mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
bdba027a33
Involves bumping up the version number Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
3069 lines
72 KiB
C
3069 lines
72 KiB
C
/*
|
|
* RPC host
|
|
*
|
|
* Implements samba-dcerpcd service.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
/*
|
|
* This binary has two usage modes:
|
|
*
|
|
* In the normal case when invoked from smbd or winbind it is given a
|
|
* directory to scan via --libexec-rpcds and will invoke on demand any
|
|
* binaries it finds there starting with rpcd_ when a named pipe
|
|
* connection is requested.
|
|
*
|
|
* In the second mode it can be started explicitly from system startup
|
|
* scripts.
|
|
*
|
|
* When Samba is set up as an Active Directory Domain Controller the
|
|
* normal samba binary overrides and provides DCERPC services, whilst
|
|
* allowing samba-dcerpcd to provide the services that smbd used to
|
|
* provide in that set-up, such as SRVSVC.
|
|
*
|
|
* The second mode can also be useful for use outside of the Samba framework,
|
|
* for example, use with the Linux kernel SMB2 server ksmbd. In this mode
|
|
* it behaves like inetd and listens on sockets on behalf of RPC server
|
|
* implementations.
|
|
*/
|
|
|
|
#include "replace.h"
|
|
#include <fnmatch.h>
|
|
#include "lib/cmdline/cmdline.h"
|
|
#include "lib/cmdline/closefrom_except.h"
|
|
#include "source3/include/includes.h"
|
|
#include "source3/include/auth.h"
|
|
#include "rpc_sock_helper.h"
|
|
#include "messages.h"
|
|
#include "lib/util_file.h"
|
|
#include "lib/util/tevent_unix.h"
|
|
#include "lib/util/tevent_ntstatus.h"
|
|
#include "lib/util/smb_strtox.h"
|
|
#include "lib/util/debug.h"
|
|
#include "lib/util/server_id.h"
|
|
#include "lib/util/util_tdb.h"
|
|
#include "lib/tdb_wrap/tdb_wrap.h"
|
|
#include "lib/async_req/async_sock.h"
|
|
#include "librpc/rpc/dcerpc_util.h"
|
|
#include "lib/tsocket/tsocket.h"
|
|
#include "libcli/named_pipe_auth/npa_tstream.h"
|
|
#include "librpc/gen_ndr/ndr_rpc_host.h"
|
|
#include "source3/param/loadparm.h"
|
|
#include "source3/lib/global_contexts.h"
|
|
#include "lib/util/strv.h"
|
|
#include "lib/util/pidfile.h"
|
|
#include "source3/rpc_client/cli_pipe.h"
|
|
#include "librpc/gen_ndr/ndr_epmapper.h"
|
|
#include "librpc/gen_ndr/ndr_epmapper_c.h"
|
|
#include "nsswitch/winbind_client.h"
|
|
#include "libcli/security/dom_sid.h"
|
|
#include "libcli/security/security_token.h"
|
|
|
|
extern bool override_logfile;
|
|
|
|
struct rpc_server;
|
|
struct rpc_work_process;
|
|
|
|
/*
|
|
* samba-dcerpcd state to keep track of rpcd_* servers.
|
|
*/
|
|
struct rpc_host {
|
|
struct messaging_context *msg_ctx;
|
|
struct rpc_server **servers;
|
|
struct tdb_wrap *epmdb;
|
|
|
|
int worker_stdin[2];
|
|
|
|
bool np_helper;
|
|
|
|
/*
|
|
* If we're started with --np-helper but nobody contacts us,
|
|
* we need to exit after a while. This will be deleted once
|
|
* the first real client connects and our self-exit mechanism
|
|
* when we don't have any worker processes left kicks in.
|
|
*/
|
|
struct tevent_timer *np_helper_shutdown;
|
|
};
|
|
|
|
/*
|
|
* Map a RPC interface to a name. Used when filling the endpoint
|
|
* mapper database
|
|
*/
|
|
struct rpc_host_iface_name {
|
|
struct ndr_syntax_id iface;
|
|
char *name;
|
|
};
|
|
|
|
/*
|
|
* rpc_host representation for listening sockets. ncacn_ip_tcp might
|
|
* listen on multiple explicit IPs, all with the same port.
|
|
*/
|
|
struct rpc_host_endpoint {
|
|
struct rpc_server *server;
|
|
struct dcerpc_binding *binding;
|
|
struct ndr_syntax_id *interfaces;
|
|
int *fds;
|
|
size_t num_fds;
|
|
};
|
|
|
|
/*
|
|
* Staging area until we sent the socket plus bind to the helper
|
|
*/
|
|
struct rpc_host_pending_client {
|
|
struct rpc_host_pending_client *prev, *next;
|
|
|
|
/*
|
|
* Pointer for the destructor to remove us from the list of
|
|
* pending clients
|
|
*/
|
|
struct rpc_server *server;
|
|
|
|
/*
|
|
* Waiter for client exit before a helper accepted the request
|
|
*/
|
|
struct tevent_req *hangup_wait;
|
|
|
|
/*
|
|
* Info to pick the worker
|
|
*/
|
|
struct ncacn_packet *bind_pkt;
|
|
|
|
/*
|
|
* This is what we send down to the worker
|
|
*/
|
|
int sock;
|
|
struct rpc_host_client *client;
|
|
};
|
|
|
|
/*
|
|
* Representation of one worker process. For each rpcd_* executable
|
|
* there will be more of than one of these.
|
|
*/
|
|
struct rpc_work_process {
|
|
pid_t pid;
|
|
|
|
/*
|
|
* !available means:
|
|
*
|
|
* Worker forked but did not send its initial status yet (not
|
|
* yet initialized)
|
|
*
|
|
* Worker died, but we did not receive SIGCHLD yet. We noticed
|
|
* it because we couldn't send it a message.
|
|
*/
|
|
bool available;
|
|
|
|
/*
|
|
* Incremented by us when sending a client, decremented by
|
|
* MSG_RPC_HOST_WORKER_STATUS sent by workers whenever a
|
|
* client exits.
|
|
*/
|
|
uint32_t num_clients;
|
|
|
|
/*
|
|
* Send SHUTDOWN to an idle child after a while
|
|
*/
|
|
struct tevent_timer *exit_timer;
|
|
};
|
|
|
|
/*
|
|
* State for a set of running instances of an rpcd_* server executable
|
|
*/
|
|
struct rpc_server {
|
|
struct rpc_host *host;
|
|
/*
|
|
* Index into the rpc_host_state->servers array
|
|
*/
|
|
uint32_t server_index;
|
|
|
|
const char *rpc_server_exe;
|
|
|
|
struct rpc_host_endpoint **endpoints;
|
|
struct rpc_host_iface_name *iface_names;
|
|
|
|
size_t max_workers;
|
|
size_t idle_seconds;
|
|
|
|
/*
|
|
* "workers" can be larger than "max_workers": Internal
|
|
* connections require an idle worker to avoid deadlocks
|
|
* between RPC servers: netlogon requires samr, everybody
|
|
* requires winreg. And if a deep call in netlogon asks for a
|
|
* samr connection, this must never end up in the same
|
|
* process. named_pipe_auth_req_info7->need_idle_server is set
|
|
* in those cases.
|
|
*/
|
|
struct rpc_work_process *workers;
|
|
|
|
struct rpc_host_pending_client *pending_clients;
|
|
};
|
|
|
|
struct rpc_server_get_endpoints_state {
|
|
char **argl;
|
|
char *ncalrpc_endpoint;
|
|
enum dcerpc_transport_t only_transport;
|
|
struct dcerpc_binding **existing_bindings;
|
|
|
|
struct rpc_host_iface_name *iface_names;
|
|
struct rpc_host_endpoint **endpoints;
|
|
|
|
unsigned long num_workers;
|
|
unsigned long idle_seconds;
|
|
};
|
|
|
|
static void rpc_server_get_endpoints_done(struct tevent_req *subreq);
|
|
|
|
/**
|
|
* @brief Query interfaces from an rpcd helper
|
|
*
|
|
* Spawn a rpcd helper, ask it for the interfaces it serves via
|
|
* --list-interfaces, parse the output
|
|
*
|
|
* @param[in] mem_ctx Memory context for the tevent_req
|
|
* @param[in] ev Event context to run this on
|
|
* @param[in] rpc_server_exe Binary to ask with --list-interfaces
|
|
* @param[in] only_transport Filter out anything but this
|
|
* @param[in] existing_bindings Filter out endpoints served by "samba"
|
|
* @return The tevent_req representing this process
|
|
*/
|
|
|
|
static struct tevent_req *rpc_server_get_endpoints_send(
|
|
TALLOC_CTX *mem_ctx,
|
|
struct tevent_context *ev,
|
|
const char *rpc_server_exe,
|
|
enum dcerpc_transport_t only_transport,
|
|
struct dcerpc_binding **existing_bindings)
|
|
{
|
|
struct tevent_req *req = NULL, *subreq = NULL;
|
|
struct rpc_server_get_endpoints_state *state = NULL;
|
|
const char *progname = NULL;
|
|
|
|
req = tevent_req_create(
|
|
mem_ctx, &state, struct rpc_server_get_endpoints_state);
|
|
if (req == NULL) {
|
|
return NULL;
|
|
}
|
|
state->only_transport = only_transport;
|
|
state->existing_bindings = existing_bindings;
|
|
|
|
progname = strrchr(rpc_server_exe, '/');
|
|
if (progname != NULL) {
|
|
progname += 1;
|
|
} else {
|
|
progname = rpc_server_exe;
|
|
}
|
|
|
|
state->ncalrpc_endpoint = talloc_strdup(state, progname);
|
|
if (tevent_req_nomem(state->ncalrpc_endpoint, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
|
|
state->argl = talloc_array(state, char *, 4);
|
|
if (tevent_req_nomem(state->argl, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
|
|
state->argl = str_list_make_empty(state);
|
|
str_list_add_printf(&state->argl, "%s", rpc_server_exe);
|
|
str_list_add_printf(&state->argl, "--list-interfaces");
|
|
str_list_add_printf(
|
|
&state->argl, "--configfile=%s", get_dyn_CONFIGFILE());
|
|
|
|
if (tevent_req_nomem(state->argl, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
|
|
subreq = file_ploadv_send(state, ev, state->argl, 65536);
|
|
if (tevent_req_nomem(subreq, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
tevent_req_set_callback(subreq, rpc_server_get_endpoints_done, req);
|
|
return req;
|
|
}
|
|
|
|
/*
|
|
* Parse a line of format
|
|
*
|
|
* 338cd001-2244-31f1-aaaa-900038001003/0x00000001 winreg
|
|
*
|
|
* and add it to the "piface_names" array.
|
|
*/
|
|
|
|
static struct rpc_host_iface_name *rpc_exe_parse_iface_line(
|
|
TALLOC_CTX *mem_ctx,
|
|
struct rpc_host_iface_name **piface_names,
|
|
const char *line)
|
|
{
|
|
struct rpc_host_iface_name *iface_names = *piface_names;
|
|
struct rpc_host_iface_name *tmp = NULL, *result = NULL;
|
|
size_t i, num_ifaces = talloc_array_length(iface_names);
|
|
struct ndr_syntax_id iface;
|
|
char *name = NULL;
|
|
bool ok;
|
|
|
|
ok = ndr_syntax_id_from_string(line, &iface);
|
|
if (!ok) {
|
|
DBG_WARNING("ndr_syntax_id_from_string() failed for: [%s]\n",
|
|
line);
|
|
return NULL;
|
|
}
|
|
|
|
name = strchr(line, ' ');
|
|
if (name == NULL) {
|
|
return NULL;
|
|
}
|
|
name += 1;
|
|
|
|
for (i=0; i<num_ifaces; i++) {
|
|
result = &iface_names[i];
|
|
|
|
if (ndr_syntax_id_equal(&result->iface, &iface)) {
|
|
return result;
|
|
}
|
|
}
|
|
|
|
if (num_ifaces + 1 < num_ifaces) {
|
|
return NULL;
|
|
}
|
|
|
|
name = talloc_strdup(mem_ctx, name);
|
|
if (name == NULL) {
|
|
return NULL;
|
|
}
|
|
|
|
tmp = talloc_realloc(
|
|
mem_ctx,
|
|
iface_names,
|
|
struct rpc_host_iface_name,
|
|
num_ifaces + 1);
|
|
if (tmp == NULL) {
|
|
TALLOC_FREE(name);
|
|
return NULL;
|
|
}
|
|
iface_names = tmp;
|
|
|
|
result = &iface_names[num_ifaces];
|
|
|
|
*result = (struct rpc_host_iface_name) {
|
|
.iface = iface,
|
|
.name = talloc_move(iface_names, &name),
|
|
};
|
|
|
|
*piface_names = iface_names;
|
|
|
|
return result;
|
|
}
|
|
|
|
static struct rpc_host_iface_name *rpc_host_iface_names_find(
|
|
struct rpc_host_iface_name *iface_names,
|
|
const struct ndr_syntax_id *iface)
|
|
{
|
|
size_t i, num_iface_names = talloc_array_length(iface_names);
|
|
|
|
for (i=0; i<num_iface_names; i++) {
|
|
struct rpc_host_iface_name *iface_name = &iface_names[i];
|
|
|
|
if (ndr_syntax_id_equal(iface, &iface_name->iface)) {
|
|
return iface_name;
|
|
}
|
|
}
|
|
|
|
return NULL;
|
|
}
|
|
|
|
static bool dcerpc_binding_same_endpoint(
|
|
const struct dcerpc_binding *b1, const struct dcerpc_binding *b2)
|
|
{
|
|
enum dcerpc_transport_t t1 = dcerpc_binding_get_transport(b1);
|
|
enum dcerpc_transport_t t2 = dcerpc_binding_get_transport(b2);
|
|
const char *e1 = NULL, *e2 = NULL;
|
|
int cmp;
|
|
|
|
if (t1 != t2) {
|
|
return false;
|
|
}
|
|
|
|
e1 = dcerpc_binding_get_string_option(b1, "endpoint");
|
|
e2 = dcerpc_binding_get_string_option(b2, "endpoint");
|
|
|
|
if ((e1 == NULL) && (e2 == NULL)) {
|
|
return true;
|
|
}
|
|
if ((e1 == NULL) || (e2 == NULL)) {
|
|
return false;
|
|
}
|
|
cmp = strcmp(e1, e2);
|
|
return (cmp == 0);
|
|
}
|
|
|
|
/**
|
|
* @brief Filter whether we want to serve an endpoint
|
|
*
|
|
* samba-dcerpcd might want to serve all endpoints a rpcd reported to
|
|
* us via --list-interfaces.
