2005-01-14 02:01:19 +00:00
/*
Unix SMB / CIFS implementation .
Main winbindd server routines
2010-02-18 10:54:53 +11:00
Copyright ( C ) Stefan Metzmacher 2005 - 2008
2005-01-30 02:55:30 +00:00
Copyright ( C ) Andrew Tridgell 2005
2010-02-18 10:54:53 +11:00
Copyright ( C ) Andrew Bartlett < abartlet @ samba . org > 2010
2005-01-14 02:01:19 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-10 02:07:03 +00:00
the Free Software Foundation ; either version 3 of the License , or
2005-01-14 02:01:19 +00:00
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
2007-07-10 02:07:03 +00:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2005-01-14 02:01:19 +00:00
*/
# include "includes.h"
2006-03-07 11:07:23 +00:00
# include "smbd/process_model.h"
2005-09-22 18:35:08 +00:00
# include "winbind/wb_server.h"
2006-01-12 09:38:35 +00:00
# include "lib/stream/packet.h"
2010-01-17 10:21:21 +01:00
# include "lib/tsocket/tsocket.h"
# include "libcli/util/tstream.h"
2007-09-08 12:42:09 +00:00
# include "param/param.h"
2010-02-18 10:54:53 +11:00
# include "param/secrets.h"
2013-06-27 11:28:03 +10:00
# include "lib/util/dlinklist.h"
2005-01-14 02:01:19 +00:00
2005-09-22 18:35:08 +00:00
void wbsrv_terminate_connection ( struct wbsrv_connection * wbconn , const char * reason )
{
2013-06-27 11:28:03 +10:00
struct wbsrv_service * service = wbconn - > listen_socket - > service ;
if ( wbconn - > pending_calls = = 0 ) {
char * full_reason = talloc_asprintf ( wbconn , " wbsrv: %s " , reason ) ;
DLIST_REMOVE ( service - > broken_connections , wbconn ) ;
stream_terminate_connection ( wbconn - > conn , full_reason ? full_reason : reason ) ;
return ;
}
if ( wbconn - > terminate ! = NULL ) {
return ;
}
DEBUG ( 3 , ( " wbsrv: terminating connection due to '%s' defered due to %d pending calls \n " ,
reason , wbconn - > pending_calls ) ) ;
wbconn - > terminate = talloc_strdup ( wbconn , reason ) ;
if ( wbconn - > terminate = = NULL ) {
wbconn - > terminate = " wbsrv: defered terminating connection - no memory " ;
}
DLIST_ADD_END ( service - > broken_connections , wbconn , NULL ) ;
}
static void wbsrv_cleanup_broken_connections ( struct wbsrv_service * s )
{
struct wbsrv_connection * cur , * next ;
next = s - > broken_connections ;
while ( next ! = NULL ) {
cur = next ;
next = cur - > next ;
wbsrv_terminate_connection ( cur , cur - > terminate ) ;
}
2005-09-22 18:35:08 +00:00
}
2005-01-14 02:01:19 +00:00
2010-01-17 10:21:21 +01:00
static void wbsrv_call_loop ( struct tevent_req * subreq )
2006-01-12 09:38:35 +00:00
{
2010-01-17 10:21:21 +01:00
struct wbsrv_connection * wbsrv_conn = tevent_req_callback_data ( subreq ,
struct wbsrv_connection ) ;
2013-06-27 11:28:03 +10:00
struct wbsrv_service * service = wbsrv_conn - > listen_socket - > service ;
2010-01-17 10:21:21 +01:00
struct wbsrv_samba3_call * call ;
NTSTATUS status ;
2013-06-27 11:28:03 +10:00
if ( wbsrv_conn - > terminate ) {
/*
* if the current connection is broken
* we need to clean it up before any other connection
*/
wbsrv_terminate_connection ( wbsrv_conn , wbsrv_conn - > terminate ) ;
wbsrv_cleanup_broken_connections ( service ) ;
return ;
}
wbsrv_cleanup_broken_connections ( service ) ;
2010-01-17 10:21:21 +01:00
call = talloc_zero ( wbsrv_conn , struct wbsrv_samba3_call ) ;
if ( call = = NULL ) {
wbsrv_terminate_connection ( wbsrv_conn , " wbsrv_call_loop: "
