT_STATUS_OK
1950 * so that the generic centry handling still applies correctly -
1953 if (!NT_STATUS_IS_ERR(status)) {
1954 status = NT_STATUS_OK;
1958 refresh_sequence_number(domain, False);
1960 centry = centry_start(domain, status);
1964 centry_put_uint32(centry, *num_domains);
1966 for (i=0; i<(*num_domains); i++) {
1967 centry_put_string(centry, (*names)[i]);
1968 centry_put_string(centry, (*alt_names)[i]);
1969 centry_put_sid(centry, &(*dom_sids)[i]);
1972 centry_end(centry, "TRUSTDOMS/%s", domain->name);
1974 centry_free(centry);
1980 /* get lockout policy */
1981 static NTSTATUS lockout_policy(struct winbindd_domain *domain,
1982 TALLOC_CTX *mem_ctx,
1983 SAM_UNK_INFO_12 *policy){
1984 struct winbind_cache *cache = get_cache(domain);
1985 struct cache_entry *centry = NULL;
1991 centry = wcache_fetch(cache, domain, "LOC_POL/%s", domain->name);
1996 policy->duration = centry_nttime(centry);
1997 policy->reset_count = centry_nttime(centry);
1998 policy->bad_attempt_lockout = centry_uint16(centry);
2000 status = centry->status;
2002 DEBUG(10,("lockout_policy: [Cached] - cached info for domain %s status: %s\n",
2003 domain->name, nt_errstr(status) ));
2005 centry_free(centry);
2009 ZERO_STRUCTP(policy);
2011 /* Return status value returned by seq number check */
2013 if (!NT_STATUS_IS_OK(domain->last_status))
2014 return domain->last_status;
2016 DEBUG(10,("lockout_policy: [Cached] - doing backend query for info for domain %s\n",
2019 status = domain->backend->lockout_policy(domain, mem_ctx, policy);
2022 refresh_sequence_number(domain, False);
2023 wcache_save_lockout_policy(domain, status, policy);
2028 /* get password policy */
2029 static NTSTATUS password_policy(struct winbindd_domain *domain,
2030 TALLOC_CTX *mem_ctx,
2031 SAM_UNK_INFO_1 *policy)
2033 struct winbind_cache *cache = get_cache(domain);
2034 struct cache_entry *centry = NULL;
2040 centry = wcache_fetch(cache, domain, "PWD_POL/%s", domain->name);
2045 policy->min_length_password = centry_uint16(centry);
2046 policy->password_history = centry_uint16(centry);
2047 policy->password_properties = centry_uint32(centry);
2048 policy->expire = centry_nttime(centry);
2049 policy->min_passwordage = centry_nttime(centry);
2051 status = centry->status;
2053 DEBUG(10,("lockout_policy: [Cached] - cached info for domain %s status: %s\n",
2054 domain->name, nt_errstr(status) ));
2056 centry_free(centry);
2060 ZERO_STRUCTP(policy);
2062 /* Return status value returned by seq number check */
2064 if (!NT_STATUS_IS_OK(domain->last_status))
2065 return domain->last_status;
2067 DEBUG(10,("password_policy: [Cached] - doing backend query for info for domain %s\n",
2070 status = domain->backend->password_policy(domain, mem_ctx, policy);
2073 refresh_sequence_number(domain, False);
2074 wcache_save_password_policy(domain, status, policy);
2080 /* Invalidate cached user and group lists coherently */
2082 static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
2085 if (strncmp(kbuf.dptr, "UL/", 3) == 0 ||
2086 strncmp(kbuf.dptr, "GL/", 3) == 0)
2087 tdb_delete(the_tdb, kbuf);
2092 /* Invalidate the getpwnam and getgroups entries for a winbindd domain */
2094 void wcache_invalidate_samlogon(struct winbindd_domain *domain,
2095 NET_USER_INFO_3 *info3)
2097 struct winbind_cache *cache;
2102 cache = get_cache(domain);
2103 netsamlogon_clear_cached_user(cache->tdb, info3);
2106 void wcache_invalidate_cache(void)
2108 struct winbindd_domain *domain;
2110 for (domain = domain_list(); domain; domain = domain->next) {
2111 struct winbind_cache *cache = get_cache(domain);
2113 DEBUG(10, ("wcache_invalidate_cache: invalidating cache "
2114 "entries for %s\n", domain->name));
2116 tdb_traverse(cache->tdb, traverse_fn, NULL);