|
|
*
|
|
* In member mode, we only serve named pipes. Indicated by NCACN_NP
|
|
* passed in via "only_transport".
|
|
*
|
|
* In AD mode, the "samba" process already serves many endpoints,
|
|
* passed in via "existing_binding". Don't serve those from
|
|
* samba-dcerpcd.
|
|
*
|
|
* @param[in] binding Which binding is in question?
|
|
* @param[in] only_transport Exclusive transport to serve
|
|
* @param[in] existing_bindings Endpoints served by "samba" already
|
|
* @return Do we want to serve "binding" from samba-dcerpcd?
|
|
*/
|
|
|
|
static bool rpc_host_serve_endpoint(
|
|
struct dcerpc_binding *binding,
|
|
enum dcerpc_transport_t only_transport,
|
|
struct dcerpc_binding **existing_bindings)
|
|
{
|
|
enum dcerpc_transport_t transport =
|
|
dcerpc_binding_get_transport(binding);
|
|
size_t i, num_existing_bindings;
|
|
|
|
num_existing_bindings = talloc_array_length(existing_bindings);
|
|
|
|
for (i=0; i<num_existing_bindings; i++) {
|
|
bool same = dcerpc_binding_same_endpoint(
|
|
binding, existing_bindings[i]);
|
|
if (same) {
|
|
DBG_DEBUG("%s served by samba\n",
|
|
dcerpc_binding_get_string_option(
|
|
binding, "endpoint"));
|
|
return false;
|
|
}
|
|
}
|
|
|
|
if (only_transport == NCA_UNKNOWN) {
|
|
/* no filter around */
|
|
return true;
|
|
}
|
|
|
|
if (transport != only_transport) {
|
|
/* filter out */
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
static struct rpc_host_endpoint *rpc_host_endpoint_find(
|
|
struct rpc_server_get_endpoints_state *state,
|
|
const char *binding_string)
|
|
{
|
|
size_t i, num_endpoints = talloc_array_length(state->endpoints);
|
|
struct rpc_host_endpoint **tmp = NULL, *ep = NULL;
|
|
enum dcerpc_transport_t transport;
|
|
NTSTATUS status;
|
|
bool serve_this;
|
|
|
|
ep = talloc_zero(state, struct rpc_host_endpoint);
|
|
if (ep == NULL) {
|
|
goto fail;
|
|
}
|
|
|
|
status = dcerpc_parse_binding(ep, binding_string, &ep->binding);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
DBG_DEBUG("dcerpc_parse_binding(%s) failed: %s\n",
|
|
binding_string,
|
|
nt_errstr(status));
|
|
goto fail;
|
|
}
|
|
|
|
serve_this = rpc_host_serve_endpoint(
|
|
ep->binding, state->only_transport, state->existing_bindings);
|
|
if (!serve_this) {
|
|
goto fail;
|
|
}
|
|
|
|
transport = dcerpc_binding_get_transport(ep->binding);
|
|
|
|
if (transport == NCALRPC) {
|
|
const char *ncalrpc_sock = dcerpc_binding_get_string_option(
|
|
ep->binding, "endpoint");
|
|
|
|
if (ncalrpc_sock == NULL) {
|
|
/*
|
|
* generic ncalrpc:, set program-specific
|
|
* socket name. epmapper will redirect clients
|
|
* properly.
|
|
*/
|
|
status = dcerpc_binding_set_string_option(
|
|
ep->binding,
|
|
"endpoint",
|
|
state->ncalrpc_endpoint);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
DBG_DEBUG("dcerpc_binding_set_string_option "
|
|
"failed: %s\n",
|
|
nt_errstr(status));
|
|
goto fail;
|
|
}
|
|
}
|
|
}
|
|
|
|
for (i=0; i<num_endpoints; i++) {
|
|
|
|
bool ok = dcerpc_binding_same_endpoint(
|
|
ep->binding, state->endpoints[i]->binding);
|
|
|
|
if (ok) {
|
|
TALLOC_FREE(ep);
|
|
return state->endpoints[i];
|
|
}
|
|
}
|
|
|
|
if (num_endpoints + 1 < num_endpoints) {
|
|
goto fail;
|
|
}
|
|
|
|
tmp = talloc_realloc(
|
|
state,
|
|
state->endpoints,
|
|
struct rpc_host_endpoint *,
|
|
num_endpoints + 1);
|
|
if (tmp == NULL) {
|
|
goto fail;
|
|
}
|
|
state->endpoints = tmp;
|
|
state->endpoints[num_endpoints] = talloc_move(state->endpoints, &ep);
|
|
|
|
return state->endpoints[num_endpoints];
|
|
fail:
|
|
TALLOC_FREE(ep);
|
|
return NULL;
|
|
}
|
|
|
|
static bool ndr_interfaces_add_unique(
|
|
TALLOC_CTX *mem_ctx,
|
|
struct ndr_syntax_id **pifaces,
|
|
const struct ndr_syntax_id *iface)
|
|
{
|
|
struct ndr_syntax_id *ifaces = *pifaces;
|
|
size_t i, num_ifaces = talloc_array_length(ifaces);
|
|
|
|
for (i=0; i<num_ifaces; i++) {
|
|
if (ndr_syntax_id_equal(iface, &ifaces[i])) {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
if (num_ifaces + 1 < num_ifaces) {
|
|
return false;
|
|
}
|
|
ifaces = talloc_realloc(
|
|
mem_ctx,
|
|
ifaces,
|
|
struct ndr_syntax_id,
|
|
num_ifaces + 1);
|
|
if (ifaces == NULL) {
|
|
return false;
|
|
}
|
|
ifaces[num_ifaces] = *iface;
|
|
|
|
*pifaces = ifaces;
|
|
return true;
|
|
}
|
|
|
|
/*
|
|
* Read the text reply from the rpcd_* process telling us what
|
|
* endpoints it will serve when asked with --list-interfaces.
|
|
*/
|
|
static void rpc_server_get_endpoints_done(struct tevent_req *subreq)
|
|
{
|
|
struct tevent_req *req = tevent_req_callback_data(
|
|
subreq, struct tevent_req);
|
|
struct rpc_server_get_endpoints_state *state = tevent_req_data(
|
|
req, struct rpc_server_get_endpoints_state);
|
|
struct rpc_host_iface_name *iface = NULL;
|
|
uint8_t *buf = NULL;
|
|
size_t buflen;
|
|
char **lines = NULL;
|
|
int ret, i, num_lines;
|
|
|
|
ret = file_ploadv_recv(subreq, state, &buf);
|
|
TALLOC_FREE(subreq);
|
|
if (tevent_req_error(req, ret)) {
|
|
return;
|
|
}
|
|
|
|
buflen = talloc_get_size(buf);
|
|
if (buflen == 0) {
|
|
tevent_req_done(req);
|
|
return;
|
|
}
|
|
|
|
lines = file_lines_parse((char *)buf, buflen, &num_lines, state);
|
|
if (tevent_req_nomem(lines, req)) {
|
|
return;
|
|
}
|
|
|
|
if (num_lines < 2) {
|
|
DBG_DEBUG("Got %d lines, expected at least 2\n", num_lines);
|
|
tevent_req_error(req, EINVAL);
|
|
return;
|
|
}
|
|
|
|
state->num_workers = smb_strtoul(
|
|
lines[0], NULL, 10, &ret, SMB_STR_FULL_STR_CONV);
|
|
if (ret != 0) {
|
|
DBG_DEBUG("Could not parse num_workers(%s): %s\n",
|
|
lines[0],
|
|
strerror(ret));
|
|
tevent_req_error(req, ret);
|
|
return;
|
|
}
|
|
|
|
state->idle_seconds = smb_strtoul(
|
|
lines[1], NULL, 10, &ret, SMB_STR_FULL_STR_CONV);
|
|
if (ret != 0) {
|
|
DBG_DEBUG("Could not parse idle_seconds (%s): %s\n",
|
|
lines[1],
|
|
strerror(ret));
|
|
tevent_req_error(req, ret);
|
|
return;
|
|
}
|
|
|
|
DBG_DEBUG("num_workers=%lu, idle_seconds=%lu for %s\n",
|
|
state->num_workers,
|
|
state->idle_seconds,
|
|
state->argl[0]);
|
|
|
|
for (i=2; i<num_lines; i++) {
|
|
char *line = lines[i];
|
|
struct rpc_host_endpoint *endpoint = NULL;
|
|
bool ok;
|
|
|
|
if (line[0] != ' ') {
|
|
iface = rpc_exe_parse_iface_line(
|
|
state, &state->iface_names, line);
|
|
if (iface == NULL) {
|
|
DBG_WARNING(
|
|
"rpc_exe_parse_iface_line failed "
|
|
"for: [%s] from %s\n",
|
|
line,
|
|
state->argl[0]);
|
|
tevent_req_oom(req);
|
|
return;
|
|
}
|
|
continue;
|
|
}
|
|
|
|
if (iface == NULL) {
|
|
DBG_DEBUG("Interface GUID line missing\n");
|
|
tevent_req_error(req, EINVAL);
|
|
return;
|
|
}
|
|
|
|
endpoint = rpc_host_endpoint_find(state, line+1);
|
|
if (endpoint == NULL) {
|
|
DBG_DEBUG("rpc_host_endpoint_find for %s failed\n",
|
|
line+1);
|
|
continue;
|
|
}
|
|
|
|
ok = ndr_interfaces_add_unique(
|
|
endpoint,
|
|
&endpoint->interfaces,
|
|
&iface->iface);
|
|
if (!ok) {
|
|
DBG_DEBUG("ndr_interfaces_add_unique failed\n");
|
|
tevent_req_oom(req);
|
|
return;
|
|
}
|
|
}
|
|
|
|
tevent_req_done(req);
|
|
}
|
|
|
|
/**
|
|
* @brief Receive output from --list-interfaces
|
|
*
|
|
* @param[in] req The async req that just finished
|
|
* @param[in] mem_ctx Where to put the output on
|
|
* @param[out] endpoints The endpoints to be listened on
|
|
* @param[out] iface_names Annotation for epm_Lookup's epm_entry_t
|
|
* @return 0/errno
|
|
*/
|
|
static int rpc_server_get_endpoints_recv(
|
|
struct tevent_req *req,
|
|
TALLOC_CTX *mem_ctx,
|
|
struct rpc_host_endpoint ***endpoints,
|
|
struct rpc_host_iface_name **iface_names,
|
|
size_t *num_workers,
|
|
size_t *idle_seconds)
|
|
{
|
|
struct rpc_server_get_endpoints_state *state = tevent_req_data(
|
|
req, struct rpc_server_get_endpoints_state);
|
|
int err;
|
|
|
|
if (tevent_req_is_unix_error(req, &err)) {
|
|
tevent_req_received(req);
|
|
return err;
|
|
}
|
|
|
|
*endpoints = talloc_move(mem_ctx, &state->endpoints);
|
|
*iface_names = talloc_move(mem_ctx, &state->iface_names);
|
|
*num_workers = state->num_workers;
|
|
*idle_seconds = state->idle_seconds;
|
|
tevent_req_received(req);
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* For NCACN_NP we get the named pipe auth info from smbd, if a client
|
|
* comes in via TCP or NCALPRC we need to invent it ourselves with
|
|
* anonymous session info.
|
|
*/
|
|
|
|
static NTSTATUS rpc_host_generate_npa_info7_from_sock(
|
|
TALLOC_CTX *mem_ctx,
|
|
enum dcerpc_transport_t transport,
|
|
int sock,
|
|
const struct samba_sockaddr *peer_addr,
|
|
struct named_pipe_auth_req_info7 **pinfo7)
|
|
{
|
|
struct named_pipe_auth_req_info7 *info7 = NULL;
|
|
struct samba_sockaddr local_addr = {
|
|
.sa_socklen = sizeof(struct sockaddr_storage),
|
|
};
|
|
struct tsocket_address *taddr = NULL;
|
|
char *remote_client_name = NULL;
|
|
char *remote_client_addr = NULL;
|
|
char *local_server_name = NULL;
|
|
char *local_server_addr = NULL;
|
|
char *(*tsocket_address_to_name_fn)(
|
|
const struct tsocket_address *addr,
|
|
TALLOC_CTX *mem_ctx) = NULL;
|
|
NTSTATUS status = NT_STATUS_NO_MEMORY;
|
|
int ret;
|
|
|
|
/*
|
|
* For NCACN_NP we get the npa info from smbd
|
|
*/
|
|
SMB_ASSERT((transport == NCACN_IP_TCP) || (transport == NCALRPC));
|
|
|
|
tsocket_address_to_name_fn = (transport == NCACN_IP_TCP) ?
