2 Unix SMB/CIFS implementation.
7 Copyright (C) Simo Sorce 2006
8 Copyright (C) Rafal Szczesniak 2002
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.*/
26 #define TIMEOUT_LEN 12
27 #define IDMAP_CACHE_DATA_FMT "%12u/%s"
29 struct idmap_cache_ctx {
33 static int idmap_cache_destructor(struct idmap_cache_ctx *cache)
37 if (cache && cache->tdb) {
38 ret = tdb_close(cache->tdb);
45 struct idmap_cache_ctx *idmap_cache_init(TALLOC_CTX *memctx)
47 struct idmap_cache_ctx *cache;
48 char* cache_fname = NULL;
50 cache = talloc(memctx, struct idmap_cache_ctx);
52 DEBUG(0, ("Out of memory!\n"));
56 cache_fname = lock_path("idmap_cache.tdb");
58 DEBUG(10, ("Opening cache file at %s\n", cache_fname));
60 cache->tdb = tdb_open_log(cache_fname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
63 DEBUG(5, ("Attempt to open %s has failed.\n", cache_fname));
67 talloc_set_destructor(cache, idmap_cache_destructor);
72 static char *idmap_cache_sidkey(TALLOC_CTX *ctx, const DOM_SID *sid)
76 return talloc_asprintf(ctx, "IDMAP/SID/%s",
77 sid_to_fstring(sidstr, sid));
80 static char *idmap_cache_idkey(TALLOC_CTX *ctx, const struct id_map *id)
82 return talloc_asprintf(ctx, "IDMAP/%s/%lu",
83 (id->xid.type==ID_TYPE_UID)?"UID":"GID",
84 (unsigned long)id->xid.id);
87 NTSTATUS idmap_cache_set(struct idmap_cache_ctx *cache, const struct id_map *id)
90 time_t timeout = time(NULL) + lp_idmap_cache_time();
96 /* Don't cache lookups in the S-1-22-{1,2} domain */
98 if (sid_check_is_in_unix_users(id->sid)
99 || sid_check_is_in_unix_groups(id->sid)) {
103 sidkey = idmap_cache_sidkey(cache, id->sid);
104 if (sidkey == NULL) {
105 return NT_STATUS_NO_MEMORY;
108 /* use sidkey as the local memory ctx */
109 idkey = idmap_cache_idkey(sidkey, id);
111 ret = NT_STATUS_NO_MEMORY;
117 /* use sidkey as the local memory ctx */
118 valstr = talloc_asprintf(sidkey, IDMAP_CACHE_DATA_FMT, (int)timeout, idkey);
120 DEBUG(0, ("Out of memory!\n"));
121 ret = NT_STATUS_NO_MEMORY;
125 databuf = string_term_tdb_data(valstr);
126 DEBUG(10, ("Adding cache entry with key = %s; value = %s and timeout ="
127 " %s (%d seconds %s)\n", sidkey, valstr , ctime(&timeout),
128 (int)(timeout - time(NULL)),
129 timeout > time(NULL) ? "ahead" : "in the past"));
131 if (tdb_store_bystring(cache->tdb, sidkey, databuf, TDB_REPLACE) != 0) {
132 DEBUG(3, ("Failed to store cache entry!\n"));
133 ret = NT_STATUS_UNSUCCESSFUL;
139 /* use sidkey as the local memory ctx */
140 valstr = talloc_asprintf(sidkey, IDMAP_CACHE_DATA_FMT, (int)timeout, sidkey);
142 DEBUG(0, ("Out of memory!\n"));
143 ret = NT_STATUS_NO_MEMORY;
147 databuf = string_term_tdb_data(valstr);
148 DEBUG(10, ("Adding cache entry with key = %s; value = %s and timeout ="
149 " %s (%d seconds %s)\n", idkey, valstr, ctime(&timeout),
150 (int)(timeout - time(NULL)),
151 timeout > time(NULL) ? "ahead" : "in the past"));
153 if (tdb_store_bystring(cache->tdb, idkey, databuf, TDB_REPLACE) != 0) {
154 DEBUG(3, ("Failed to store cache entry!\n"));
155 ret = NT_STATUS_UNSUCCESSFUL;