2120 static BOOL init_wcache(void)
2122 if (wcache == NULL) {
2123 wcache = SMB_XMALLOC_P(struct winbind_cache);
2124 ZERO_STRUCTP(wcache);
2127 if (wcache->tdb != NULL)
2130 /* when working offline we must not clear the cache on restart */
2131 wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"),
2132 WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
2133 lp_winbind_offline_logon() ? TDB_DEFAULT : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST),
2134 O_RDWR|O_CREAT, 0600);
2136 if (wcache->tdb == NULL) {
2137 DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
2144 void cache_store_response(pid_t pid, struct winbindd_response *response)
2151 DEBUG(10, ("Storing response for pid %d, len %d\n",
2152 pid, response->length));
2154 fstr_sprintf(key_str, "DR/%d", pid);
2155 if (tdb_store(wcache->tdb, string_tdb_data(key_str),
2156 make_tdb_data((const char *)response, sizeof(*response)),
2160 if (response->length == sizeof(*response))
2163 /* There's extra data */
2165 DEBUG(10, ("Storing extra data: len=%d\n",
2166 (int)(response->length - sizeof(*response))));
2168 fstr_sprintf(key_str, "DE/%d", pid);
2169 if (tdb_store(wcache->tdb, string_tdb_data(key_str),
2170 make_tdb_data((const char *)response->extra_data.data,
2171 response->length - sizeof(*response)),
2175 /* We could not store the extra data, make sure the tdb does not
2176 * contain a main record with wrong dangling extra data */
2178 fstr_sprintf(key_str, "DR/%d", pid);
2179 tdb_delete(wcache->tdb, string_tdb_data(key_str));
2184 BOOL cache_retrieve_response(pid_t pid, struct winbindd_response * response)
2192 DEBUG(10, ("Retrieving response for pid %d\n", pid));
2194 fstr_sprintf(key_str, "DR/%d", pid);
2195 data = tdb_fetch(wcache->tdb, string_tdb_data(key_str));
2197 if (data.dptr == NULL)
2200 if (data.dsize != sizeof(*response))
2203 memcpy(response, data.dptr, data.dsize);
2204 SAFE_FREE(data.dptr);
2206 if (response->length == sizeof(*response)) {
2207 response->extra_data.data = NULL;
2211 /* There's extra data */
2213 DEBUG(10, ("Retrieving extra data length=%d\n",
2214 (int)(response->length - sizeof(*response))));
2216 fstr_sprintf(key_str, "DE/%d", pid);
2217 data = tdb_fetch(wcache->tdb, string_tdb_data(key_str));
2219 if (data.dptr == NULL) {
2220 DEBUG(0, ("Did not find extra data\n"));
2224 if (data.dsize != (response->length - sizeof(*response))) {
2225 DEBUG(0, ("Invalid extra data length: %d\n", (int)data.dsize));
2226 SAFE_FREE(data.dptr);
2230 dump_data(11, data.dptr, data.dsize);
2232 response->extra_data.data = data.dptr;
2236 void cache_cleanup_response(pid_t pid)
2243 fstr_sprintf(key_str, "DR/%d", pid);
2244 tdb_delete(wcache->tdb, string_tdb_data(key_str));
2246 fstr_sprintf(key_str, "DE/%d", pid);
2247 tdb_delete(wcache->tdb, string_tdb_data(key_str));
2253 BOOL lookup_cached_sid(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
2254 const char **domain_name, const char **name,
2255 enum lsa_SidType *type)
2257 struct winbindd_domain *domain;
2258 struct winbind_cache *cache;
2259 struct cache_entry *centry = NULL;
2262 domain = find_lookup_domain_from_sid(sid);
2263 if (domain == NULL) {
2267 cache = get_cache(domain);
2269 if (cache->tdb == NULL) {
2273 centry = wcache_fetch(cache, domain, "SN/%s", sid_string_static(sid));
2274 if (centry == NULL) {
2278 if (NT_STATUS_IS_OK(centry->status)) {
2279 *type = (enum lsa_SidType)centry_uint32(centry);
2280 *domain_name = centry_string(centry, mem_ctx);
2281 *name = centry_string(centry, mem_ctx);
2284 status = centry->status;
2285 centry_free(centry);
2286 return NT_STATUS_IS_OK(status);
2289 BOOL lookup_cached_name(TALLOC_CTX *mem_ctx,
2290 const char *domain_name,
2293 enum lsa_SidType *type)