" no memory for wbsrv_samba3_call " ) ;
return ;
}
call - > wbconn = wbsrv_conn ;
status = tstream_read_pdu_blob_recv ( subreq ,
call ,
& call - > in ) ;
TALLOC_FREE ( subreq ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
const char * reason ;
2013-05-07 10:17:26 +02:00
reason = talloc_asprintf ( wbsrv_conn , " wbsrv_call_loop: "
2010-01-17 10:21:21 +01:00
" tstream_read_pdu_blob_recv() - %s " ,
nt_errstr ( status ) ) ;
if ( ! reason ) {
reason = nt_errstr ( status ) ;
}
wbsrv_terminate_connection ( wbsrv_conn , reason ) ;
return ;
}
DEBUG ( 10 , ( " Received winbind TCP packet of length %lu from %s \n " ,
( long ) call - > in . length ,
tsocket_address_string ( wbsrv_conn - > conn - > remote_address , call ) ) ) ;
status = wbsrv_samba3_process ( call ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
const char * reason ;
2013-04-29 18:40:08 +02:00
reason = talloc_asprintf ( wbsrv_conn , " wbsrv_call_loop: "
2010-01-17 10:21:21 +01:00
" tstream_read_pdu_blob_recv() - %s " ,
nt_errstr ( status ) ) ;
if ( ! reason ) {
reason = nt_errstr ( status ) ;
}
wbsrv_terminate_connection ( wbsrv_conn , reason ) ;
return ;
}
/*
* The winbind pdu ' s has the length as 4 byte ( initial_read_size ) ,
* wbsrv_samba3_packet_full_request provides the pdu length then .
*/
subreq = tstream_read_pdu_blob_send ( wbsrv_conn ,
wbsrv_conn - > conn - > event . ctx ,
wbsrv_conn - > tstream ,
4 , /* initial_read_size */
wbsrv_samba3_packet_full_request ,
wbsrv_conn ) ;
if ( subreq = = NULL ) {
wbsrv_terminate_connection ( wbsrv_conn , " wbsrv_call_loop: "
" no memory for tstream_read_pdu_blob_send " ) ;
return ;
}
tevent_req_set_callback ( subreq , wbsrv_call_loop , wbsrv_conn ) ;
2006-01-12 09:38:35 +00:00
}
2005-09-22 18:35:08 +00:00
static void wbsrv_accept ( struct stream_connection * conn )
2005-01-14 02:01:19 +00:00
{
2010-01-17 10:21:21 +01:00
struct wbsrv_listen_socket * wbsrv_socket = talloc_get_type ( conn - > private_data ,
struct wbsrv_listen_socket ) ;
struct wbsrv_connection * wbsrv_conn ;
struct tevent_req * subreq ;
int rc ;
2005-01-14 02:01:19 +00:00
2013-06-27 11:28:03 +10:00
wbsrv_cleanup_broken_connections ( wbsrv_socket - > service ) ;
2010-01-17 10:21:21 +01:00
wbsrv_conn = talloc_zero ( conn , struct wbsrv_connection ) ;
if ( wbsrv_conn = = NULL ) {
2006-01-12 09:38:35 +00:00
stream_terminate_connection ( conn , " wbsrv_accept: out of memory " ) ;
2005-01-14 02:01:19 +00:00
return ;
}
2010-01-17 10:21:21 +01:00
wbsrv_conn - > send_queue = tevent_queue_create ( conn , " wbsrv_accept " ) ;
if ( wbsrv_conn - > send_queue = = NULL ) {
stream_terminate_connection ( conn ,
" wbsrv_accept: out of memory " ) ;
2005-09-20 20:54:25 +00:00
return ;
}
2010-01-17 10:21:21 +01:00
TALLOC_FREE ( conn - > event . fde ) ;
2010-02-26 10:21:10 +01:00
rc = tstream_bsd_existing_socket ( wbsrv_conn ,
2010-01-17 10:21:21 +01:00
socket_get_fd ( conn - > socket ) ,
& wbsrv_conn - > tstream ) ;
if ( rc < 0 ) {
stream_terminate_connection ( conn ,
" wbsrv_accept: out of memory " ) ;
return ;
}
wbsrv_conn - > conn = conn ;
wbsrv_conn - > listen_socket = wbsrv_socket ;
wbsrv_conn - > lp_ctx = wbsrv_socket - > service - > task - > lp_ctx ;
conn - > private_data = wbsrv_conn ;
/*
* The winbind pdu ' s has the length as 4 byte ( initial_read_size ) ,
* wbsrv_samba3_packet_full_request provides the pdu length then .