|
|
tsocket_address_inet_addr_string : tsocket_address_unix_path;
|
|
|
|
info7 = talloc_zero(mem_ctx, struct named_pipe_auth_req_info7);
|
|
if (info7 == NULL) {
|
|
goto fail;
|
|
}
|
|
info7->session_info =
|
|
talloc_zero(info7, struct auth_session_info_transport);
|
|
if (info7->session_info == NULL) {
|
|
goto fail;
|
|
}
|
|
|
|
status = make_session_info_anonymous(
|
|
info7->session_info,
|
|
&info7->session_info->session_info);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
DBG_DEBUG("make_session_info_anonymous failed: %s\n",
|
|
nt_errstr(status));
|
|
goto fail;
|
|
}
|
|
|
|
ret = tsocket_address_bsd_from_samba_sockaddr(info7,
|
|
peer_addr,
|
|
&taddr);
|
|
if (ret == -1) {
|
|
status = map_nt_error_from_unix(errno);
|
|
DBG_DEBUG("tsocket_address_bsd_from_samba_sockaddr failed: "
|
|
"%s\n",
|
|
strerror(errno));
|
|
goto fail;
|
|
}
|
|
remote_client_addr = tsocket_address_to_name_fn(taddr, info7);
|
|
if (remote_client_addr == NULL) {
|
|
DBG_DEBUG("tsocket_address_to_name_fn failed\n");
|
|
goto nomem;
|
|
}
|
|
TALLOC_FREE(taddr);
|
|
|
|
remote_client_name = talloc_strdup(info7, remote_client_addr);
|
|
if (remote_client_name == NULL) {
|
|
DBG_DEBUG("talloc_strdup failed\n");
|
|
goto nomem;
|
|
}
|
|
|
|
if (transport == NCACN_IP_TCP) {
|
|
bool ok = samba_sockaddr_get_port(peer_addr,
|
|
&info7->remote_client_port);
|
|
if (!ok) {
|
|
DBG_DEBUG("samba_sockaddr_get_port failed\n");
|
|
status = NT_STATUS_INVALID_PARAMETER;
|
|
goto fail;
|
|
}
|
|
}
|
|
|
|
ret = getsockname(sock, &local_addr.u.sa, &local_addr.sa_socklen);
|
|
if (ret == -1) {
|
|
status = map_nt_error_from_unix(errno);
|
|
DBG_DEBUG("getsockname failed: %s\n", strerror(errno));
|
|
goto fail;
|
|
}
|
|
|
|
ret = tsocket_address_bsd_from_samba_sockaddr(info7,
|
|
&local_addr,
|
|
&taddr);
|
|
if (ret == -1) {
|
|
status = map_nt_error_from_unix(errno);
|
|
DBG_DEBUG("tsocket_address_bsd_from_samba_sockaddr failed: "
|
|
"%s\n",
|
|
strerror(errno));
|
|
goto fail;
|
|
}
|
|
local_server_addr = tsocket_address_to_name_fn(taddr, info7);
|
|
if (local_server_addr == NULL) {
|
|
DBG_DEBUG("tsocket_address_to_name_fn failed\n");
|
|
goto nomem;
|
|
}
|
|
TALLOC_FREE(taddr);
|
|
|
|
local_server_name = talloc_strdup(info7, local_server_addr);
|
|
if (local_server_name == NULL) {
|
|
DBG_DEBUG("talloc_strdup failed\n");
|
|
goto nomem;
|
|
}
|
|
|
|
if (transport == NCACN_IP_TCP) {
|
|
bool ok = samba_sockaddr_get_port(&local_addr,
|
|
&info7->local_server_port);
|
|
if (!ok) {
|
|
DBG_DEBUG("samba_sockaddr_get_port failed\n");
|
|
status = NT_STATUS_INVALID_PARAMETER;
|
|
goto fail;
|
|
}
|
|
}
|
|
|
|
if (transport == NCALRPC) {
|
|
uid_t uid;
|
|
gid_t gid;
|
|
|
|
ret = getpeereid(sock, &uid, &gid);
|
|
if (ret < 0) {
|
|
status = map_nt_error_from_unix(errno);
|
|
DBG_DEBUG("getpeereid failed: %s\n", strerror(errno));
|
|
goto fail;
|
|
}
|
|
|
|
if (uid == sec_initial_uid()) {
|
|
|
|
/*
|
|
* Indicate "root" to gensec
|
|
*/
|
|
|
|
TALLOC_FREE(remote_client_addr);
|
|
TALLOC_FREE(remote_client_name);
|
|
|
|
ret = tsocket_address_unix_from_path(
|
|
info7,
|
|
AS_SYSTEM_MAGIC_PATH_TOKEN,
|
|
&taddr);
|
|
if (ret == -1) {
|
|
DBG_DEBUG("tsocket_address_unix_from_path "
|
|
"failed\n");
|
|
goto nomem;
|
|
}
|
|
|
|
remote_client_addr =
|
|
tsocket_address_unix_path(taddr, info7);
|
|
if (remote_client_addr == NULL) {
|
|
DBG_DEBUG("tsocket_address_unix_path "
|
|
"failed\n");
|
|
goto nomem;
|
|
}
|
|
remote_client_name =
|
|
talloc_strdup(info7, remote_client_addr);
|
|
if (remote_client_name == NULL) {
|
|
DBG_DEBUG("talloc_strdup failed\n");
|
|
goto nomem;
|
|
}
|
|
}
|
|
}
|
|
|
|
info7->remote_client_addr = remote_client_addr;
|
|
info7->remote_client_name = remote_client_name;
|
|
info7->local_server_addr = local_server_addr;
|
|
info7->local_server_name = local_server_name;
|
|
|
|
*pinfo7 = info7;
|
|
return NT_STATUS_OK;
|
|
|
|
nomem:
|
|
status = NT_STATUS_NO_MEMORY;
|
|
fail:
|
|
TALLOC_FREE(info7);
|
|
return status;
|
|
}
|
|
|
|
struct rpc_host_bind_read_state {
|
|
struct tevent_context *ev;
|
|
|
|
int sock;
|
|
struct tstream_context *plain;
|
|
struct tstream_context *npa_stream;
|
|
|
|
struct ncacn_packet *pkt;
|
|
struct rpc_host_client *client;
|
|
};
|
|
|
|
static void rpc_host_bind_read_cleanup(
|
|
struct tevent_req *req, enum tevent_req_state req_state);
|
|
static void rpc_host_bind_read_got_npa(struct tevent_req *subreq);
|
|
static void rpc_host_bind_read_got_bind(struct tevent_req *subreq);
|
|
|
|
/*
|
|
* Wait for a bind packet from a client.
|
|
*/
|
|
static struct tevent_req *rpc_host_bind_read_send(
|
|
TALLOC_CTX *mem_ctx,
|
|
struct tevent_context *ev,
|
|
enum dcerpc_transport_t transport,
|
|
int *psock,
|
|
const struct samba_sockaddr *peer_addr)
|
|
{
|
|
struct tevent_req *req = NULL, *subreq = NULL;
|
|
struct rpc_host_bind_read_state *state = NULL;
|
|
int rc, sock_dup;
|
|
NTSTATUS status;
|
|
|
|
req = tevent_req_create(
|
|
mem_ctx, &state, struct rpc_host_bind_read_state);
|
|
if (req == NULL) {
|
|
return NULL;
|
|
}
|
|
state->ev = ev;
|
|
|
|
state->sock = *psock;
|
|
*psock = -1;
|
|
|
|
tevent_req_set_cleanup_fn(req, rpc_host_bind_read_cleanup);
|
|
|
|
state->client = talloc_zero(state, struct rpc_host_client);
|
|
if (tevent_req_nomem(state->client, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
|
|
/*
|
|
* Dup the socket to read the first RPC packet:
|
|
* tstream_bsd_existing_socket() takes ownership with
|
|
* autoclose, but we need to send "sock" down to our worker
|
|
* process later.
|
|
*/
|
|
sock_dup = dup(state->sock);
|
|
if (sock_dup == -1) {
|
|
tevent_req_error(req, errno);
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
|
|
rc = tstream_bsd_existing_socket(state, sock_dup, &state->plain);
|
|
if (rc == -1) {
|
|
DBG_DEBUG("tstream_bsd_existing_socket failed: %s\n",
|
|
strerror(errno));
|
|
tevent_req_error(req, errno);
|
|
close(sock_dup);
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
|
|
if (transport == NCACN_NP) {
|
|
subreq = tstream_npa_accept_existing_send(
|
|
state,
|
|
ev,
|
|
state->plain,
|
|
FILE_TYPE_MESSAGE_MODE_PIPE,
|
|
0xff | 0x0400 | 0x0100,
|
|
4096);
|
|
if (tevent_req_nomem(subreq, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
tevent_req_set_callback(
|
|
subreq, rpc_host_bind_read_got_npa, req);
|
|
return req;
|
|
}
|
|
|
|
status = rpc_host_generate_npa_info7_from_sock(
|
|
state->client,
|
|
transport,
|
|
state->sock,
|
|
peer_addr,
|
|
&state->client->npa_info7);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
tevent_req_oom(req);
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
|
|
subreq = dcerpc_read_ncacn_packet_send(state, ev, state->plain);
|
|
if (tevent_req_nomem(subreq, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
tevent_req_set_callback(subreq, rpc_host_bind_read_got_bind, req);
|
|
return req;
|
|
}
|
|
|
|
static void rpc_host_bind_read_cleanup(
|
|
struct tevent_req *req, enum tevent_req_state req_state)
|
|
{
|
|
struct rpc_host_bind_read_state *state = tevent_req_data(
|
|
req, struct rpc_host_bind_read_state);
|
|
|
|
if ((req_state == TEVENT_REQ_RECEIVED) && (state->sock != -1)) {
|
|
close(state->sock);
|
|
state->sock = -1;
|
|
}
|
|
}
|
|
|
|
static void rpc_host_bind_read_got_npa(struct tevent_req *subreq)
|
|
{
|
|
struct tevent_req *req = tevent_req_callback_data(
|
|
subreq, struct tevent_req);
|
|
struct rpc_host_bind_read_state *state = tevent_req_data(
|
|
req, struct rpc_host_bind_read_state);
|
|
struct named_pipe_auth_req_info7 *info7 = NULL;
|
|
int ret, err;
|
|
|
|
ret = tstream_npa_accept_existing_recv(subreq,
|
|
&err,
|
|
state,
|
|
&state->npa_stream,
|
|
&info7,
|
|
NULL, /* transport */
|
|
NULL, /* remote_client_addr */
|
|
NULL, /* remote_client_name */
|
|
NULL, /* local_server_addr */
|
|
NULL, /* local_server_name */
|
|
NULL); /* session_info */
|
|
if (ret == -1) {
|
|
tevent_req_error(req, err);
|
|
return;
|
|
}
|
|
|
|
state->client->npa_info7 = talloc_move(state->client, &info7);
|
|
|
|
subreq = dcerpc_read_ncacn_packet_send(
|
|
state, state->ev, state->npa_stream);
|
|
if (tevent_req_nomem(subreq, req)) {
|
|
return;
|
|
}
|
|
tevent_req_set_callback(subreq, rpc_host_bind_read_got_bind, req);
|
|
}
|
|
|
|
static void rpc_host_bind_read_got_bind(struct tevent_req *subreq)
|
|
{
|
|
struct tevent_req *req = tevent_req_callback_data(
|
|
subreq, struct tevent_req);
|
|
struct rpc_host_bind_read_state *state = tevent_req_data(
|
|
req, struct rpc_host_bind_read_state);
|
|
struct ncacn_packet *pkt = NULL;
|
|
NTSTATUS status;
|
|
|
|
status = dcerpc_read_ncacn_packet_recv(
|
|
subreq,
|
|
state->client,
|
|
&pkt,
|
|
&state->client->bind_packet);
|
|
TALLOC_FREE(subreq);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
DBG_DEBUG("dcerpc_read_ncacn_packet_recv failed: %s\n",
|
|
nt_errstr(status));
|
|
tevent_req_error(req, EINVAL); /* TODO */
|
|
return;
|
|
}
|
|
state->pkt = talloc_move(state, &pkt);
|
|
|
|
tevent_req_done(req);
|
|
}
|
|
|
|
static int rpc_host_bind_read_recv(
|
|
struct tevent_req *req,
|
|
TALLOC_CTX *mem_ctx,
|
|
int *sock,
|
|
struct rpc_host_client **client,
|
|
struct ncacn_packet **bind_pkt)
|
|
{
|
|
struct rpc_host_bind_read_state *state = tevent_req_data(
|
|
req, struct rpc_host_bind_read_state);
|
|
int err;
|
|
|
|
if (tevent_req_is_unix_error(req, &err)) {
|
|
tevent_req_received(req);
|
|
return err;
|
|
}
|
|
|
|
*sock = state->sock;
|
|
state->sock = -1;
|
|
|
|
*client = talloc_move(mem_ctx, &state->client);
|
|
*bind_pkt = talloc_move(mem_ctx, &state->pkt);
|
|
tevent_req_received(req);
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Start the given rpcd_* binary.