166 NTSTATUS idmap_cache_set_negative_sid(struct idmap_cache_ctx *cache, const struct id_map *id)
168 NTSTATUS ret = NT_STATUS_OK;
169 time_t timeout = time(NULL) + lp_idmap_negative_cache_time();
174 sidkey = idmap_cache_sidkey(cache, id->sid);
175 if (sidkey == NULL) {
176 return NT_STATUS_NO_MEMORY;
179 /* use sidkey as the local memory ctx */
180 valstr = talloc_asprintf(sidkey, IDMAP_CACHE_DATA_FMT, (int)timeout, "IDMAP/NEGATIVE");
182 DEBUG(0, ("Out of memory!\n"));
183 ret = NT_STATUS_NO_MEMORY;
187 databuf = string_term_tdb_data(valstr);
188 DEBUG(10, ("Adding cache entry with key = %s; value = %s and timeout ="
189 " %s (%d seconds %s)\n", sidkey, valstr, ctime(&timeout),
190 (int)(timeout - time(NULL)),
191 timeout > time(NULL) ? "ahead" : "in the past"));
193 if (tdb_store_bystring(cache->tdb, sidkey, databuf, TDB_REPLACE) != 0) {
194 DEBUG(3, ("Failed to store cache entry!\n"));
195 ret = NT_STATUS_UNSUCCESSFUL;
204 NTSTATUS idmap_cache_set_negative_id(struct idmap_cache_ctx *cache, const struct id_map *id)
206 NTSTATUS ret = NT_STATUS_OK;
207 time_t timeout = time(NULL) + lp_idmap_negative_cache_time();
212 idkey = idmap_cache_idkey(cache, id);
214 return NT_STATUS_NO_MEMORY;
217 /* use idkey as the local memory ctx */
218 valstr = talloc_asprintf(idkey, IDMAP_CACHE_DATA_FMT, (int)timeout, "IDMAP/NEGATIVE");
220 DEBUG(0, ("Out of memory!\n"));
221 ret = NT_STATUS_NO_MEMORY;
225 databuf = string_term_tdb_data(valstr);
226 DEBUG(10, ("Adding cache entry with key = %s; value = %s and timeout ="
227 " %s (%d seconds %s)\n", idkey, valstr, ctime(&timeout),
228 (int)(timeout - time(NULL)),
229 timeout > time(NULL) ? "ahead" : "in the past"));
231 if (tdb_store_bystring(cache->tdb, idkey, databuf, TDB_REPLACE) != 0) {
232 DEBUG(3, ("Failed to store cache entry!\n"));
233 ret = NT_STATUS_UNSUCCESSFUL;
242 static NTSTATUS idmap_cache_fill_map(struct id_map *id, const char *value)
246 /* see if it is a sid */
247 if ( ! strncmp("IDMAP/SID/", value, 10)) {
249 if ( ! string_to_sid(id->sid, &value[10])) {
253 id->status = ID_MAPPED;
258 /* not a SID see if it is an UID or a GID */
259 if ( ! strncmp("IDMAP/UID/", value, 10)) {
262 id->xid.type = ID_TYPE_UID;
264 } else if ( ! strncmp("IDMAP/GID/", value, 10)) {
267 id->xid.type = ID_TYPE_GID;
271 /* a completely bogus value bail out */
275 id->xid.id = strtol(&value[10], &rem, 0);
280 id->status = ID_MAPPED;
285 DEBUG(1, ("invalid value: %s\n", value));
286 id->status = ID_UNKNOWN;
287 return NT_STATUS_INTERNAL_DB_CORRUPTION;
290 /* search the cache for the SID an return a mapping if found *
292 * 4 cases are possible
295 * in this case id->status = ID_MAPPED and NT_STATUS_OK is returned
297 * in this case id->status = ID_UNKNOWN and NT_STATUS_NONE_MAPPED is returned
298 * 3 negative cache found
299 * in this case id->status = ID_UNMAPPED and NT_STATUS_OK is returned
300 * 4 map found but timer expired
301 * in this case id->status = ID_EXPIRED and NT_STATUS_SYNCHRONIZATION_REQUIRED
302 * is returned. In this case revalidation of the cache is needed.