*/
subreq = tstream_read_pdu_blob_send ( wbsrv_conn ,
wbsrv_conn - > conn - > event . ctx ,
wbsrv_conn - > tstream ,
4 , /* initial_read_size */
wbsrv_samba3_packet_full_request ,
wbsrv_conn ) ;
if ( subreq = = NULL ) {
wbsrv_terminate_connection ( wbsrv_conn , " wbsrv_accept: "
" no memory for tstream_read_pdu_blob_send " ) ;
return ;
}
tevent_req_set_callback ( subreq , wbsrv_call_loop , wbsrv_conn ) ;
2005-09-20 20:54:25 +00:00
}
2005-09-22 18:35:08 +00:00
/*
2010-01-17 10:21:21 +01:00
called on a tcp recv
2006-01-12 09:38:35 +00:00
*/
static void wbsrv_recv ( struct stream_connection * conn , uint16_t flags )
2005-09-20 20:54:25 +00:00
{
2010-01-17 10:21:21 +01:00
struct wbsrv_connection * wbsrv_conn = talloc_get_type ( conn - > private_data ,
struct wbsrv_connection ) ;
wbsrv_terminate_connection ( wbsrv_conn , " wbsrv_recv: called " ) ;
2005-09-20 20:54:25 +00:00
}
2005-09-22 18:35:08 +00:00
/*
called when we can write to a connection
*/
static void wbsrv_send ( struct stream_connection * conn , uint16_t flags )
2005-09-20 20:54:25 +00:00
{
2010-01-17 10:21:21 +01:00
struct wbsrv_connection * wbsrv_conn = talloc_get_type ( conn - > private_data ,
struct wbsrv_connection ) ;
/* this should never be triggered! */
wbsrv_terminate_connection ( wbsrv_conn , " wbsrv_send: called " ) ;
2005-09-20 20:54:25 +00:00
}
2005-09-22 18:35:08 +00:00
static const struct stream_server_ops wbsrv_ops = {
2006-01-12 09:38:35 +00:00
. name = " winbind samba3 protocol " ,
2005-09-22 18:35:08 +00:00
. accept_connection = wbsrv_accept ,
. recv_handler = wbsrv_recv ,
. send_handler = wbsrv_send
} ;
2005-01-30 02:55:30 +00:00
/*
startup the winbind task
*/
static void winbind_task_init ( struct task_server * task )
2005-01-14 02:01:19 +00:00
{
uint16_t port = 1 ;
2005-01-30 02:55:30 +00:00
const struct model_ops * model_ops ;
NTSTATUS status ;
2005-09-22 18:35:08 +00:00
struct wbsrv_service * service ;
struct wbsrv_listen_socket * listen_socket ;
2010-02-18 10:54:53 +11:00
char * errstring ;
struct dom_sid * primary_sid ;
2013-01-08 14:21:23 +01:00
bool ok ;
2005-01-14 02:01:19 +00:00
2006-03-09 17:48:41 +00:00
task_server_set_title ( task , " task[winbind] " ) ;
2005-01-30 02:55:30 +00:00
/* within the winbind task we want to be a single process, so
ask for the single process model ops and pass these to the
stream_setup_socket ( ) call . */
2010-10-30 11:24:15 +11:00
model_ops = process_model_startup ( " single " ) ;
2005-01-30 02:55:30 +00:00
if ( ! model_ops ) {
2005-10-09 08:32:06 +00:00
task_server_terminate ( task ,
2009-09-18 18:05:55 -07:00
" Can't find 'single' process model_ops " , true ) ;
2005-01-30 02:55:30 +00:00
return ;
}
2005-01-14 02:01:19 +00:00
2006-01-31 00:48:57 +00:00
/* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */
2013-01-08 14:21:23 +01:00
ok = directory_create_or_exist_strict ( lpcfg_winbindd_socket_directory ( task - > lp_ctx ) ,
geteuid ( ) , 0755 ) ;
if ( ! ok ) {
2006-01-31 00:48:57 +00:00
task_server_terminate ( task ,
2009-09-18 18:05:55 -07:00
" Cannot create winbindd pipe directory " , true ) ;
2006-01-31 00:48:57 +00:00
return ;
2005-01-14 02:01:19 +00:00
}
2008-06-28 22:02:19 +10:00
/* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */
2013-01-08 14:21:23 +01:00
ok = directory_create_or_exist_strict ( lpcfg_winbindd_privileged_socket_directory ( task - > lp_ctx ) ,