|
|
*/
|
|
static int rpc_host_exec_worker(struct rpc_server *server, size_t idx)
|
|
{
|
|
struct rpc_work_process *worker = &server->workers[idx];
|
|
char **argv = NULL;
|
|
int ret = ENOMEM;
|
|
|
|
argv = str_list_make_empty(server);
|
|
str_list_add_printf(
|
|
&argv, "%s", server->rpc_server_exe);
|
|
str_list_add_printf(
|
|
&argv, "--configfile=%s", get_dyn_CONFIGFILE());
|
|
str_list_add_printf(
|
|
&argv, "--worker-group=%"PRIu32, server->server_index);
|
|
str_list_add_printf(
|
|
&argv, "--worker-index=%zu", idx);
|
|
str_list_add_printf(
|
|
&argv, "--debuglevel=%d", debuglevel_get_class(DBGC_RPC_SRV));
|
|
if (!is_default_dyn_LOGFILEBASE()) {
|
|
str_list_add_printf(
|
|
&argv, "--log-basename=%s", get_dyn_LOGFILEBASE());
|
|
}
|
|
if (argv == NULL) {
|
|
ret = ENOMEM;
|
|
goto fail;
|
|
}
|
|
|
|
worker->pid = fork();
|
|
if (worker->pid == -1) {
|
|
ret = errno;
|
|
goto fail;
|
|
}
|
|
if (worker->pid == 0) {
|
|
/* Child. */
|
|
close(server->host->worker_stdin[1]);
|
|
ret = dup2(server->host->worker_stdin[0], 0);
|
|
if (ret != 0) {
|
|
exit(1);
|
|
}
|
|
execv(argv[0], argv);
|
|
_exit(1);
|
|
}
|
|
|
|
DBG_DEBUG("Creating worker %s for index %zu: pid=%d\n",
|
|
server->rpc_server_exe,
|
|
idx,
|
|
(int)worker->pid);
|
|
|
|
ret = 0;
|
|
fail:
|
|
TALLOC_FREE(argv);
|
|
return ret;
|
|
}
|
|
|
|
/*
|
|
* Find an rpcd_* worker for an external client, respect server->max_workers
|
|
*/
|
|
static struct rpc_work_process *rpc_host_find_worker(struct rpc_server *server)
|
|
{
|
|
struct rpc_work_process *worker = NULL;
|
|
size_t i;
|
|
size_t empty_slot = SIZE_MAX;
|
|
|
|
uint32_t min_clients = UINT32_MAX;
|
|
size_t min_worker = server->max_workers;
|
|
|
|
for (i=0; i<server->max_workers; i++) {
|
|
worker = &server->workers[i];
|
|
|
|
if (worker->pid == -1) {
|
|
empty_slot = MIN(empty_slot, i);
|
|
continue;
|
|
}
|
|
if (!worker->available) {
|
|
continue;
|
|
}
|
|
if (worker->num_clients < min_clients) {
|
|
min_clients = worker->num_clients;
|
|
min_worker = i;
|
|
}
|
|
}
|
|
|
|
if (min_clients == 0) {
|
|
return &server->workers[min_worker];
|
|
}
|
|
|
|
if (empty_slot < SIZE_MAX) {
|
|
int ret = rpc_host_exec_worker(server, empty_slot);
|
|
if (ret != 0) {
|
|
DBG_WARNING("Could not fork worker: %s\n",
|
|
strerror(ret));
|
|
}
|
|
return NULL;
|
|
}
|
|
|
|
if (min_worker < server->max_workers) {
|
|
return &server->workers[min_worker];
|
|
}
|
|
|
|
return NULL;
|
|
}
|
|
|
|
/*
|
|
* Find an rpcd_* worker for an internal connection, possibly go beyond
|
|
* server->max_workers
|
|
*/
|
|
static struct rpc_work_process *rpc_host_find_idle_worker(
|
|
struct rpc_server *server)
|
|
{
|
|
struct rpc_work_process *worker = NULL, *tmp = NULL;
|
|
size_t i, num_workers = talloc_array_length(server->workers);
|
|
size_t empty_slot = SIZE_MAX;
|
|
int ret;
|
|
|
|
for (i=server->max_workers; i<num_workers; i++) {
|
|
worker = &server->workers[i];
|
|
|
|
if (worker->pid == -1) {
|
|
empty_slot = MIN(empty_slot, i);
|
|
continue;
|
|
}
|
|
if (!worker->available) {
|
|
continue;
|
|
}
|
|
if (worker->num_clients == 0) {
|
|
return &server->workers[i];
|
|
}
|
|
}
|
|
|
|
if (empty_slot < SIZE_MAX) {
|
|
ret = rpc_host_exec_worker(server, empty_slot);
|
|
if (ret != 0) {
|
|
DBG_WARNING("Could not fork worker: %s\n",
|
|
strerror(ret));
|
|
}
|
|
return NULL;
|
|
}
|
|
|
|
/*
|
|
* All workers are busy. We need to expand the number of
|
|
* workers because we were asked for an idle worker.
|
|
*/
|
|
if (num_workers+1 < num_workers) {
|
|
return NULL;
|
|
}
|
|
tmp = talloc_realloc(
|
|
server,
|
|
server->workers,
|
|
struct rpc_work_process,
|
|
num_workers+1);
|
|
if (tmp == NULL) {
|
|
return NULL;
|
|
}
|
|
server->workers = tmp;
|
|
|
|
server->workers[num_workers] = (struct rpc_work_process) { .pid=-1, };
|
|
|
|
ret = rpc_host_exec_worker(server, num_workers);
|
|
if (ret != 0) {
|
|
DBG_WARNING("Could not exec worker: %s\n", strerror(ret));
|
|
}
|
|
|
|
return NULL;
|
|
}
|
|
|
|
/*
|
|
* Find an rpcd_* process to talk to. Start a new one if necessary.
|
|
*/
|
|
static void rpc_host_distribute_clients(struct rpc_server *server)
|
|
{
|
|
struct rpc_work_process *worker = NULL;
|
|
struct rpc_host_pending_client *pending_client = NULL;
|
|
uint32_t assoc_group_id;
|
|
DATA_BLOB blob;
|
|
struct iovec iov;
|
|
enum ndr_err_code ndr_err;
|
|
NTSTATUS status;
|
|
|
|
again:
|
|
pending_client = server->pending_clients;
|
|
if (pending_client == NULL) {
|
|
DBG_DEBUG("No pending clients\n");
|
|
return;
|
|
}
|
|
|
|
assoc_group_id = pending_client->bind_pkt->u.bind.assoc_group_id;
|
|
|
|
if (assoc_group_id != 0) {
|
|
size_t num_workers = talloc_array_length(server->workers);
|
|
uint8_t worker_index = assoc_group_id >> 24;
|
|
|
|
if (worker_index >= num_workers) {
|
|
DBG_DEBUG("Invalid assoc group id %"PRIu32"\n",
|
|
assoc_group_id);
|
|
goto done;
|
|
}
|
|
worker = &server->workers[worker_index];
|
|
|
|
if ((worker->pid == -1) || !worker->available) {
|
|
DBG_DEBUG("Requested worker index %"PRIu8": "
|
|
"pid=%d, available=%d",
|
|
worker_index,
|
|
(int)worker->pid,
|
|
(int)worker->available);
|
|
/*
|
|
* Pick a random one for a proper bind nack
|
|
*/
|
|
worker = rpc_host_find_worker(server);
|
|
}
|
|
} else {
|
|
struct auth_session_info_transport *session_info =
|
|
pending_client->client->npa_info7->session_info;
|
|
uint32_t flags = 0;
|
|
bool found;
|
|
|
|
found = security_token_find_npa_flags(
|
|
session_info->session_info->security_token,
|
|
&flags);
|
|
|
|
/* fresh assoc group requested */
|
|
if (found & (flags & SAMBA_NPA_FLAGS_NEED_IDLE)) {
|
|
worker = rpc_host_find_idle_worker(server);
|
|
} else {
|
|
worker = rpc_host_find_worker(server);
|
|
}
|
|
}
|
|
|
|
if (worker == NULL) {
|
|
DBG_DEBUG("No worker found\n");
|
|
return;
|
|
}
|
|
|
|
DLIST_REMOVE(server->pending_clients, pending_client);
|
|
|
|
ndr_err = ndr_push_struct_blob(
|
|
&blob,
|
|
pending_client,
|
|
pending_client->client,
|
|
(ndr_push_flags_fn_t)ndr_push_rpc_host_client);
|
|
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
|
DBG_WARNING("ndr_push_rpc_host_client failed: %s\n",
|
|
ndr_errstr(ndr_err));
|
|
goto done;
|
|
}
|
|
|
|
DBG_INFO("Sending new client %s to %d with %"PRIu32" clients\n",
|
|
server->rpc_server_exe,
|
|
worker->pid,
|
|
worker->num_clients);
|
|
|
|
iov = (struct iovec) {
|
|
.iov_base = blob.data, .iov_len = blob.length,
|
|
};
|
|
|
|
status = messaging_send_iov(
|
|
server->host->msg_ctx,
|
|
pid_to_procid(worker->pid),
|
|
MSG_RPC_HOST_NEW_CLIENT,
|
|
&iov,
|
|
1,
|
|
&pending_client->sock,
|
|
1);
|
|
if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
|
|
DBG_DEBUG("worker %d died, sigchld not yet received?\n",
|
|
worker->pid);
|
|
DLIST_ADD(server->pending_clients, pending_client);
|
|
worker->available = false;
|
|
goto again;
|
|
}
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
DBG_DEBUG("messaging_send_iov failed: %s\n",
|
|
nt_errstr(status));
|
|
goto done;
|
|
}
|
|
worker->num_clients += 1;
|
|
TALLOC_FREE(worker->exit_timer);
|
|
|
|
TALLOC_FREE(server->host->np_helper_shutdown);
|
|
|
|
done:
|
|
TALLOC_FREE(pending_client);
|
|
}
|
|
|
|
static int rpc_host_pending_client_destructor(
|
|
struct rpc_host_pending_client *p)
|
|
{
|
|
TALLOC_FREE(p->hangup_wait);
|
|
if (p->sock != -1) {
|
|
close(p->sock);
|
|
p->sock = -1;
|
|
}
|
|
DLIST_REMOVE(p->server->pending_clients, p);
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Exception condition handler before rpcd_* worker
|
|
* is handling the socket. Either the client exited or
|
|
* sent unexpected data after the initial bind.
|
|
*/
|
|
static void rpc_host_client_exited(struct tevent_req *subreq)
|
|
{
|
|
struct rpc_host_pending_client *pending = tevent_req_callback_data(
|
|
subreq, struct rpc_host_pending_client);
|
|
bool ok;
|
|
int err;
|
|
|
|
ok = wait_for_read_recv(subreq, &err);
|
|
|
|
TALLOC_FREE(subreq);
|
|
pending->hangup_wait = NULL;
|
|
|
|
if (ok) {
|
|
DBG_DEBUG("client on sock %d sent data\n", pending->sock);
|
|
} else {
|
|
DBG_DEBUG("client exited with %s\n", strerror(err));
|
|
}
|
|
TALLOC_FREE(pending);
|
|
}
|
|
|
|
struct rpc_iface_binding_map {
|
|
struct ndr_syntax_id iface;
|
|
char *bindings;
|
|
};
|
|
|
|
static bool rpc_iface_binding_map_add_endpoint(
|
|
TALLOC_CTX *mem_ctx,
|
|
const struct rpc_host_endpoint *ep,
|
|
struct rpc_host_iface_name *iface_names,
|
|
struct rpc_iface_binding_map **pmaps)
|
|
{
|
|
const struct ndr_syntax_id mgmt_iface = {
|
|
{0xafa8bd80,
|
|
0x7d8a,
|
|
0x11c9,
|
|
{0xbe,0xf4},
|
|
{0x08,0x00,0x2b,0x10,0x29,0x89}
|
|
},
|
|
1.0};
|
|
|
|
struct rpc_iface_binding_map *maps = *pmaps;
|
|
size_t i, num_ifaces = talloc_array_length(ep->interfaces);
|
|
char *binding_string = NULL;
|
|
bool ok = false;
|
|
|
|
binding_string = dcerpc_binding_string(mem_ctx, ep->binding);
|
|
if (binding_string == NULL) {
|
|
return false;
|
|
}
|
|
|
|
for (i=0; i<num_ifaces; i++) {
|
|
const struct ndr_syntax_id *iface = &ep->interfaces[i];
|
|
size_t j, num_maps = talloc_array_length(maps);
|
|
struct rpc_iface_binding_map *map = NULL;
|
|
char *p = NULL;
|
|
|
|
if (ndr_syntax_id_equal(iface, &mgmt_iface)) {
|
|
/*
|
|
* mgmt is offered everywhere, don't put it
|
|
* into epmdb.tdb.