305 NTSTATUS idmap_cache_map_sid(struct idmap_cache_ctx *cache, struct id_map *id)
307 NTSTATUS ret = NT_STATUS_OK;
312 struct winbindd_domain *our_domain = find_our_domain();
313 time_t now = time(NULL);
315 /* make sure it is marked as not mapped by default */
316 id->status = ID_UNKNOWN;
318 sidkey = idmap_cache_sidkey(cache, id->sid);
319 if (sidkey == NULL) {
320 return NT_STATUS_NO_MEMORY;
323 databuf = tdb_fetch_bystring(cache->tdb, sidkey);
325 if (databuf.dptr == NULL) {
326 DEBUG(10, ("Cache entry with key = %s couldn't be found\n", sidkey));
327 ret = NT_STATUS_NONE_MAPPED;
331 t = strtol((const char *)databuf.dptr, &endptr, 10);
333 if ((endptr == NULL) || (*endptr != '/')) {
334 DEBUG(2, ("Invalid idmap cache data format: %s\n",
335 (const char *)databuf.dptr));
336 /* remove the entry */
337 tdb_delete_bystring(cache->tdb, sidkey);
338 ret = NT_STATUS_NONE_MAPPED;
342 /* check it is not negative */
343 if (strcmp("IDMAP/NEGATIVE", endptr+1) != 0) {
345 DEBUG(10, ("Returning %s cache entry: key = %s, value = %s, "
346 "timeout = %s", t > now ? "valid" :
347 "expired", sidkey, endptr+1, ctime(&t)));
349 /* this call if successful will also mark the entry as mapped */
350 ret = idmap_cache_fill_map(id, endptr+1);
351 if ( ! NT_STATUS_IS_OK(ret)) {
352 /* if not valid form delete the entry */
353 tdb_delete_bystring(cache->tdb, sidkey);
354 ret = NT_STATUS_NONE_MAPPED;
358 /* here ret == NT_STATUS_OK and id->status = ID_MAPPED */
361 /* If we've been told to be offline - stay in
363 if ( IS_DOMAIN_OFFLINE(our_domain) ) {
364 DEBUG(10,("idmap_cache_map_sid: idmap is offline\n"));
368 /* We're expired, set an error code
370 ret = NT_STATUS_SYNCHRONIZATION_REQUIRED;
376 /* Was a negative cache hit */
378 /* Ignore the negative cache when offline */
380 if ( IS_DOMAIN_OFFLINE(our_domain) ) {
381 DEBUG(10,("idmap_cache_map_sid: idmap is offline\n"));
386 /* Check for valid or expired cache hits */
388 /* We're expired. Return not mapped */
389 ret = NT_STATUS_NONE_MAPPED;
391 /* this is not mapped as it was a negative cache hit */
392 id->status = ID_UNMAPPED;
397 SAFE_FREE(databuf.dptr);
402 /* search the cache for the ID an return a mapping if found *
404 * 4 cases are possible
407 * in this case id->status = ID_MAPPED and NT_STATUS_OK is returned
409 * in this case id->status = ID_UNKNOWN and NT_STATUS_NONE_MAPPED is returned
410 * 3 negative cache found
411 * in this case id->status = ID_UNMAPPED and NT_STATUS_OK is returned
412 * 4 map found but timer expired
413 * in this case id->status = ID_EXPIRED and NT_STATUS_SYNCHRONIZATION_REQUIRED
414 * is returned. In this case revalidation of the cache is needed.
417 NTSTATUS idmap_cache_map_id(struct idmap_cache_ctx *cache, struct id_map *id)
424 struct winbindd_domain *our_domain = find_our_domain();
425 time_t now = time(NULL);
427 /* make sure it is marked as unknown by default */
428 id->status = ID_UNKNOWN;
430 idkey = idmap_cache_idkey(cache, id);
432 return NT_STATUS_NO_MEMORY;
435 databuf = tdb_fetch_bystring(cache->tdb, idkey);
437 if (databuf.dptr == NULL) {
438 DEBUG(10, ("Cache entry with key = %s couldn't be found\n", idkey));
439 ret = NT_STATUS_NONE_MAPPED;
443 t = strtol((const char *)databuf.dptr, &endptr, 10);
445 if ((endptr == NULL) || (*endptr != '/')) {
446 DEBUG(2, ("Invalid idmap cache data format: %s\n",
447 (const char *)databuf.dptr));
448 /* remove the entry */
449 tdb_delete_bystring(cache->tdb, idkey);
450 ret = NT_STATUS_NONE_MAPPED;
454 /* check it is not negative */
455 if (strcmp("IDMAP/NEGATIVE", endptr+1) != 0) {
457 DEBUG(10, ("Returning %s cache entry: key = %s, value = %s, "
458 "timeout = %s", t > now ? "valid" :
459 "expired", idkey, endptr+1, ctime(&t)));
461 /* this call if successful will also mark the entry as mapped */
462 ret = idmap_cache_fill_map(id, endptr+1);
463 if ( ! NT_STATUS_IS_OK(ret)) {
464 /* if not valid form delete the entry */
465 tdb_delete_bystring(cache->tdb, idkey);
466 ret = NT_STATUS_NONE_MAPPED;
470 /* here ret == NT_STATUS_OK and id->mapped = ID_MAPPED */
473 /* If we've been told to be offline - stay in
475 if ( IS_DOMAIN_OFFLINE(our_domain) ) {
476 DEBUG(10,("idmap_cache_map_sid: idmap is offline\n"));
480 /* We're expired, set an error code
482 ret = NT_STATUS_SYNCHRONIZATION_REQUIRED;
488 /* Was a negative cache hit */
490 /* Ignore the negative cache when offline */
492 if ( IS_DOMAIN_OFFLINE(our_domain) ) {
493 DEBUG(10,("idmap_cache_map_sid: idmap is offline\n"));
494 ret = NT_STATUS_NONE_MAPPED;
498 /* Process the negative cache hit */
501 /* We're expired. Return not mapped */
502 ret = NT_STATUS_NONE_MAPPED;
504 /* this is not mapped is it was a negative cache hit */
505 id->status = ID_UNMAPPED;
510 SAFE_FREE(databuf.dptr);