2295 struct winbindd_domain *domain;
2296 struct winbind_cache *cache;
2297 struct cache_entry *centry = NULL;
2301 domain = find_lookup_domain_from_name(domain_name);
2302 if (domain == NULL) {
2306 cache = get_cache(domain);
2308 if (cache->tdb == NULL) {
2312 fstrcpy(uname, name);
2315 centry = wcache_fetch(cache, domain, "NS/%s/%s", domain_name, uname);
2316 if (centry == NULL) {
2320 if (NT_STATUS_IS_OK(centry->status)) {
2321 *type = (enum lsa_SidType)centry_uint32(centry);
2322 centry_sid(centry, mem_ctx, sid);
2325 status = centry->status;
2326 centry_free(centry);
2328 return NT_STATUS_IS_OK(status);
2331 void cache_name2sid(struct winbindd_domain *domain,
2332 const char *domain_name, const char *name,
2333 enum lsa_SidType type, const DOM_SID *sid)
2335 refresh_sequence_number(domain, False);
2336 wcache_save_name_to_sid(domain, NT_STATUS_OK, domain_name, name,
2340 /* delete all centries that don't have NT_STATUS_OK set */
2341 static int traverse_fn_cleanup(TDB_CONTEXT *the_tdb, TDB_DATA kbuf,
2342 TDB_DATA dbuf, void *state)
2344 struct cache_entry *centry;
2346 centry = wcache_fetch_raw(kbuf.dptr);
2351 if (!NT_STATUS_IS_OK(centry->status)) {
2352 DEBUG(10,("deleting centry %s\n", kbuf.dptr));
2353 tdb_delete(the_tdb, kbuf);
2356 centry_free(centry);
2360 /* flush the cache */
2361 void wcache_flush_cache(void)
2366 tdb_close(wcache->tdb);
2372 /* when working offline we must not clear the cache on restart */
2373 wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"),
2374 WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
2375 lp_winbind_offline_logon() ? TDB_DEFAULT : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST),
2376 O_RDWR|O_CREAT, 0600);
2379 DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
2383 tdb_traverse(wcache->tdb, traverse_fn_cleanup, NULL);
2385 DEBUG(10,("wcache_flush_cache success\n"));
2388 /* Count cached creds */
2390 static int traverse_fn_cached_creds(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
2393 int *cred_count = (int*)state;
2395 if (strncmp(kbuf.dptr, "CRED/", 5) == 0) {
2401 NTSTATUS wcache_count_cached_creds(struct winbindd_domain *domain, int *count)
2403 struct winbind_cache *cache = get_cache(domain);
2408 return NT_STATUS_INTERNAL_DB_ERROR;
2411 tdb_traverse(cache->tdb, traverse_fn_cached_creds, (void *)count);
2413 return NT_STATUS_OK;
2417 struct cred_list *prev, *next;
2422 static struct cred_list *wcache_cred_list;
2424 static int traverse_fn_get_credlist(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
2427 struct cred_list *cred;
2429 if (strncmp(kbuf.dptr, "CRED/", 5) == 0) {
2431 cred = SMB_MALLOC_P(struct cred_list);
2433 DEBUG(0,("traverse_fn_remove_first_creds: failed to malloc new entry for list\n"));
2439 /* save a copy of the key */
2441 fstrcpy(cred->name, kbuf.dptr);
2442 DLIST_ADD(wcache_cred_list, cred);
2448 NTSTATUS wcache_remove_oldest_cached_creds(struct winbindd_domain *domain, const DOM_SID *sid)
2450 struct winbind_cache *cache = get_cache(domain);
2453 struct cred_list *cred, *oldest = NULL;
2456 return NT_STATUS_INTERNAL_DB_ERROR;
2459 /* we possibly already have an entry */
2460 if (sid && NT_STATUS_IS_OK(wcache_cached_creds_exist(domain, sid))) {
2464 DEBUG(11,("we already have an entry, deleting that\n"));
2466 fstr_sprintf(key_str, "CRED/%s", sid_string_static(sid));
2468 tdb_delete(cache->tdb, string_tdb_data(key_str));
2470 return NT_STATUS_OK;
2473 ret = tdb_traverse(cache->tdb, traverse_fn_get_credlist, NULL);
2475 return NT_STATUS_OK;
2476 } else if ((ret == -1) || (wcache_cred_list == NULL)) {
2477 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2480 ZERO_STRUCTP(oldest);
2482 for (cred = wcache_cred_list; cred; cred = cred->next) {