|
|
*/
|
|
continue;
|
|
}
|
|
|
|
for (j=0; j<num_maps; j++) {
|
|
map = &maps[j];
|
|
if (ndr_syntax_id_equal(&map->iface, iface)) {
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (j == num_maps) {
|
|
struct rpc_iface_binding_map *tmp = NULL;
|
|
struct rpc_host_iface_name *iface_name = NULL;
|
|
|
|
iface_name = rpc_host_iface_names_find(
|
|
iface_names, iface);
|
|
if (iface_name == NULL) {
|
|
goto fail;
|
|
}
|
|
|
|
tmp = talloc_realloc(
|
|
mem_ctx,
|
|
maps,
|
|
struct rpc_iface_binding_map,
|
|
num_maps+1);
|
|
if (tmp == NULL) {
|
|
goto fail;
|
|
}
|
|
maps = tmp;
|
|
|
|
map = &maps[num_maps];
|
|
*map = (struct rpc_iface_binding_map) {
|
|
.iface = *iface,
|
|
.bindings = talloc_move(
|
|
maps, &iface_name->name),
|
|
};
|
|
}
|
|
|
|
p = strv_find(map->bindings, binding_string);
|
|
if (p == NULL) {
|
|
int ret = strv_add(
|
|
maps, &map->bindings, binding_string);
|
|
if (ret != 0) {
|
|
goto fail;
|
|
}
|
|
}
|
|
}
|
|
|
|
ok = true;
|
|
fail:
|
|
*pmaps = maps;
|
|
return ok;
|
|
}
|
|
|
|
static bool rpc_iface_binding_map_add_endpoints(
|
|
TALLOC_CTX *mem_ctx,
|
|
struct rpc_host_endpoint **endpoints,
|
|
struct rpc_host_iface_name *iface_names,
|
|
struct rpc_iface_binding_map **pbinding_maps)
|
|
{
|
|
size_t i, num_endpoints = talloc_array_length(endpoints);
|
|
|
|
for (i=0; i<num_endpoints; i++) {
|
|
bool ok = rpc_iface_binding_map_add_endpoint(
|
|
mem_ctx, endpoints[i], iface_names, pbinding_maps);
|
|
if (!ok) {
|
|
return false;
|
|
}
|
|
}
|
|
return true;
|
|
}
|
|
|
|
static bool rpc_host_fill_epm_db(
|
|
struct tdb_wrap *db,
|
|
struct rpc_host_endpoint **endpoints,
|
|
struct rpc_host_iface_name *iface_names)
|
|
{
|
|
struct rpc_iface_binding_map *maps = NULL;
|
|
size_t i, num_maps;
|
|
bool ret = false;
|
|
bool ok;
|
|
|
|
ok = rpc_iface_binding_map_add_endpoints(
|
|
talloc_tos(), endpoints, iface_names, &maps);
|
|
if (!ok) {
|
|
goto fail;
|
|
}
|
|
|
|
num_maps = talloc_array_length(maps);
|
|
|
|
for (i=0; i<num_maps; i++) {
|
|
struct rpc_iface_binding_map *map = &maps[i];
|
|
struct ndr_syntax_id_buf buf;
|
|
char *keystr = ndr_syntax_id_buf_string(&map->iface, &buf);
|
|
TDB_DATA value = {
|
|
.dptr = (uint8_t *)map->bindings,
|
|
.dsize = talloc_array_length(map->bindings),
|
|
};
|
|
int rc;
|
|
|
|
rc = tdb_store(
|
|
db->tdb, string_term_tdb_data(keystr), value, 0);
|
|
if (rc == -1) {
|
|
DBG_DEBUG("tdb_store() failed: %s\n",
|
|
tdb_errorstr(db->tdb));
|
|
goto fail;
|
|
}
|
|
}
|
|
|
|
ret = true;
|
|
fail:
|
|
TALLOC_FREE(maps);
|
|
return ret;
|
|
}
|
|
|
|
struct rpc_server_setup_state {
|
|
struct rpc_server *server;
|
|
};
|
|
|
|
static void rpc_server_setup_got_endpoints(struct tevent_req *subreq);
|
|
|
|
/*
|
|
* Async initialize state for all possible rpcd_* servers.
|
|
* Note this does not start them.
|
|
*/
|
|
static struct tevent_req *rpc_server_setup_send(
|
|
TALLOC_CTX *mem_ctx,
|
|
struct tevent_context *ev,
|
|
struct rpc_host *host,
|
|
struct dcerpc_binding **existing_bindings,
|
|
const char *rpc_server_exe)
|
|
{
|
|
struct tevent_req *req = NULL, *subreq = NULL;
|
|
struct rpc_server_setup_state *state = NULL;
|
|
struct rpc_server *server = NULL;
|
|
|
|
req = tevent_req_create(
|
|
mem_ctx, &state, struct rpc_server_setup_state);
|
|
if (req == NULL) {
|
|
return NULL;
|
|
}
|
|
state->server = talloc_zero(state, struct rpc_server);
|
|
if (tevent_req_nomem(state->server, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
|
|
server = state->server;
|
|
|
|
*server = (struct rpc_server) {
|
|
.host = host,
|
|
.server_index = UINT32_MAX,
|
|
.rpc_server_exe = talloc_strdup(server, rpc_server_exe),
|
|
};
|
|
if (tevent_req_nomem(server->rpc_server_exe, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
|
|
subreq = rpc_server_get_endpoints_send(
|
|
state,
|
|
ev,
|
|
rpc_server_exe,
|
|
host->np_helper ? NCACN_NP : NCA_UNKNOWN,
|
|
existing_bindings);
|
|
if (tevent_req_nomem(subreq, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
tevent_req_set_callback(subreq, rpc_server_setup_got_endpoints, req);
|
|
return req;
|
|
}
|
|
|
|
static void rpc_server_setup_got_endpoints(struct tevent_req *subreq)
|
|
{
|
|
struct tevent_req *req = tevent_req_callback_data(
|
|
subreq, struct tevent_req);
|
|
struct rpc_server_setup_state *state = tevent_req_data(
|
|
req, struct rpc_server_setup_state);
|
|
struct rpc_server *server = state->server;
|
|
int ret;
|
|
size_t i, num_endpoints;
|
|
bool ok;
|
|
|
|
ret = rpc_server_get_endpoints_recv(
|
|
subreq,
|
|
server,
|
|
&server->endpoints,
|
|
&server->iface_names,
|
|
&server->max_workers,
|
|
&server->idle_seconds);
|
|
TALLOC_FREE(subreq);
|
|
if (ret != 0) {
|
|
tevent_req_nterror(req, map_nt_error_from_unix(ret));
|
|
return;
|
|
}
|
|
|
|
server->workers = talloc_array(
|
|
server, struct rpc_work_process, server->max_workers);
|
|
if (tevent_req_nomem(server->workers, req)) {
|
|
return;
|
|
}
|
|
|
|
for (i=0; i<server->max_workers; i++) {
|
|
/* mark as not yet created */
|
|
server->workers[i] = (struct rpc_work_process) { .pid=-1, };
|
|
}
|
|
|
|
num_endpoints = talloc_array_length(server->endpoints);
|
|
|
|
for (i=0; i<num_endpoints; i++) {
|
|
struct rpc_host_endpoint *e = server->endpoints[i];
|
|
NTSTATUS status;
|
|
size_t j;
|
|
|
|
e->server = server;
|
|
|
|
status = dcesrv_create_binding_sockets(
|
|
e->binding, e, &e->num_fds, &e->fds);
|
|
if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
|
|
continue;
|
|
}
|
|
if (tevent_req_nterror(req, status)) {
|
|
DBG_DEBUG("dcesrv_create_binding_sockets failed: %s\n",
|
|
nt_errstr(status));
|
|
return;
|
|
}
|
|
|
|
for (j=0; j<e->num_fds; j++) {
|
|
ret = listen(e->fds[j], 256);
|
|
if (ret == -1) {
|
|
tevent_req_nterror(
|
|
req, map_nt_error_from_unix(errno));
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
|
|
ok = rpc_host_fill_epm_db(
|
|
server->host->epmdb, server->endpoints, server->iface_names);
|
|
if (!ok) {
|
|
DBG_DEBUG("rpc_host_fill_epm_db failed\n");
|
|
}
|
|
|
|
tevent_req_done(req);
|
|
}
|
|
|
|
static NTSTATUS rpc_server_setup_recv(
|
|
struct tevent_req *req, TALLOC_CTX *mem_ctx, struct rpc_server **server)
|
|
{
|
|
struct rpc_server_setup_state *state = tevent_req_data(
|
|
req, struct rpc_server_setup_state);
|
|
NTSTATUS status;
|
|
|
|
if (tevent_req_is_nterror(req, &status)) {
|
|
tevent_req_received(req);
|
|
return status;
|
|
}
|
|
|
|
*server = talloc_move(mem_ctx, &state->server);
|
|
tevent_req_received(req);
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
/*
|
|
* rpcd_* died. Called from SIGCHLD handler.
|
|
*/
|
|
static void rpc_worker_exited(struct rpc_host *host, pid_t pid)
|
|
{
|
|
size_t i, num_servers = talloc_array_length(host->servers);
|
|
struct rpc_work_process *worker = NULL;
|
|
bool found_pid = false;
|
|
bool have_active_worker = false;
|
|
|
|
for (i=0; i<num_servers; i++) {
|
|
struct rpc_server *server = host->servers[i];
|
|
size_t j, num_workers;
|
|
|
|
if (server == NULL) {
|
|
/* SIGCHLD for --list-interfaces run */
|
|
continue;
|
|
}
|
|
|
|
num_workers = talloc_array_length(server->workers);
|
|
|
|
for (j=0; j<num_workers; j++) {
|
|
worker = &server->workers[j];
|
|
if (worker->pid == pid) {
|
|
found_pid = true;
|
|
worker->pid = -1;
|
|
worker->available = false;
|
|
}
|
|
|
|
if (worker->pid != -1) {
|
|
have_active_worker = true;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (!found_pid) {
|
|
DBG_WARNING("No worker with PID %d\n", (int)pid);
|
|
return;
|
|
}
|
|
|
|
if (!have_active_worker && host->np_helper) {
|
|
/*
|
|
* We have nothing left to do as an np_helper.
|
|
* Terminate ourselves (samba-dcerpcd). We will
|
|
* be restarted on demand anyway.
|
|
*/
|
|
DBG_DEBUG("Exiting idle np helper\n");
|
|
exit(0);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* rpcd_* died.
|
|
*/
|
|
static void rpc_host_sigchld(
|
|
struct tevent_context *ev,
|
|
struct tevent_signal *se,
|
|
int signum,
|
|
int count,
|
|
void *siginfo,
|
|
void *private_data)
|
|
{
|
|
struct rpc_host *state = talloc_get_type_abort(
|
|
private_data, struct rpc_host);
|
|
pid_t pid;
|
|
int wstatus;
|
|
|
|
while ((pid = waitpid(-1, &wstatus, WNOHANG)) > 0) {
|
|
DBG_DEBUG("pid=%d, wstatus=%d\n", (int)pid, wstatus);
|
|
rpc_worker_exited(state, pid);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Idle timer fired for a rcpd_* worker. Ask it to terminate.
|
|
*/
|
|
static void rpc_host_exit_worker(
|
|
struct tevent_context *ev,
|
|
struct tevent_timer *te,
|
|
struct timeval current_time,
|
|
void *private_data)
|
|
{
|
|
struct rpc_server *server = talloc_get_type_abort(
|
|
private_data, struct rpc_server);
|
|
size_t i, num_workers = talloc_array_length(server->workers);
|
|
|
|
/*
|
|
* Scan for the right worker. We don't have too many of those,
|
|
* and maintaining an index would be more data structure effort.
|
|
*/
|
|
|
|
for (i=0; i<num_workers; i++) {
|
|
struct rpc_work_process *w = &server->workers[i];
|
|
NTSTATUS status;
|
|
|
|
if (w->exit_timer != te) {
|
|
continue;
|
|
}
|
|
w->exit_timer = NULL;
|
|
|
|
SMB_ASSERT(w->num_clients == 0);
|
|
|
|
status = messaging_send(
|
|
server->host->msg_ctx,
|
|
pid_to_procid(w->pid),
|
|
MSG_SHUTDOWN,
|
|
NULL);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
DBG_DEBUG("Could not send SHUTDOWN msg: %s\n",
|
|
nt_errstr(status));
|
|
}
|
|
|
|
w->available = false;
|
|
break;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* rcpd_* worker replied with its status.
|
|
*/
|
|
static void rpc_host_child_status_recv(
|
|
struct messaging_context *msg,
|
|
void *private_data,
|
|
uint32_t msg_type,
|
|
struct server_id server_id,
|
|
DATA_BLOB *data)
|
|
{
|
|
struct rpc_host *host = talloc_get_type_abort(
|
|
private_data, struct rpc_host);
|
|
size_t num_servers = talloc_array_length(host->servers);
|
|
struct rpc_server *server = NULL;
|
|
size_t num_workers;
|
|
pid_t src_pid = procid_to_pid(&server_id);
|
|
struct rpc_work_process *worker = NULL;
|
|
struct rpc_worker_status status_message;
|
|
enum ndr_err_code ndr_err;
|
|
|
|
ndr_err = ndr_pull_struct_blob_all_noalloc(
|
|
data,
|
|
&status_message,
|
|
(ndr_pull_flags_fn_t)ndr_pull_rpc_worker_status);
|
|
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
|
struct server_id_buf buf;
|
|
DBG_WARNING("Got invalid message from pid %s\n",
|
|
server_id_str_buf(server_id, &buf));
|
|
return;
|
|
}
|
|
if (DEBUGLEVEL >= 10) {
|
|
NDR_PRINT_DEBUG(rpc_worker_status, &status_message);
|
|
}
|
|
|
|
if (status_message.server_index >= num_servers) {
|
|
DBG_WARNING("Got invalid server_index=%"PRIu32", "
|
|
"num_servers=%zu\n",
|
|
status_message.server_index,
|
|
num_servers);
|
|
return;
|
|
}
|
|
|
|
server = host->servers[status_message.server_index];
|
|
|
|
num_workers = talloc_array_length(server->workers);
|
|
if (status_message.worker_index >= num_workers) {
|
|
DBG_WARNING("Got invalid worker_index=%"PRIu32", "
|
|
"num_workers=%zu\n",
|
|
status_message.worker_index,
|
|
num_workers);
|
|
return;
|
|
}
|
|
worker = &server->workers[status_message.worker_index];
|
|
|
|
if (src_pid != worker->pid) {
|
|
DBG_WARNING("Got idx=%"PRIu32" from %d, expected %d\n",
|
|
status_message.worker_index,
|
|
(int)src_pid,
|
|
worker->pid);
|
|
return;
|
|
}
|
|
|
|
worker->available = true;
|
|
worker->num_clients = status_message.num_clients;
|
|
|
|
if (worker->num_clients != 0) {
|
|
TALLOC_FREE(worker->exit_timer);
|
|
} else {
|
|
worker->exit_timer = tevent_add_timer(
|
|
messaging_tevent_context(msg),
|
|
server->workers,
|
|
tevent_timeval_current_ofs(server->idle_seconds, 0),
|
|
rpc_host_exit_worker,
|
|
server);
|
|
/* No NULL check, it's not fatal if this does not work */
|
|
}
|
|
|
|
rpc_host_distribute_clients(server);
|
|
}
|
|
|
|
/*
|
|
* samba-dcerpcd has been asked to shutdown.
