2 Unix SMB/CIFS implementation.
5 Copyright (C) Volker Lendecke 2008
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.*/
21 #include "idmap_cache.h"
22 #include "../libcli/security/security.h"
23 #include "../librpc/gen_ndr/idmap.h"
24 #include "lib/gencache.h"
27 * Find a sid2xid mapping
28 * @param[in] sid the sid to map
29 * @param[out] id where to put the result
30 * @param[out] expired is the cache entry expired?
31 * @retval Was anything in the cache at all?
33 * If id->id == -1 this was a negative mapping.
36 bool idmap_cache_find_sid2unixid(const struct dom_sid *sid, struct unixid *id,
39 struct dom_sid_buf sidstr;
47 key = talloc_asprintf(talloc_tos(), "IDMAP/SID2XID/%s",
48 dom_sid_str_buf(sid, &sidstr));
52 ret = gencache_get(key, talloc_tos(), &value, &timeout);
57 DEBUG(10, ("Parsing value for key [%s]: value=[%s]\n", key, value));
59 if (value[0] == '\0') {
60 DEBUG(0, ("Failed to parse value for key [%s]: "
61 "value is empty\n", key));
66 tmp_id.id = strtol(value, &endptr, 10);
68 if ((value == endptr) && (tmp_id.id == 0)) {
69 DEBUG(0, ("Failed to parse value for key [%s]: value[%s] does "
70 "not start with a number\n", key, value));
75 DEBUG(10, ("Parsing value for key [%s]: id=[%llu], endptr=[%s]\n",
76 key, (unsigned long long)tmp_id.id, endptr));
78 ret = (*endptr == ':');
82 tmp_id.type = ID_TYPE_UID;
86 tmp_id.type = ID_TYPE_GID;
90 tmp_id.type = ID_TYPE_BOTH;
94 tmp_id.type = ID_TYPE_NOT_SPECIFIED;
98 DEBUG(0, ("FAILED to parse value for key [%s] "
99 "(id=[%llu], endptr=[%s]): "
100 "no type character after colon\n",
101 key, (unsigned long long)tmp_id.id, endptr));
105 DEBUG(0, ("FAILED to parse value for key [%s] "
106 "(id=[%llu], endptr=[%s]): "
107 "illegal type character '%c'\n",
108 key, (unsigned long long)tmp_id.id, endptr,
113 if (endptr[2] != '\0') {
114 DEBUG(0, ("FAILED to parse value for key [%s] "
115 "(id=[%llu], endptr=[%s]): "
116 "more than 1 type character after colon\n",
117 key, (unsigned long long)tmp_id.id, endptr));
123 *expired = (timeout <= time(NULL));
125 DEBUG(0, ("FAILED to parse value for key [%s] (value=[%s]): "
126 "colon missing after id=[%llu]\n",
127 key, value, (unsigned long long)tmp_id.id));
137 * Find a sid2uid mapping
138 * @param[in] sid the sid to map
139 * @param[out] puid where to put the result
140 * @param[out] expired is the cache entry expired?
141 * @retval Was anything in the cache at all?
143 * If *puid == -1 this was a negative mapping.
146 bool idmap_cache_find_sid2uid(const struct dom_sid *sid, uid_t *puid,
151 ret = idmap_cache_find_sid2unixid(sid, &id, expired);
156 if (id.type == ID_TYPE_BOTH || id.type == ID_TYPE_UID) {
165 * Find a sid2gid mapping
166 * @param[in] sid the sid to map
167 * @param[out] pgid where to put the result
168 * @param[out] expired is the cache entry expired?
169 * @retval Was anything in the cache at all?
171 * If *pgid == -1 this was a negative mapping.
174 bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid,
179 ret = idmap_cache_find_sid2unixid(sid, &id, expired);
184 if (id.type == ID_TYPE_BOTH || id.type == ID_TYPE_GID) {
192 struct idmap_cache_xid2sid_state {
198 static void idmap_cache_xid2sid_parser(const struct gencache_timeout *timeout,
202 struct idmap_cache_xid2sid_state *state =
203 (struct idmap_cache_xid2sid_state *)private_data;
206 if ((blob.length == 0) || (blob.data[blob.length-1] != 0)) {
208 * Not a string, can't be a valid mapping
214 value = (char *)blob.data;
216 if ((value[0] == '-') && (value[1] == '\0')) {
218 * Return NULL SID, see comment to uid2sid
220 *state->sid = (struct dom_sid) {0};
223 state->ret = string_to_sid(state->sid, value);
226 *state->expired = gencache_timeout_expired(timeout);
231 * Find a uid2sid mapping
232 * @param[in] uid the uid to map
233 * @param[out] sid where to put the result
234 * @param[out] expired is the cache entry expired?
235 * @retval Was anything in the cache at all?
237 * If "is_null_sid(sid)", this was a negative mapping.
240 bool idmap_cache_find_uid2sid(uid_t uid, struct dom_sid *sid, bool *expired)
243 struct idmap_cache_xid2sid_state state;
245 fstr_sprintf(key, "IDMAP/UID2SID/%d", (int)uid);
248 state.expired = expired;
251 gencache_parse(key, idmap_cache_xid2sid_parser, &state);
256 * Find a gid2sid mapping
257 * @param[in] gid the gid to map
258 * @param[out] sid where to put the result
259 * @param[out] expired is the cache entry expired?
260 * @retval Was anything in the cache at all?
262 * If "is_null_sid(sid)", this was a negative mapping.
