2 Unix SMB/CIFS implementation.
5 Copyright (C) Volker Lendecke 2008
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.*/
21 #include "idmap_cache.h"
22 #include "../libcli/security/security.h"
23 #include "../librpc/gen_ndr/idmap.h"
26 * Find a sid2xid mapping
27 * @param[in] sid the sid to map
28 * @param[out] id where to put the result
29 * @param[out] expired is the cache entry expired?
30 * @retval Was anything in the cache at all?
32 * If id->id == -1 this was a negative mapping.
35 bool idmap_cache_find_sid2unixid(const struct dom_sid *sid, struct unixid *id,
46 key = talloc_asprintf(talloc_tos(), "IDMAP/SID2XID/%s",
47 sid_to_fstring(sidstr, sid));
51 ret = gencache_get(key, &value, &timeout);
56 DEBUG(10, ("Parsing value for key [%s]: value=[%s]\n", key, value));
58 if (value[0] == '\0') {
59 DEBUG(0, ("Failed to parse value for key [%s]: "
60 "value is empty\n", key));
65 tmp_id.id = strtol(value, &endptr, 10);
67 if ((value == endptr) && (tmp_id.id == 0)) {
68 DEBUG(0, ("Failed to parse value for key [%s]: value[%s] does "
69 "not start with a number\n", key, value));
74 DEBUG(10, ("Parsing value for key [%s]: id=[%llu], endptr=[%s]\n",
75 key, (unsigned long long)tmp_id.id, endptr));
77 ret = (*endptr == ':');
81 tmp_id.type = ID_TYPE_UID;
85 tmp_id.type = ID_TYPE_GID;
89 tmp_id.type = ID_TYPE_BOTH;
93 DEBUG(0, ("FAILED to parse value for key [%s] "
94 "(id=[%llu], endptr=[%s]): "
95 "no type character after colon\n",
96 key, (unsigned long long)tmp_id.id, endptr));
100 DEBUG(0, ("FAILED to parse value for key [%s] "
101 "(id=[%llu], endptr=[%s]): "
102 "illegal type character '%c'\n",
103 key, (unsigned long long)tmp_id.id, endptr,
108 if (endptr[2] != '\0') {
109 DEBUG(0, ("FAILED to parse value for key [%s] "
110 "(id=[%llu], endptr=[%s]): "
111 "more than 1 type character after colon\n",
112 key, (unsigned long long)tmp_id.id, endptr));
118 *expired = (timeout <= time(NULL));
120 DEBUG(0, ("FAILED to parse value for key [%s] (value=[%s]): "
121 "colon missing after id=[%llu]\n",
122 key, value, (unsigned long long)tmp_id.id));
132 * Find a sid2uid mapping
133 * @param[in] sid the sid to map
134 * @param[out] puid where to put the result
135 * @param[out] expired is the cache entry expired?
136 * @retval Was anything in the cache at all?
138 * If *puid == -1 this was a negative mapping.
141 bool idmap_cache_find_sid2uid(const struct dom_sid *sid, uid_t *puid,
146 ret = idmap_cache_find_sid2unixid(sid, &id, expired);
151 if (id.type == ID_TYPE_BOTH || id.type == ID_TYPE_UID) {
160 * Find a sid2gid mapping
161 * @param[in] sid the sid to map
162 * @param[out] pgid where to put the result
163 * @param[out] expired is the cache entry expired?
164 * @retval Was anything in the cache at all?
166 * If *pgid == -1 this was a negative mapping.
169 bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid,
174 ret = idmap_cache_find_sid2unixid(sid, &id, expired);
179 if (id.type == ID_TYPE_BOTH || id.type == ID_TYPE_GID) {
188 * Find a uid2sid mapping
189 * @param[in] uid the uid to map
190 * @param[out] sid where to put the result
191 * @param[out] expired is the cache entry expired?
192 * @retval Was anything in the cache at all?
194 * If "is_null_sid(sid)", this was a negative mapping.
197 bool idmap_cache_find_uid2sid(uid_t uid, struct dom_sid *sid, bool *expired)
204 key = talloc_asprintf(talloc_tos(), "IDMAP/UID2SID/%d", (int)uid);
208 ret = gencache_get(key, &value, &timeout);
214 if (value[0] != '-') {
215 ret = string_to_sid(sid, value);
219 *expired = (timeout <= time(NULL));
225 * Find a gid2sid mapping
226 * @param[in] gid the gid to map
227 * @param[out] sid where to put the result
228 * @param[out] expired is the cache entry expired?
229 * @retval Was anything in the cache at all?
231 * If "is_null_sid(sid)", this was a negative mapping.
234 bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired)
241 key = talloc_asprintf(talloc_tos(), "IDMAP/GID2SID/%d", (int)gid);
245 ret = gencache_get(key, &value, &timeout);
251 if (value[0] != '-') {
252 ret = string_to_sid(sid, value);
256 *expired = (timeout <= time(NULL));
262 * Store a mapping in the idmap cache
263 * @param[in] sid the sid to map
264 * @param[in] gid the gid to map
266 * If both parameters are valid values, then a positive mapping in both
267 * directions is stored. If "is_null_sid(sid)" is true, then this will be a
268 * negative mapping of gid, we want to cache that for this gid we could not
269 * find anything. Likewise if "gid==-1", then we want to cache that we did not
270 * find a mapping for the sid passed here.