|
|
* Mark the initial tevent_req as done so we
|
|
* exit the event loop.
|
|
*/
|
|
static void rpc_host_msg_shutdown(
|
|
struct messaging_context *msg,
|
|
void *private_data,
|
|
uint32_t msg_type,
|
|
struct server_id server_id,
|
|
DATA_BLOB *data)
|
|
{
|
|
struct tevent_req *req = talloc_get_type_abort(
|
|
private_data, struct tevent_req);
|
|
tevent_req_done(req);
|
|
}
|
|
|
|
/*
|
|
* Only match directory entries starting in rpcd_
|
|
*/
|
|
static int rpcd_filter(const struct dirent *d)
|
|
{
|
|
int match = fnmatch("rpcd_*", d->d_name, 0);
|
|
return (match == 0) ? 1 : 0;
|
|
}
|
|
|
|
/*
|
|
* Scan the given libexecdir for rpcd_* services
|
|
* and return them as a strv list.
|
|
*/
|
|
static int rpc_host_list_servers(
|
|
const char *libexecdir, TALLOC_CTX *mem_ctx, char **pservers)
|
|
{
|
|
char *servers = NULL;
|
|
struct dirent **namelist = NULL;
|
|
int i, num_servers;
|
|
int ret = ENOMEM;
|
|
|
|
num_servers = scandir(libexecdir, &namelist, rpcd_filter, alphasort);
|
|
if (num_servers == -1) {
|
|
DBG_DEBUG("scandir failed: %s\n", strerror(errno));
|
|
return errno;
|
|
}
|
|
|
|
for (i=0; i<num_servers; i++) {
|
|
char *exe = talloc_asprintf(
|
|
mem_ctx, "%s/%s", libexecdir, namelist[i]->d_name);
|
|
if (exe == NULL) {
|
|
goto fail;
|
|
}
|
|
|
|
ret = strv_add(mem_ctx, &servers, exe);
|
|
TALLOC_FREE(exe);
|
|
if (ret != 0) {
|
|
goto fail;
|
|
}
|
|
}
|
|
fail:
|
|
for (i=0; i<num_servers; i++) {
|
|
SAFE_FREE(namelist[i]);
|
|
}
|
|
SAFE_FREE(namelist);
|
|
|
|
if (ret != 0) {
|
|
TALLOC_FREE(servers);
|
|
return ret;
|
|
}
|
|
*pservers = servers;
|
|
return 0;
|
|
}
|
|
|
|
struct rpc_host_endpoint_accept_state {
|
|
struct tevent_context *ev;
|
|
struct rpc_host_endpoint *endpoint;
|
|
};
|
|
|
|
static void rpc_host_endpoint_accept_accepted(struct tevent_req *subreq);
|
|
static void rpc_host_endpoint_accept_got_bind(struct tevent_req *subreq);
|
|
|
|
/*
|
|
* Asynchronously wait for a DCERPC connection from a client.
|
|
*/
|
|
static struct tevent_req *rpc_host_endpoint_accept_send(
|
|
TALLOC_CTX *mem_ctx,
|
|
struct tevent_context *ev,
|
|
struct rpc_host_endpoint *endpoint)
|
|
{
|
|
struct tevent_req *req = NULL;
|
|
struct rpc_host_endpoint_accept_state *state = NULL;
|
|
size_t i;
|
|
|
|
req = tevent_req_create(
|
|
mem_ctx, &state, struct rpc_host_endpoint_accept_state);
|
|
if (req == NULL) {
|
|
return NULL;
|
|
}
|
|
state->ev = ev;
|
|
state->endpoint = endpoint;
|
|
|
|
for (i=0; i<endpoint->num_fds; i++) {
|
|
struct tevent_req *subreq = NULL;
|
|
|
|
subreq = accept_send(state, ev, endpoint->fds[i]);
|
|
if (tevent_req_nomem(subreq, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
tevent_req_set_callback(
|
|
subreq, rpc_host_endpoint_accept_accepted, req);
|
|
}
|
|
|
|
return req;
|
|
}
|
|
|
|
/*
|
|
* Accept a DCERPC connection from a client.
|
|
*/
|
|
static void rpc_host_endpoint_accept_accepted(struct tevent_req *subreq)
|
|
{
|
|
struct tevent_req *req = tevent_req_callback_data(
|
|
subreq, struct tevent_req);
|
|
struct rpc_host_endpoint_accept_state *state = tevent_req_data(
|
|
req, struct rpc_host_endpoint_accept_state);
|
|
struct rpc_host_endpoint *endpoint = state->endpoint;
|
|
int sock, listen_sock, err;
|
|
struct samba_sockaddr peer_addr;
|
|
|
|
sock = accept_recv(subreq, &listen_sock, &peer_addr, &err);
|
|
TALLOC_FREE(subreq);
|
|
if (sock == -1) {
|
|
/* What to do here? Just ignore the error and retry? */
|
|
DBG_DEBUG("accept_recv failed: %s\n", strerror(err));
|
|
tevent_req_error(req, err);
|
|
return;
|
|
}
|
|
|
|
subreq = accept_send(state, state->ev, listen_sock);
|
|
if (tevent_req_nomem(subreq, req)) {
|
|
close(sock);
|
|
sock = -1;
|
|
return;
|
|
}
|
|
tevent_req_set_callback(
|
|
subreq, rpc_host_endpoint_accept_accepted, req);
|
|
|
|
subreq = rpc_host_bind_read_send(
|
|
state,
|
|
state->ev,
|
|
dcerpc_binding_get_transport(endpoint->binding),
|
|
&sock,
|
|
&peer_addr);
|
|
if (tevent_req_nomem(subreq, req)) {
|
|
return;
|
|
}
|
|
tevent_req_set_callback(
|
|
subreq, rpc_host_endpoint_accept_got_bind, req);
|
|
}
|
|
|
|
/*
|
|
* Client sent us a DCERPC bind packet.
|
|
*/
|
|
static void rpc_host_endpoint_accept_got_bind(struct tevent_req *subreq)
|
|
{
|
|
struct tevent_req *req = tevent_req_callback_data(
|
|
subreq, struct tevent_req);
|
|
struct rpc_host_endpoint_accept_state *state = tevent_req_data(
|
|
req, struct rpc_host_endpoint_accept_state);
|
|
struct rpc_host_endpoint *endpoint = state->endpoint;
|
|
struct rpc_server *server = endpoint->server;
|
|
struct rpc_host_pending_client *pending = NULL;
|
|
struct rpc_host_client *client = NULL;
|
|
struct ncacn_packet *bind_pkt = NULL;
|
|
int ret;
|
|
int sock=-1;
|
|
|
|
ret = rpc_host_bind_read_recv(
|
|
subreq, state, &sock, &client, &bind_pkt);
|
|
TALLOC_FREE(subreq);
|
|
if (ret != 0) {
|
|
DBG_DEBUG("rpc_host_bind_read_recv returned %s\n",
|
|
strerror(ret));
|
|
goto fail;
|
|
}
|
|
|
|
client->binding = dcerpc_binding_string(client, endpoint->binding);
|
|
if (client->binding == NULL) {
|
|
DBG_WARNING("dcerpc_binding_string failed, dropping client\n");
|
|
goto fail;
|
|
}
|
|
|
|
pending = talloc_zero(server, struct rpc_host_pending_client);
|
|
if (pending == NULL) {
|
|
DBG_WARNING("talloc failed, dropping client\n");
|
|
goto fail;
|
|
}
|
|
pending->server = server;
|
|
pending->sock = sock;
|
|
pending->bind_pkt = talloc_move(pending, &bind_pkt);
|
|
pending->client = talloc_move(pending, &client);
|
|
talloc_set_destructor(pending, rpc_host_pending_client_destructor);
|
|
sock = -1;
|
|
|
|
pending->hangup_wait = wait_for_read_send(
|
|
pending, state->ev, pending->sock, true);
|
|
if (pending->hangup_wait == NULL) {
|
|
DBG_WARNING("wait_for_read_send failed, dropping client\n");
|
|
TALLOC_FREE(pending);
|
|
return;
|
|
}
|
|
tevent_req_set_callback(
|
|
pending->hangup_wait, rpc_host_client_exited, pending);
|
|
|
|
DLIST_ADD_END(server->pending_clients, pending);
|
|
rpc_host_distribute_clients(server);
|
|
return;
|
|
|
|
fail:
|
|
TALLOC_FREE(client);
|
|
if (sock != -1) {
|
|
close(sock);
|
|
}
|
|
}
|
|
|
|
static int rpc_host_endpoint_accept_recv(
|
|
struct tevent_req *req, struct rpc_host_endpoint **ep)
|
|
{
|
|
struct rpc_host_endpoint_accept_state *state = tevent_req_data(
|
|
req, struct rpc_host_endpoint_accept_state);
|
|
|
|
*ep = state->endpoint;
|
|
|
|
return tevent_req_simple_recv_unix(req);
|
|
}
|
|
|
|
/*
|
|
* Full state for samba-dcerpcd. Everything else
|
|
* is hung off this.
|
|
*/
|
|
struct rpc_host_state {
|
|
struct tevent_context *ev;
|
|
struct rpc_host *host;
|
|
|
|
bool is_ready;
|
|
const char *daemon_ready_progname;
|
|
struct tevent_immediate *ready_signal_immediate;
|
|
int *ready_signal_fds;
|
|
|
|
size_t num_servers;
|
|
size_t num_prepared;
|
|
};
|
|
|
|
/*
|
|
* Tell whoever invoked samba-dcerpcd we're ready to
|
|
* serve.
|
|
*/
|
|
static void rpc_host_report_readiness(
|
|
struct tevent_context *ev,
|
|
struct tevent_immediate *im,
|
|
void *private_data)
|
|
{
|
|
struct rpc_host_state *state = talloc_get_type_abort(
|
|
private_data, struct rpc_host_state);
|
|
size_t i, num_fds = talloc_array_length(state->ready_signal_fds);
|
|
|
|
if (!state->is_ready) {
|
|
DBG_DEBUG("Not yet ready\n");
|
|
return;
|
|
}
|
|
|
|
for (i=0; i<num_fds; i++) {
|
|
uint8_t byte = 0;
|
|
ssize_t nwritten;
|
|
|
|
do {
|
|
nwritten = write(
|
|
state->ready_signal_fds[i],
|
|
(void *)&byte,
|
|
sizeof(byte));
|
|
} while ((nwritten == -1) && (errno == EINTR));
|
|
|
|
close(state->ready_signal_fds[i]);
|
|
}
|
|
|
|
TALLOC_FREE(state->ready_signal_fds);
|
|
}
|
|
|
|
/*
|
|
* Respond to a "are you ready" message.
|
|
*/
|
|
static bool rpc_host_ready_signal_filter(
|
|
struct messaging_rec *rec, void *private_data)
|
|
{
|
|
struct rpc_host_state *state = talloc_get_type_abort(
|
|
private_data, struct rpc_host_state);
|
|
size_t num_fds = talloc_array_length(state->ready_signal_fds);
|
|
int *tmp = NULL;
|
|
|
|
if (rec->msg_type != MSG_DAEMON_READY_FD) {
|
|
return false;
|
|
}
|
|
if (rec->num_fds != 1) {
|
|
DBG_DEBUG("Got %"PRIu8" fds\n", rec->num_fds);
|
|
return false;
|
|
}
|
|
|
|
if (num_fds + 1 < num_fds) {
|
|
return false;
|
|
}
|
|
tmp = talloc_realloc(state, state->ready_signal_fds, int, num_fds+1);
|
|
if (tmp == NULL) {
|
|
return false;
|
|
}
|
|
state->ready_signal_fds = tmp;
|
|
|
|
state->ready_signal_fds[num_fds] = rec->fds[0];
|
|
rec->fds[0] = -1;
|
|
|
|
tevent_schedule_immediate(
|
|
state->ready_signal_immediate,
|
|
state->ev,
|
|
rpc_host_report_readiness,
|
|
state);
|
|
|
|
return false;
|
|
}
|
|
|
|
/*
|
|
* Respond to a "what is your status" message.