geteuid ( ) , 0750 ) ;
if ( ! ok ) {
2008-06-28 22:02:19 +10:00
task_server_terminate ( task ,
2009-09-18 18:05:55 -07:00
" Cannot create winbindd privileged pipe directory " , true ) ;
2008-06-28 22:02:19 +10:00
return ;
}
2005-09-22 18:35:08 +00:00
service = talloc_zero ( task , struct wbsrv_service ) ;
if ( ! service ) goto nomem ;
service - > task = task ;
2010-02-18 10:54:53 +11:00
/* Find the primary SID, depending if we are a standalone
* server ( what good is winbind in this case , but anyway . . . ) ,
* or are in a domain as a member or a DC */
2010-07-16 14:32:42 +10:00
switch ( lpcfg_server_role ( service - > task - > lp_ctx ) ) {
2010-02-18 10:54:53 +11:00
case ROLE_STANDALONE :
primary_sid = secrets_get_domain_sid ( service ,
service - > task - > lp_ctx ,
2010-09-13 12:15:52 +10:00
lpcfg_netbios_name ( service - > task - > lp_ctx ) ,
& service - > sec_channel_type ,
& errstring ) ;
2010-02-18 10:54:53 +11:00
if ( ! primary_sid ) {
2010-02-19 11:14:15 +11:00
char * message = talloc_asprintf ( task ,
" Cannot start Winbind (standalone configuration): %s: "
" Have you provisioned this server (%s) or changed it's name? " ,
2010-07-16 14:32:42 +10:00
errstring , lpcfg_netbios_name ( service - > task - > lp_ctx ) ) ;
2010-02-18 10:54:53 +11:00
task_server_terminate ( task , message , true ) ;
return ;
}
break ;
case ROLE_DOMAIN_MEMBER :
2010-02-19 11:14:15 +11:00
primary_sid = secrets_get_domain_sid ( service ,
service - > task - > lp_ctx ,
2010-09-13 12:15:52 +10:00
lpcfg_workgroup ( service - > task - > lp_ctx ) ,
& service - > sec_channel_type ,
& errstring ) ;
2010-02-19 11:14:15 +11:00
if ( ! primary_sid ) {
char * message = talloc_asprintf ( task , " Cannot start Winbind (domain member): %s: "
" Have you joined the %s domain? " ,
2010-07-16 14:32:42 +10:00
errstring , lpcfg_workgroup ( service - > task - > lp_ctx ) ) ;
2010-02-19 11:14:15 +11:00
task_server_terminate ( task , message , true ) ;
return ;
}
break ;
2012-06-10 22:08:20 +10:00
case ROLE_ACTIVE_DIRECTORY_DC :
2010-02-18 10:54:53 +11:00
primary_sid = secrets_get_domain_sid ( service ,
service - > task - > lp_ctx ,
2010-09-13 12:15:52 +10:00
lpcfg_workgroup ( service - > task - > lp_ctx ) ,
& service - > sec_channel_type ,
& errstring ) ;
2010-02-18 10:54:53 +11:00
if ( ! primary_sid ) {
2010-02-19 11:14:15 +11:00
char * message = talloc_asprintf ( task , " Cannot start Winbind (domain controller): %s: "
" Have you provisioned the %s domain? " ,
2010-07-16 14:32:42 +10:00
errstring , lpcfg_workgroup ( service - > task - > lp_ctx ) ) ;
2010-02-18 10:54:53 +11:00
task_server_terminate ( task , message , true ) ;
return ;
}
break ;
2012-06-10 22:08:20 +10:00
case ROLE_DOMAIN_PDC :
case ROLE_DOMAIN_BDC :
task_server_terminate ( task , " Cannot start 'samba' winbindd as a 'classic samba' DC: use winbindd instead " , true ) ;
return ;
2005-10-09 12:50:35 +00:00
}
2010-02-18 10:54:53 +11:00
service - > primary_sid = primary_sid ;
2005-10-09 12:50:35 +00:00
2008-04-17 12:23:44 +02:00
service - > idmap_ctx = idmap_init ( service , task - > event_ctx , task - > lp_ctx ) ;
2008-02-18 14:33:58 +01:00
if ( service - > idmap_ctx = = NULL ) {
2009-09-18 18:05:55 -07:00
task_server_terminate ( task , " Failed to load idmap database " , true ) ;
2008-02-18 14:33:58 +01:00
return ;
}
2010-07-16 14:32:42 +10:00