2487 data = tdb_fetch(cache->tdb, make_tdb_data(cred->name, strlen(cred->name)));
2489 DEBUG(10,("wcache_remove_oldest_cached_creds: entry for [%s] not found\n",
2491 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
2495 t = IVAL(data.dptr, 0);
2496 SAFE_FREE(data.dptr);
2499 oldest = SMB_MALLOC_P(struct cred_list);
2500 if (oldest == NULL) {
2501 status = NT_STATUS_NO_MEMORY;
2505 fstrcpy(oldest->name, cred->name);
2506 oldest->created = t;
2510 if (t < oldest->created) {
2511 fstrcpy(oldest->name, cred->name);
2512 oldest->created = t;
2516 if (tdb_delete(cache->tdb, string_tdb_data(oldest->name)) == 0) {
2517 status = NT_STATUS_OK;
2519 status = NT_STATUS_UNSUCCESSFUL;
2522 SAFE_FREE(wcache_cred_list);
2528 /* Change the global online/offline state. */
2529 BOOL set_global_winbindd_state_offline(void)
2533 DEBUG(10,("set_global_winbindd_state_offline: offline requested.\n"));
2535 /* Only go offline if someone has created
2536 the key "WINBINDD_OFFLINE" in the cache tdb. */
2538 if (wcache == NULL || wcache->tdb == NULL) {
2539 DEBUG(10,("set_global_winbindd_state_offline: wcache not open yet.\n"));
2543 if (!lp_winbind_offline_logon()) {
2544 DEBUG(10,("set_global_winbindd_state_offline: rejecting.\n"));
2548 if (global_winbindd_offline_state) {
2549 /* Already offline. */
2553 data = tdb_fetch_bystring( wcache->tdb, "WINBINDD_OFFLINE" );
2555 if (!data.dptr || data.dsize != 4) {
2556 DEBUG(10,("set_global_winbindd_state_offline: offline state not set.\n"));
2557 SAFE_FREE(data.dptr);
2560 DEBUG(10,("set_global_winbindd_state_offline: offline state set.\n"));
2561 global_winbindd_offline_state = True;
2562 SAFE_FREE(data.dptr);
2567 void set_global_winbindd_state_online(void)
2569 DEBUG(10,("set_global_winbindd_state_online: online requested.\n"));
2571 if (!lp_winbind_offline_logon()) {
2572 DEBUG(10,("set_global_winbindd_state_online: rejecting.\n"));
2576 if (!global_winbindd_offline_state) {
2577 /* Already online. */
2580 global_winbindd_offline_state = False;
2586 /* Ensure there is no key "WINBINDD_OFFLINE" in the cache tdb. */
2587 tdb_delete_bystring(wcache->tdb, "WINBINDD_OFFLINE");
2590 BOOL get_global_winbindd_state_offline(void)
2592 return global_winbindd_offline_state;
2595 /***********************************************************************
2596 Validate functions for all possible cache tdb keys.
2597 ***********************************************************************/
2599 static int bad_cache_entry;
2601 static int validate_seqnum(TDB_DATA kbuf, TDB_DATA dbuf)
2606 static int validate_ns(TDB_DATA kbuf, TDB_DATA dbuf)
2611 static int validate_sn(TDB_DATA kbuf, TDB_DATA dbuf)
2616 static int validate_u(TDB_DATA kbuf, TDB_DATA dbuf)
2621 static int validate_loc_pol(TDB_DATA kbuf, TDB_DATA dbuf)
2626 static int validate_pwd_pol(TDB_DATA kbuf, TDB_DATA dbuf)
2631 static int validate_cred(TDB_DATA kbuf, TDB_DATA dbuf)
2636 static int validate_ul(TDB_DATA kbuf, TDB_DATA dbuf)
2641 static int validate_gl(TDB_DATA kbuf, TDB_DATA dbuf)
2646 static int validate_ug(TDB_DATA kbuf, TDB_DATA dbuf)
2651 static int validate_ua(TDB_DATA kbuf, TDB_DATA dbuf)
2656 static int validate_gm(TDB_DATA kbuf, TDB_DATA dbuf)
2661 static int validate_dr(TDB_DATA kbuf, TDB_DATA dbuf)
2666 static int validate_de(TDB_DATA kbuf, TDB_DATA dbuf)
2671 static int validate_trustdoms(TDB_DATA kbuf, TDB_DATA dbuf)
2676 static int validate_offline(TDB_DATA kbuf, TDB_DATA dbuf)
2681 /***********************************************************************
2682 A list of all possible cache tdb keys with associated validation
2684 ***********************************************************************/
2686 struct key_val_struct {
2687 const char *keyname;