|
|
*/
|
|
static bool rpc_host_dump_status_filter(
|
|
struct messaging_rec *rec, void *private_data)
|
|
{
|
|
struct rpc_host_state *state = talloc_get_type_abort(
|
|
private_data, struct rpc_host_state);
|
|
struct rpc_host *host = state->host;
|
|
struct rpc_server **servers = host->servers;
|
|
size_t i, num_servers = talloc_array_length(servers);
|
|
FILE *f = NULL;
|
|
int fd;
|
|
|
|
if (rec->msg_type != MSG_RPC_DUMP_STATUS) {
|
|
return false;
|
|
}
|
|
if (rec->num_fds != 1) {
|
|
DBG_DEBUG("Got %"PRIu8" fds\n", rec->num_fds);
|
|
return false;
|
|
}
|
|
|
|
fd = dup(rec->fds[0]);
|
|
if (fd == -1) {
|
|
DBG_DEBUG("dup(%"PRIi64") failed: %s\n",
|
|
rec->fds[0],
|
|
strerror(errno));
|
|
return false;
|
|
}
|
|
|
|
f = fdopen(fd, "w");
|
|
if (f == NULL) {
|
|
DBG_DEBUG("fdopen failed: %s\n", strerror(errno));
|
|
close(fd);
|
|
return false;
|
|
}
|
|
|
|
for (i=0; i<num_servers; i++) {
|
|
struct rpc_server *server = servers[i];
|
|
size_t j, num_workers = talloc_array_length(server->workers);
|
|
size_t active_workers = 0;
|
|
|
|
for (j=0; j<num_workers; j++) {
|
|
if (server->workers[j].pid != -1) {
|
|
active_workers += 1;
|
|
}
|
|
}
|
|
|
|
fprintf(f,
|
|
"%s: active_workers=%zu\n",
|
|
server->rpc_server_exe,
|
|
active_workers);
|
|
|
|
for (j=0; j<num_workers; j++) {
|
|
struct rpc_work_process *w = &server->workers[j];
|
|
|
|
if (w->pid == (pid_t)-1) {
|
|
continue;
|
|
}
|
|
|
|
fprintf(f,
|
|
" worker[%zu]: pid=%d, num_clients=%"PRIu32"\n",
|
|
j,
|
|
(int)w->pid,
|
|
w->num_clients);
|
|
}
|
|
}
|
|
|
|
fclose(f);
|
|
|
|
return false;
|
|
}
|
|
|
|
static void rpc_host_server_setup_done(struct tevent_req *subreq);
|
|
static void rpc_host_endpoint_failed(struct tevent_req *subreq);
|
|
|
|
/*
|
|
* Async startup for samba-dcerpcd.
|
|
*/
|
|
static struct tevent_req *rpc_host_send(
|
|
TALLOC_CTX *mem_ctx,
|
|
struct tevent_context *ev,
|
|
struct messaging_context *msg_ctx,
|
|
struct dcerpc_binding **existing_bindings,
|
|
char *servers,
|
|
int ready_signal_fd,
|
|
const char *daemon_ready_progname,
|
|
bool is_np_helper)
|
|
{
|
|
struct tevent_req *req = NULL, *subreq = NULL;
|
|
struct rpc_host_state *state = NULL;
|
|
struct rpc_host *host = NULL;
|
|
struct tevent_signal *se = NULL;
|
|
char *epmdb_path = NULL;
|
|
char *exe = NULL;
|
|
size_t i, num_servers = strv_count(servers);
|
|
NTSTATUS status;
|
|
int ret;
|
|
|
|
req = tevent_req_create(req, &state, struct rpc_host_state);
|
|
if (req == NULL) {
|
|
return NULL;
|
|
}
|
|
state->ev = ev;
|
|
state->daemon_ready_progname = daemon_ready_progname;
|
|
|
|
state->ready_signal_immediate = tevent_create_immediate(state);
|
|
if (tevent_req_nomem(state->ready_signal_immediate, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
|
|
if (ready_signal_fd != -1) {
|
|
state->ready_signal_fds = talloc_array(state, int, 1);
|
|
if (tevent_req_nomem(state->ready_signal_fds, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
state->ready_signal_fds[0] = ready_signal_fd;
|
|
}
|
|
|
|
state->host = talloc_zero(state, struct rpc_host);
|
|
if (tevent_req_nomem(state->host, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
host = state->host;
|
|
|
|
host->msg_ctx = msg_ctx;
|
|
host->np_helper = is_np_helper;
|
|
|
|
ret = pipe(host->worker_stdin);
|
|
if (ret == -1) {
|
|
tevent_req_nterror(req, map_nt_error_from_unix(errno));
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
|
|
host->servers = talloc_zero_array(
|
|
host, struct rpc_server *, num_servers);
|
|
if (tevent_req_nomem(host->servers, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
|
|
se = tevent_add_signal(ev, state, SIGCHLD, 0, rpc_host_sigchld, host);
|
|
if (tevent_req_nomem(se, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
BlockSignals(false, SIGCHLD);
|
|
|
|
status = messaging_register(
|
|
msg_ctx,
|
|
host,
|
|
MSG_RPC_WORKER_STATUS,
|
|
rpc_host_child_status_recv);
|
|
if (tevent_req_nterror(req, status)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
|
|
status = messaging_register(
|
|
msg_ctx, req, MSG_SHUTDOWN, rpc_host_msg_shutdown);
|
|
if (tevent_req_nterror(req, status)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
|
|
subreq = messaging_filtered_read_send(
|
|
state, ev, msg_ctx, rpc_host_ready_signal_filter, state);
|
|
if (tevent_req_nomem(subreq, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
|
|
subreq = messaging_filtered_read_send(
|
|
state, ev, msg_ctx, rpc_host_dump_status_filter, state);
|
|
if (tevent_req_nomem(subreq, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
|
|
epmdb_path = lock_path(state, "epmdb.tdb");
|
|
if (tevent_req_nomem(epmdb_path, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
|
|
host->epmdb = tdb_wrap_open(
|
|
host,
|
|
epmdb_path,
|
|
0,
|
|
TDB_CLEAR_IF_FIRST|TDB_INCOMPATIBLE_HASH,
|
|
O_RDWR|O_CREAT,
|
|
0644);
|
|
if (host->epmdb == NULL) {
|
|
DBG_DEBUG("tdb_wrap_open(%s) failed: %s\n",
|
|
epmdb_path,
|
|
strerror(errno));
|
|
tevent_req_nterror(req, map_nt_error_from_unix(errno));
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
TALLOC_FREE(epmdb_path);
|
|
|
|
for (exe = strv_next(servers, exe), i = 0;
|
|
exe != NULL;
|
|
exe = strv_next(servers, exe), i++) {
|
|
|
|
DBG_DEBUG("server_setup for %s index %zu\n", exe, i);
|
|
|
|
subreq = rpc_server_setup_send(
|
|
state,
|
|
ev,
|
|
host,
|
|
existing_bindings,
|
|
exe);
|
|
if (tevent_req_nomem(subreq, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
tevent_req_set_callback(
|
|
subreq, rpc_host_server_setup_done, req);
|
|
}
|
|
|
|
return req;
|
|
}
|
|
|
|
/*
|
|
* Timer function called after we were initialized but no one
|
|
* connected. Shutdown.
|
|
*/
|
|
static void rpc_host_shutdown(
|
|
struct tevent_context *ev,
|
|
struct tevent_timer *te,
|
|
struct timeval current_time,
|
|
void *private_data)
|
|
{
|
|
struct tevent_req *req = talloc_get_type_abort(
|
|
private_data, struct tevent_req);
|
|
DBG_DEBUG("Nobody connected -- shutting down\n");
|
|
tevent_req_done(req);
|
|
}
|
|
|
|
static void rpc_host_server_setup_done(struct tevent_req *subreq)
|
|
{
|
|
struct tevent_req *req = tevent_req_callback_data(
|
|
subreq, struct tevent_req);
|
|
struct rpc_host_state *state = tevent_req_data(
|
|
req, struct rpc_host_state);
|
|
struct rpc_server *server = NULL;
|
|
struct rpc_host *host = state->host;
|
|
size_t i, num_servers = talloc_array_length(host->servers);
|
|
NTSTATUS status;
|
|
|
|
status = rpc_server_setup_recv(subreq, host, &server);
|
|
TALLOC_FREE(subreq);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
DBG_DEBUG("rpc_server_setup_recv returned %s, ignoring\n",
|
|
nt_errstr(status));
|
|
host->servers = talloc_realloc(
|
|
host,
|
|
host->servers,
|
|
struct rpc_server *,
|
|
num_servers-1);
|
|
return;
|
|
}
|
|
|
|
server->server_index = state->num_prepared;
|
|
host->servers[state->num_prepared] = server;
|
|
|
|
state->num_prepared += 1;
|
|
|
|
if (state->num_prepared < num_servers) {
|
|
return;
|
|
}
|
|
|
|
for (i=0; i<num_servers; i++) {
|
|
size_t j, num_endpoints;
|
|
|
|
server = host->servers[i];
|
|
num_endpoints = talloc_array_length(server->endpoints);
|
|
|
|
for (j=0; j<num_endpoints; j++) {
|
|
subreq = rpc_host_endpoint_accept_send(
|
|
state, state->ev, server->endpoints[j]);
|
|
if (tevent_req_nomem(subreq, req)) {
|
|
return;
|
|
}
|
|
tevent_req_set_callback(
|
|
subreq, rpc_host_endpoint_failed, req);
|
|
}
|
|
}
|
|
|
|
state->is_ready = true;
|
|
|
|
if (state->daemon_ready_progname != NULL) {
|
|
daemon_ready(state->daemon_ready_progname);
|
|
}
|
|
|
|
if (host->np_helper) {
|
|
/*
|
|
* If we're started as an np helper, and no one talks to
|
|
* us within 10 seconds, just shut ourselves down.
|
|
*/
|
|
host->np_helper_shutdown = tevent_add_timer(
|
|
state->ev,
|
|
state,
|
|
timeval_current_ofs(10, 0),
|
|
rpc_host_shutdown,
|
|
req);
|
|
if (tevent_req_nomem(host->np_helper_shutdown, req)) {
|
|
return;
|
|
}
|
|
}
|
|
|
|
tevent_schedule_immediate(
|
|
state->ready_signal_immediate,
|
|
state->ev,
|
|
rpc_host_report_readiness,
|
|
state);
|
|
}
|
|
|
|
/*
|
|
* Log accept fail on an endpoint.
|
|
*/
|
|
static void rpc_host_endpoint_failed(struct tevent_req *subreq)
|
|
{
|
|
struct tevent_req *req = tevent_req_callback_data(
|
|
subreq, struct tevent_req);
|
|
struct rpc_host_state *state = tevent_req_data(
|
|
req, struct rpc_host_state);
|
|
struct rpc_host_endpoint *endpoint = NULL;
|
|
char *binding_string = NULL;
|
|
int ret;
|
|
|
|
ret = rpc_host_endpoint_accept_recv(subreq, &endpoint);
|
|
TALLOC_FREE(subreq);
|
|
|
|
binding_string = dcerpc_binding_string(state, endpoint->binding);
|
|
DBG_DEBUG("rpc_host_endpoint_accept_recv for %s returned %s\n",
|
|
binding_string,
|
|
strerror(ret));
|
|
TALLOC_FREE(binding_string);
|
|
}
|
|
|
|
static NTSTATUS rpc_host_recv(struct tevent_req *req)
|
|
{
|
|
return tevent_req_simple_recv_ntstatus(req);
|
|
}
|
|
|
|
static int rpc_host_pidfile_create(
|
|
struct messaging_context *msg_ctx,
|
|
const char *progname,
|
|
int ready_signal_fd)
|
|
{
|
|
const char *piddir = lp_pid_directory();
|
|
size_t len = strlen(piddir) + strlen(progname) + 6;
|
|
char pidFile[len];
|
|
pid_t existing_pid;
|
|
int fd, ret;
|
|
|
|
snprintf(pidFile,
|
|
sizeof(pidFile),
|
|
"%s/%s.pid",
|
|
piddir, progname);
|
|
|
|
ret = pidfile_path_create(pidFile, &fd, &existing_pid);
|
|
if (ret == 0) {
|
|
/* leak fd */
|
|
return 0;
|
|
}
|
|
|
|
if (ret != EAGAIN) {
|
|
DBG_DEBUG("pidfile_path_create() failed: %s\n",
|
|
strerror(ret));
|
|
return ret;
|
|
}
|
|
|
|
DBG_DEBUG("%s pid %d exists\n", progname, (int)existing_pid);
|
|
|
|
if (ready_signal_fd != -1) {
|
|
NTSTATUS status = messaging_send_iov(
|
|
msg_ctx,
|
|
pid_to_procid(existing_pid),
|
|
MSG_DAEMON_READY_FD,
|
|
NULL,
|
|
0,
|
|
&ready_signal_fd,
|
|
1);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
DBG_DEBUG("Could not send ready_signal_fd: %s\n",
|
|
nt_errstr(status));
|
|
}
|
|
}
|
|
|
|
return EAGAIN;
|
|
}
|
|
|
|
/*
|
|
* Find which interfaces are already being served by the samba AD
|
|
* DC so we know not to serve them. Some interfaces like netlogon
|
|
* are served by "samba", some like srvsvc will be served by the
|
|
* source3 based RPC servers.