service - > priv_pipe_dir = lpcfg_winbindd_privileged_socket_directory ( task - > lp_ctx ) ;
service - > pipe_dir = lpcfg_winbindd_socket_directory ( task - > lp_ctx ) ;
2010-05-17 19:54:00 +10:00
2005-09-22 18:35:08 +00:00
/* setup the unprivileged samba3 socket */
listen_socket = talloc ( service , struct wbsrv_listen_socket ) ;
if ( ! listen_socket ) goto nomem ;
2006-01-31 00:48:57 +00:00
listen_socket - > socket_path = talloc_asprintf ( listen_socket , " %s/%s " ,
2010-05-17 19:54:00 +10:00
service - > pipe_dir ,
2010-04-15 09:29:33 +02:00
WINBINDD_SOCKET_NAME ) ;
2005-09-22 18:35:08 +00:00
if ( ! listen_socket - > socket_path ) goto nomem ;
listen_socket - > service = service ;
2007-10-01 22:13:02 +00:00
listen_socket - > privileged = false ;
2010-11-15 10:12:22 +11:00
status = stream_setup_socket ( task , task - > event_ctx , task - > lp_ctx , model_ops ,
2005-09-22 18:35:08 +00:00
& wbsrv_ops , " unix " ,
2005-10-09 08:32:06 +00:00
listen_socket - > socket_path , & port ,
2010-07-16 14:32:42 +10:00
lpcfg_socket_options ( task - > lp_ctx ) ,
2005-10-09 08:32:06 +00:00
listen_socket ) ;
2005-09-22 18:35:08 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) goto listen_failed ;
/* setup the privileged samba3 socket */
listen_socket = talloc ( service , struct wbsrv_listen_socket ) ;
if ( ! listen_socket ) goto nomem ;
2008-09-10 14:08:40 +10:00
listen_socket - > socket_path
= talloc_asprintf ( listen_socket , " %s/%s " ,
2010-05-17 19:54:00 +10:00
service - > priv_pipe_dir ,
2010-04-15 09:29:33 +02:00
WINBINDD_SOCKET_NAME ) ;
2008-06-28 22:02:19 +10:00
if ( ! listen_socket - > socket_path ) goto nomem ;
2005-09-22 18:35:08 +00:00
listen_socket - > service = service ;
2007-10-01 22:13:02 +00:00
listen_socket - > privileged = true ;
2010-11-15 10:12:22 +11:00
status = stream_setup_socket ( task , task - > event_ctx , task - > lp_ctx , model_ops ,
2005-09-22 18:35:08 +00:00
& wbsrv_ops , " unix " ,
2005-10-09 08:32:06 +00:00
listen_socket - > socket_path , & port ,
2010-07-16 14:32:42 +10:00
lpcfg_socket_options ( task - > lp_ctx ) ,
2005-10-09 08:32:06 +00:00
listen_socket ) ;
2005-09-22 18:35:08 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) goto listen_failed ;
2006-07-31 15:38:18 +00:00
status = wbsrv_init_irpc ( service ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) goto irpc_failed ;
2005-09-22 18:35:08 +00:00
return ;
listen_failed :
DEBUG ( 0 , ( " stream_setup_socket(path=%s) failed - %s \n " ,
listen_socket - > socket_path , nt_errstr ( status ) ) ) ;
2009-09-18 18:05:55 -07:00
task_server_terminate ( task , nt_errstr ( status ) , true ) ;
2005-09-22 18:35:08 +00:00
return ;
2006-07-31 15:38:18 +00:00
irpc_failed :
DEBUG ( 0 , ( " wbsrv_init_irpc() failed - %s \n " ,
nt_errstr ( status ) ) ) ;
2009-09-18 18:05:55 -07:00
task_server_terminate ( task , nt_errstr ( status ) , true ) ;
2006-07-31 15:38:18 +00:00
return ;
2005-09-22 18:35:08 +00:00
nomem :
2009-09-18 18:05:55 -07:00
task_server_terminate ( task , nt_errstr ( NT_STATUS_NO_MEMORY ) , true ) ;
2005-09-22 18:35:08 +00:00
return ;
2005-01-14 02:01:19 +00:00
}
2005-01-30 02:55:30 +00:00
/*
register ourselves as a available server
*/
2005-01-14 02:01:19 +00:00
NTSTATUS server_service_winbind_init ( void )
{
2008-02-04 21:58:29 +11:00
return register_server_service ( " winbind " , winbind_task_init ) ;
2005-01-14 02:01:19 +00:00
}