2688 int (*validate_data_fn)(TDB_DATA kbuf, TDB_DATA dbuf);
2690 {"SEQNUM/", validate_seqnum},
2691 {"NS/", validate_ns},
2692 {"SN/", validate_sn},
2694 {"LOC_POL/", validate_loc_pol},
2695 {"PWD_POL/", validate_pwd_pol},
2696 {"CRED/", validate_cred},
2697 {"UL/", validate_ul},
2698 {"GL/", validate_gl},
2699 {"UG/", validate_ug},
2700 {"UA", validate_ua},
2701 {"GM/", validate_gm},
2702 {"DR/", validate_dr},
2703 {"DE/", validate_de},
2704 {"TRUSTDOMS/", validate_trustdoms},
2705 {"WINBINDD_OFFLINE", validate_offline},
2709 /***********************************************************************
2710 Function to look at every entry in the tdb and validate it as far as
2712 ***********************************************************************/
2714 static int cache_traverse_validate_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, void *state)
2718 for (i = 0; key_val[i].keyname; i++) {
2719 size_t namelen = strlen(key_val[i].keyname);
2720 if (kbuf.dsize >= namelen && (
2721 strncmp(key_val[i].keyname, kbuf.dptr, namelen)) == 0) {
2722 return key_val[i].validate_data_fn(kbuf, dbuf);
2726 DEBUG(0,("cache_traverse_validate_fn: unknown cache entry\nkey :\n"));
2727 dump_data(0, kbuf.dptr, kbuf.dsize);
2728 DEBUG(0,("data :\n"));
2729 dump_data(0, dbuf.dptr, dbuf.dsize);
2730 return 1; /* terminate. */
2733 /* Handle any signals generated when validating a possibly
2736 static jmp_buf jmpbuf;
2739 static void sig_segv(int sig)
2741 longjmp(jmpbuf, SIGSEGV);
2746 static void sig_bus(int sig)
2748 longjmp(jmpbuf, SIGBUS);
2753 static void sig_abrt(int sig)
2755 longjmp(jmpbuf, SIGABRT);
2759 /***********************************************************************
2760 Try and validate every entry in the winbindd cache. If we fail here,
2761 delete the cache tdb and return non-zero - the caller (main winbindd
2762 function) will restart us as we don't know if we crashed or not.
2763 ***********************************************************************/
2765 int winbindd_validate_cache(void)
2769 int num_entries = 0;
2770 TDB_CONTEXT *tdb = NULL;
2771 const char *cache_path = lock_path("winbindd_cache.tdb");
2774 void (*old_segv_handler)(int) = CatchSignal(SIGSEGV,SIGNAL_CAST sig_segv);
2777 void (*old_bus_handler)(int) = CatchSignal(SIGBUS,SIGNAL_CAST sig_bus);
2780 void (*old_abrt_handler)(int) = CatchSignal(SIGABRT,SIGNAL_CAST sig_abrt);
2783 switch((ret = setjmp(jmpbuf))) {
2794 tdb = tdb_open_log(cache_path,
2795 WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
2796 lp_winbind_offline_logon() ? TDB_DEFAULT : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST),
2797 O_RDWR|O_CREAT, 0600);
2804 /* Check the cache freelist is good. */
2805 if (tdb_validate_freelist(tdb, &num_entries) == -1) {
2806 DEBUG(0,("winbindd_validate_cache: bad freelist in cache %s\n",
2811 DEBUG(10,("winbindd_validate_cache: cache %s freelist has %d entries\n",
2812 cache_path, num_entries));
2814 /* Now traverse the cache to validate it. */
2815 num_entries = tdb_traverse(tdb, cache_traverse_validate_fn, NULL);
2816 if (num_entries == -1 || bad_cache_entry) {
2817 DEBUG(0,("winbindd_validate_cache: cache %s traverse failed\n",
2822 DEBUG(10,("winbindd_validate_cache: cache %s is good "
2823 "with %d entries\n", cache_path, num_entries));
2824 ret = 0; /* Cache is good. */
2828 /* Ensure if we segv on exit we use the original
2829 handlers to avoid a loop. */
2832 CatchSignal(SIGSEGV,SIGNAL_CAST old_segv_handler);
2835 CatchSignal(SIGBUS,SIGNAL_CAST old_bus_handler);
2838 CatchSignal(SIGABRT,SIGNAL_CAST old_abrt_handler);
2844 } else if (fd != -1) {
2856 /* the cache backend methods are exposed via this structure */
2857 struct winbindd_methods cache_methods = {
git.samba.org / samba.git / blob