|
|
*/
|
|
static NTSTATUS rpc_host_epm_lookup(
|
|
TALLOC_CTX *mem_ctx,
|
|
struct dcerpc_binding ***pbindings)
|
|
{
|
|
struct rpc_pipe_client *cli = NULL;
|
|
struct pipe_auth_data *auth = NULL;
|
|
struct policy_handle entry_handle = { .handle_type = 0 };
|
|
struct dcerpc_binding **bindings = NULL;
|
|
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
|
|
|
|
status = rpc_pipe_open_ncalrpc(mem_ctx, &ndr_table_epmapper, &cli);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
DBG_DEBUG("rpc_pipe_open_ncalrpc failed: %s\n",
|
|
nt_errstr(status));
|
|
goto fail;
|
|
}
|
|
status = rpccli_ncalrpc_bind_data(cli, &auth);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
DBG_DEBUG("rpccli_ncalrpc_bind_data failed: %s\n",
|
|
nt_errstr(status));
|
|
goto fail;
|
|
}
|
|
status = rpc_pipe_bind(cli, auth);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
DBG_DEBUG("rpc_pipe_bind failed: %s\n", nt_errstr(status));
|
|
goto fail;
|
|
}
|
|
|
|
for (;;) {
|
|
size_t num_bindings = talloc_array_length(bindings);
|
|
struct dcerpc_binding **tmp = NULL;
|
|
uint32_t num_entries = 0;
|
|
struct epm_entry_t *entry = NULL;
|
|
struct dcerpc_binding *binding = NULL;
|
|
uint32_t result;
|
|
|
|
entry = talloc(cli, struct epm_entry_t);
|
|
if (entry == NULL) {
|
|
goto fail;
|
|
}
|
|
|
|
status = dcerpc_epm_Lookup(
|
|
cli->binding_handle, /* binding_handle */
|
|
cli, /* mem_ctx */
|
|
0, /* rpc_c_ep_all */
|
|
NULL, /* object */
|
|
NULL, /* interface id */
|
|
0, /* rpc_c_vers_all */
|
|
&entry_handle, /* entry_handle */
|
|
1, /* max_ents */
|
|
&num_entries, /* num_ents */
|
|
entry, /* entries */
|
|
&result); /* result */
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
DBG_DEBUG("dcerpc_epm_Lookup failed: %s\n",
|
|
nt_errstr(status));
|
|
goto fail;
|
|
}
|
|
|
|
if (result == EPMAPPER_STATUS_NO_MORE_ENTRIES) {
|
|
break;
|
|
}
|
|
|
|
if (result != EPMAPPER_STATUS_OK) {
|
|
DBG_DEBUG("dcerpc_epm_Lookup returned %"PRIu32"\n",
|
|
result);
|
|
break;
|
|
}
|
|
|
|
if (num_entries != 1) {
|
|
DBG_DEBUG("epm_Lookup returned %"PRIu32" "
|
|
"entries, expected one\n",
|
|
num_entries);
|
|
break;
|
|
}
|
|
|
|
status = dcerpc_binding_from_tower(
|
|
mem_ctx, &entry->tower->tower, &binding);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
break;
|
|
}
|
|
|
|
tmp = talloc_realloc(
|
|
mem_ctx,
|
|
bindings,
|
|
struct dcerpc_binding *,
|
|
num_bindings+1);
|
|
if (tmp == NULL) {
|
|
status = NT_STATUS_NO_MEMORY;
|
|
goto fail;
|
|
}
|
|
bindings = tmp;
|
|
|
|
bindings[num_bindings] = talloc_move(bindings, &binding);
|
|
|
|
TALLOC_FREE(entry);
|
|
}
|
|
|
|
*pbindings = bindings;
|
|
status = NT_STATUS_OK;
|
|
fail:
|
|
TALLOC_FREE(cli);
|
|
return status;
|
|
}
|
|
|
|
static void samba_dcerpcd_stdin_handler(
|
|
struct tevent_context *ev,
|
|
struct tevent_fd *fde,
|
|
uint16_t flags,
|
|
void *private_data)
|
|
{
|
|
struct tevent_req *req = talloc_get_type_abort(
|
|
private_data, struct tevent_req);
|
|
char c;
|
|
|
|
if (read(0, &c, 1) != 1) {
|
|
/* we have reached EOF on stdin, which means the
|
|
parent has exited. Shutdown the server */
|
|
tevent_req_done(req);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* samba-dcerpcd microservice startup !
|
|
*/
|
|
int main(int argc, const char *argv[])
|
|
{
|
|
const struct loadparm_substitution *lp_sub =
|
|
loadparm_s3_global_substitution();
|
|
const char *progname = getprogname();
|
|
TALLOC_CTX *frame = NULL;
|
|
struct tevent_context *ev_ctx = NULL;
|
|
struct messaging_context *msg_ctx = NULL;
|
|
struct tevent_req *req = NULL;
|
|
struct dcerpc_binding **existing_bindings = NULL;
|
|
char *servers = NULL;
|
|
const char *arg = NULL;
|
|
size_t num_servers;
|
|
poptContext pc;
|
|
int ret, err;
|
|
NTSTATUS status;
|
|
bool log_stdout;
|
|
bool ok;
|
|
|
|
int libexec_rpcds = 0;
|
|
int np_helper = 0;
|
|
int ready_signal_fd = -1;
|
|
|
|
struct samba_cmdline_daemon_cfg *cmdline_daemon_cfg = NULL;
|
|
struct poptOption long_options[] = {
|
|
POPT_AUTOHELP
|
|
{
|
|
.longName = "libexec-rpcds",
|
|
.argInfo = POPT_ARG_NONE,
|
|
.arg = &libexec_rpcds,
|
|
.descrip = "Use all rpcds in libexec",
|
|
},
|
|
{
|
|
.longName = "ready-signal-fd",
|
|
.argInfo = POPT_ARG_INT,
|
|
.arg = &ready_signal_fd,
|
|
.descrip = "fd to close when initialized",
|
|
},
|
|
{
|
|
.longName = "np-helper",
|
|
.argInfo = POPT_ARG_NONE,
|
|
.arg = &np_helper,
|
|
.descrip = "Internal named pipe server",
|
|
},
|
|
POPT_COMMON_SAMBA
|
|
POPT_COMMON_DAEMON
|
|
POPT_COMMON_VERSION
|
|
POPT_TABLEEND
|
|
};
|
|
|
|
{
|
|
const char *fd_params[] = { "ready-signal-fd", };
|
|
|
|
closefrom_except_fd_params(
|
|
3, ARRAY_SIZE(fd_params), fd_params, argc, argv);
|
|
}
|
|
|
|
talloc_enable_null_tracking();
|
|
frame = talloc_stackframe();
|
|
umask(0);
|
|
sec_init();
|
|
smb_init_locale();
|
|
|
|
ok = samba_cmdline_init(frame,
|
|
SAMBA_CMDLINE_CONFIG_SERVER,
|
|
true /* require_smbconf */);
|
|
if (!ok) {
|
|
DBG_ERR("Failed to init cmdline parser!\n");
|
|
TALLOC_FREE(frame);
|
|
exit(ENOMEM);
|
|
}
|
|
|
|
pc = samba_popt_get_context(getprogname(),
|
|
argc,
|
|
argv,
|
|
long_options,
|
|
0);
|
|
if (pc == NULL) {
|
|
DBG_ERR("Failed to setup popt context!\n");
|
|
TALLOC_FREE(frame);
|
|
exit(1);
|
|
}
|
|
|
|
poptSetOtherOptionHelp(
|
|
pc, "[OPTIONS] [SERVICE_1 SERVICE_2 .. SERVICE_N]");
|
|
|
|
ret = poptGetNextOpt(pc);
|
|
|
|
if (ret != -1) {
|
|
if (ret >= 0) {
|
|
fprintf(stderr,
|
|
"\nGot unexpected option %d\n",
|
|
ret);
|
|
} else if (ret == POPT_ERROR_BADOPT) {
|
|
fprintf(stderr,
|
|
"\nInvalid option %s: %s\n\n",
|
|
poptBadOption(pc, 0),
|
|
poptStrerror(ret));
|
|
} else {
|
|
fprintf(stderr,
|
|
"\npoptGetNextOpt returned %s\n",
|
|
poptStrerror(ret));
|
|
}
|
|
|
|
poptFreeContext(pc);
|
|
TALLOC_FREE(frame);
|
|
exit(1);
|
|
}
|
|
|
|
while ((arg = poptGetArg(pc)) != NULL) {
|
|
ret = strv_add(frame, &servers, arg);
|
|
if (ret != 0) {
|
|
DBG_ERR("strv_add() failed\n");
|
|
poptFreeContext(pc);
|
|
TALLOC_FREE(frame);
|
|
exit(1);
|
|
}
|
|
}
|
|
|
|
log_stdout = (debug_get_log_type() == DEBUG_STDOUT);
|
|
if (log_stdout) {
|
|
setup_logging(progname, DEBUG_STDOUT);
|
|
} else {
|
|
setup_logging(progname, DEBUG_FILE);
|
|
}
|
|
|
|
/*
|
|
* If "rpc start on demand helpers = true" in smb.conf we must
|
|
* not start as standalone, only on demand from
|
|
* local_np_connect() functions. Log an error message telling
|
|
* the admin how to fix and then exit.
|
|
*/
|
|
if (lp_rpc_start_on_demand_helpers() && np_helper == 0) {
|
|
DBG_ERR("Cannot start in standalone mode if smb.conf "
|
|
"[global] setting "
|
|
"\"rpc start on demand helpers = true\" - "
|
|
"exiting\n");
|
|
TALLOC_FREE(frame);
|
|
exit(1);
|
|
}
|
|
|
|
if (libexec_rpcds != 0) {
|
|
ret = rpc_host_list_servers(
|
|
dyn_SAMBA_LIBEXECDIR, frame, &servers);
|
|
if (ret != 0) {
|
|
DBG_ERR("Could not list libexec: %s\n",
|
|
strerror(ret));
|
|
poptFreeContext(pc);
|
|
TALLOC_FREE(frame);
|
|
exit(1);
|
|
}
|
|
}
|
|
|
|
num_servers = strv_count(servers);
|
|
if (num_servers == 0) {
|
|
poptPrintUsage(pc, stderr, 0);
|
|
poptFreeContext(pc);
|
|
TALLOC_FREE(frame);
|
|
exit(1);
|
|
}
|
|
|
|
poptFreeContext(pc);
|
|
|
|
cmdline_daemon_cfg = samba_cmdline_get_daemon_cfg();
|
|
|
|
if (log_stdout && cmdline_daemon_cfg->fork) {
|
|
DBG_ERR("Can't log to stdout unless in foreground\n");
|
|
TALLOC_FREE(frame);
|
|
exit(1);
|
|
}
|
|
|
|
msg_ctx = global_messaging_context();
|
|
if (msg_ctx == NULL) {
|
|
DBG_ERR("messaging_init() failed\n");
|
|
TALLOC_FREE(frame);
|
|
exit(1);
|
|
}
|
|
ev_ctx = messaging_tevent_context(msg_ctx);
|
|
|
|
if (cmdline_daemon_cfg->fork) {
|
|
become_daemon(
|
|
true,
|
|
cmdline_daemon_cfg->no_process_group,
|
|
log_stdout);
|
|
|
|
status = reinit_after_fork(msg_ctx, ev_ctx, false);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
exit_daemon("reinit_after_fork() failed",
|
|
map_errno_from_nt_status(status));
|
|
}
|
|
} else {
|
|
DBG_DEBUG("Calling daemon_status\n");
|
|
daemon_status(progname, "Starting process ... ");
|
|
}
|
|
|
|
BlockSignals(true, SIGPIPE);
|
|
|
|
dump_core_setup(progname, lp_logfile(frame, lp_sub));
|
|
|
|
DEBUG(0, ("%s version %s started.\n",
|
|
progname,
|
|
samba_version_string()));
|
|
DEBUGADD(0,("%s\n", COPYRIGHT_STARTUP_MESSAGE));
|
|
|
|
reopen_logs();
|
|
|
|
(void)winbind_off();
|
|
ok = init_guest_session_info(frame);
|
|
(void)winbind_on();
|
|
if (!ok) {
|
|
DBG_ERR("init_guest_session_info failed\n");
|
|
global_messaging_context_free();
|
|
TALLOC_FREE(frame);
|
|
exit(1);
|
|
}
|
|
|
|
status = rpc_host_epm_lookup(frame, &existing_bindings);
|
|
DBG_DEBUG("rpc_host_epm_lookup returned %s, %zu bindings\n",
|
|
nt_errstr(status),
|
|
talloc_array_length(existing_bindings));
|
|
|
|
ret = rpc_host_pidfile_create(msg_ctx, progname, ready_signal_fd);
|
|
if (ret != 0) {
|
|
DBG_DEBUG("rpc_host_pidfile_create failed: %s\n",
|
|
strerror(ret));
|
|
global_messaging_context_free();
|
|
TALLOC_FREE(frame);
|
|
exit(1);
|
|
}
|
|
|
|
req = rpc_host_send(
|
|
ev_ctx,
|
|
ev_ctx,
|
|
msg_ctx,
|
|
existing_bindings,
|
|
servers,
|
|
ready_signal_fd,
|
|
cmdline_daemon_cfg->fork ? NULL : progname,
|
|
np_helper != 0);
|
|
if (req == NULL) {
|
|
DBG_ERR("rpc_host_send failed\n");
|
|
global_messaging_context_free();
|
|
TALLOC_FREE(frame);
|
|
exit(1);
|
|
}
|
|
|
|
if (!cmdline_daemon_cfg->fork) {
|
|
struct stat st;
|
|
if (fstat(0, &st) != 0) {
|
|
DBG_DEBUG("fstat(0) failed: %s\n",
|
|
strerror(errno));
|
|
global_messaging_context_free();
|
|
TALLOC_FREE(frame);
|
|
exit(1);
|
|
}
|
|
if (S_ISFIFO(st.st_mode) || S_ISSOCK(st.st_mode)) {
|
|
tevent_add_fd(
|
|
ev_ctx,
|
|
ev_ctx,
|
|
0,
|
|
TEVENT_FD_READ,
|
|
samba_dcerpcd_stdin_handler,
|
|
req);
|
|
}
|
|
}
|
|
|
|
ok = tevent_req_poll_unix(req, ev_ctx, &err);
|
|
if (!ok) {
|
|
DBG_ERR("tevent_req_poll_unix failed: %s\n",
|
|
strerror(err));
|
|
global_messaging_context_free();
|
|
TALLOC_FREE(frame);
|
|
exit(1);
|
|
}
|
|
|
|
status = rpc_host_recv(req);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
DBG_ERR("rpc_host_recv returned %s\n", nt_errstr(status));
|
|
global_messaging_context_free();
|
|
TALLOC_FREE(frame);
|
|
exit(1);
|
|
}
|
|
|
|
TALLOC_FREE(frame);
|
|
|
|
return 0;
|
|
}
|