273 void idmap_cache_set_sid2unixid(const struct dom_sid *sid, struct unixid *unix_id)
275 time_t now = time(NULL);
277 fstring sidstr, key, value;
279 if (!is_null_sid(sid)) {
280 fstr_sprintf(key, "IDMAP/SID2XID/%s",
281 sid_to_fstring(sidstr, sid));
282 switch (unix_id->type) {
284 fstr_sprintf(value, "%d:U", (int)unix_id->id);
287 fstr_sprintf(value, "%d:G", (int)unix_id->id);
290 fstr_sprintf(value, "%d:B", (int)unix_id->id);
295 timeout = (unix_id->id == -1)
296 ? lp_idmap_negative_cache_time()
297 : lp_idmap_cache_time();
298 gencache_set(key, value, now + timeout);
300 if (unix_id->id != -1) {
301 if (is_null_sid(sid)) {
302 /* negative gid mapping */
304 timeout = lp_idmap_negative_cache_time();
307 sid_to_fstring(value, sid);
308 timeout = lp_idmap_cache_time();
310 switch (unix_id->type) {
312 fstr_sprintf(key, "IDMAP/UID2SID/%d", (int)unix_id->id);
313 gencache_set(key, value, now + timeout);
314 fstr_sprintf(key, "IDMAP/GID2SID/%d", (int)unix_id->id);
315 gencache_set(key, value, now + timeout);
319 fstr_sprintf(key, "IDMAP/UID2SID/%d", (int)unix_id->id);
323 fstr_sprintf(key, "IDMAP/GID2SID/%d", (int)unix_id->id);
329 gencache_set(key, value, now + timeout);
334 * Store a mapping in the idmap cache
335 * @param[in] sid the sid to map
336 * @param[in] uid the uid to map
338 * If both parameters are valid values, then a positive mapping in both
339 * directions is stored. If "is_null_sid(sid)" is true, then this will be a
340 * negative mapping of uid, we want to cache that for this uid we could not
341 * find anything. Likewise if "uid==-1", then we want to cache that we did not
342 * find a mapping for the sid passed here.
345 void idmap_cache_set_sid2uid(const struct dom_sid *sid, uid_t uid)
348 id.type = ID_TYPE_UID;
354 /* If we were asked to invalidate this SID -> UID
355 * mapping, it was because we found out that this was
356 * not a UID at all. Do not overwrite a valid GID or
358 if (idmap_cache_find_sid2gid(sid, &tmp_gid, &expired)) {
365 idmap_cache_set_sid2unixid(sid, &id);
370 * Store a mapping in the idmap cache
371 * @param[in] sid the sid to map
372 * @param[in] gid the gid to map
374 * If both parameters are valid values, then a positive mapping in both
375 * directions is stored. If "is_null_sid(sid)" is true, then this will be a
376 * negative mapping of gid, we want to cache that for this gid we could not
377 * find anything. Likewise if "gid==-1", then we want to cache that we did not
378 * find a mapping for the sid passed here.
381 void idmap_cache_set_sid2gid(const struct dom_sid *sid, gid_t gid)
384 id.type = ID_TYPE_GID;
390 /* If we were asked to invalidate this SID -> GID
391 * mapping, it was because we found out that this was
392 * not a GID at all. Do not overwrite a valid UID or
394 if (idmap_cache_find_sid2uid(sid, &tmp_uid, &expired)) {
401 idmap_cache_set_sid2unixid(sid, &id);
405 static char* key_xid2sid_str(TALLOC_CTX* mem_ctx, char t, const char* id) {
406 return talloc_asprintf(mem_ctx, "IDMAP/%cID2SID/%s", t, id);
409 static char* key_xid2sid(TALLOC_CTX* mem_ctx, char t, int id) {
411 snprintf(str, sizeof(str), "%d", id);
412 return key_xid2sid_str(mem_ctx, t, str);
415 static char* key_sid2xid_str(TALLOC_CTX* mem_ctx, const char* id) {
416 return talloc_asprintf(mem_ctx, "IDMAP/SID2XID/%s", id);
419 static bool idmap_cache_del_xid(char t, int xid)
421 TALLOC_CTX* mem_ctx = talloc_stackframe();
422 const char* key = key_xid2sid(mem_ctx, t, xid);
423 char* sid_str = NULL;
427 if (!gencache_get(key, &sid_str, &timeout)) {
428 DEBUG(3, ("no entry: %s\n", key));
433 if (sid_str[0] != '-') {
434 const char* sid_key = key_sid2xid_str(mem_ctx, sid_str);
435 if (!gencache_del(sid_key)) {
436 DEBUG(2, ("failed to delete: %s\n", sid_key));
439 DEBUG(5, ("delete: %s\n", sid_key));
444 if (!gencache_del(key)) {
445 DEBUG(1, ("failed to delete: %s\n", key));
448 DEBUG(5, ("delete: %s\n", key));
452 talloc_free(mem_ctx);
456 bool idmap_cache_del_uid(uid_t uid) {
457 return idmap_cache_del_xid('U', uid);
460 bool idmap_cache_del_gid(gid_t gid) {
461 return idmap_cache_del_xid('G', gid);
464 bool idmap_cache_del_sid(const struct dom_sid *sid)
466 TALLOC_CTX* mem_ctx = talloc_stackframe();
472 if (!idmap_cache_find_sid2unixid(sid, &id, &expired)) {
480 idmap_cache_del_xid('U', id.id);
481 idmap_cache_del_xid('G', id.id);
484 idmap_cache_del_xid('U', id.id);
487 idmap_cache_del_xid('G', id.id);
494 sid_key = key_sid2xid_str(mem_ctx, dom_sid_string(mem_ctx, sid));
495 if (sid_key == NULL) {
498 /* If the mapping was symmetric, then this should fail */
499 gencache_del(sid_key);
501 talloc_free(mem_ctx);