265 bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired)
268 struct idmap_cache_xid2sid_state state;
270 fstr_sprintf(key, "IDMAP/GID2SID/%d", (int)gid);
273 state.expired = expired;
276 gencache_parse(key, idmap_cache_xid2sid_parser, &state);
281 * Find a xid2sid mapping
282 * @param[in] id the unix id to map
283 * @param[out] sid where to put the result
284 * @param[out] expired is the cache entry expired?
285 * @retval Was anything in the cache at all?
287 * If "is_null_sid(sid)", this was a negative mapping.
289 bool idmap_cache_find_xid2sid(
290 const struct unixid *id, struct dom_sid *sid, bool *expired)
292 struct idmap_cache_xid2sid_state state = {
293 .sid = sid, .expired = expired
309 fstr_sprintf(key, "IDMAP/%cID2SID/%d", c, (int)id->id);
311 gencache_parse(key, idmap_cache_xid2sid_parser, &state);
317 * Store a mapping in the idmap cache
318 * @param[in] sid the sid to map
319 * @param[in] unix_id the unix_id to map
321 * If both parameters are valid values, then a positive mapping in both
322 * directions is stored. If "is_null_sid(sid)" is true, then this will be a
323 * negative mapping of xid, we want to cache that for this xid we could not
324 * find anything. Likewise if "xid==-1", then we want to cache that we did not
325 * find a mapping for the sid passed here.
328 void idmap_cache_set_sid2unixid(const struct dom_sid *sid, struct unixid *unix_id)
330 time_t now = time(NULL);
334 if (!is_null_sid(sid)) {
335 struct dom_sid_buf sidstr;
336 fstr_sprintf(key, "IDMAP/SID2XID/%s",
337 dom_sid_str_buf(sid, &sidstr));
338 switch (unix_id->type) {
340 fstr_sprintf(value, "%d:U", (int)unix_id->id);
343 fstr_sprintf(value, "%d:G", (int)unix_id->id);
346 fstr_sprintf(value, "%d:B", (int)unix_id->id);
348 case ID_TYPE_NOT_SPECIFIED:
349 fstr_sprintf(value, "%d:N", (int)unix_id->id);
354 timeout = (unix_id->id == -1)
355 ? lp_idmap_negative_cache_time()
356 : lp_idmap_cache_time();
357 gencache_set(key, value, now + timeout);
359 if (unix_id->id != -1) {
360 if (is_null_sid(sid)) {
361 /* negative xid mapping */
363 timeout = lp_idmap_negative_cache_time();
366 sid_to_fstring(value, sid);
367 timeout = lp_idmap_cache_time();
369 switch (unix_id->type) {
371 fstr_sprintf(key, "IDMAP/UID2SID/%d", (int)unix_id->id);
372 gencache_set(key, value, now + timeout);
373 fstr_sprintf(key, "IDMAP/GID2SID/%d", (int)unix_id->id);
374 gencache_set(key, value, now + timeout);
378 fstr_sprintf(key, "IDMAP/UID2SID/%d", (int)unix_id->id);
382 fstr_sprintf(key, "IDMAP/GID2SID/%d", (int)unix_id->id);
388 gencache_set(key, value, now + timeout);
392 static char* key_xid2sid_str(TALLOC_CTX* mem_ctx, char t, const char* id) {
393 return talloc_asprintf(mem_ctx, "IDMAP/%cID2SID/%s", t, id);
396 static char* key_xid2sid(TALLOC_CTX* mem_ctx, char t, int id) {
398 snprintf(str, sizeof(str), "%d", id);
399 return key_xid2sid_str(mem_ctx, t, str);
402 static char* key_sid2xid_str(TALLOC_CTX* mem_ctx, const char* id) {
403 return talloc_asprintf(mem_ctx, "IDMAP/SID2XID/%s", id);
406 static bool idmap_cache_del_xid(char t, int xid)
408 TALLOC_CTX* mem_ctx = talloc_stackframe();
409 const char* key = key_xid2sid(mem_ctx, t, xid);
410 char* sid_str = NULL;
414 if (!gencache_get(key, mem_ctx, &sid_str, &timeout)) {
415 DEBUG(3, ("no entry: %s\n", key));
420 if (sid_str[0] != '-') {
421 const char* sid_key = key_sid2xid_str(mem_ctx, sid_str);
422 if (!gencache_del(sid_key)) {
423 DEBUG(2, ("failed to delete: %s\n", sid_key));
426 DEBUG(5, ("delete: %s\n", sid_key));
431 if (!gencache_del(key)) {
432 DEBUG(1, ("failed to delete: %s\n", key));
435 DEBUG(5, ("delete: %s\n", key));
439 talloc_free(mem_ctx);
443 bool idmap_cache_del_uid(uid_t uid) {
444 return idmap_cache_del_xid('U', uid);
447 bool idmap_cache_del_gid(gid_t gid) {
448 return idmap_cache_del_xid('G', gid);
451 bool idmap_cache_del_sid(const struct dom_sid *sid)
453 TALLOC_CTX* mem_ctx = talloc_stackframe();
457 struct dom_sid_buf sidbuf;
460 if (!idmap_cache_find_sid2unixid(sid, &id, &expired)) {
468 idmap_cache_del_xid('U', id.id);
469 idmap_cache_del_xid('G', id.id);
472 idmap_cache_del_xid('U', id.id);
475 idmap_cache_del_xid('G', id.id);
482 sid_key = key_sid2xid_str(mem_ctx, dom_sid_str_buf(sid, &sidbuf));
483 if (sid_key == NULL) {
486 /* If the mapping was symmetric, then this should fail */
487 gencache_del(sid_key);
489 talloc_free(mem_ctx);
git.samba.org / samba.git / blob