2 * Unix SMB/CIFS implementation.
6 * Copyright (c) 2011 Andreas Schneider <asn@samba.org>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
27 #include "../lib/tsocket/tsocket.h"
28 #include "lib/server_prefork.h"
29 #include "lib/server_prefork_util.h"
30 #include "librpc/rpc/dcerpc_ep.h"
32 #include "rpc_server/rpc_server.h"
33 #include "rpc_server/rpc_ep_register.h"
34 #include "rpc_server/rpc_sock_helper.h"
36 #include "librpc/gen_ndr/srv_lsa.h"
37 #include "librpc/gen_ndr/srv_samr.h"
38 #include "librpc/gen_ndr/srv_netlogon.h"
40 #define DAEMON_NAME "lsasd"
41 #define LSASD_MAX_SOCKETS 64
43 static struct server_id parent_id;
44 static struct prefork_pool *lsasd_pool = NULL;
45 static int lsasd_child_id = 0;
47 static struct pf_daemon_config default_pf_lsasd_cfg = {
48 .prefork_status = PFH_INIT,
52 .max_allowed_clients = 100,
53 .child_min_life = 60 /* 1 minute minimum life time */
55 static struct pf_daemon_config pf_lsasd_cfg = { 0 };
57 void start_lsasd(struct tevent_context *ev_ctx,
58 struct messaging_context *msg_ctx);
60 static void lsasd_reopen_logs(int child_id)
62 char *lfile = lp_logfile();
67 rc = asprintf(&extension, "%s.%d", DAEMON_NAME, child_id);
69 rc = asprintf(&extension, "%s", DAEMON_NAME);
76 if (lfile == NULL || lfile[0] == '\0') {
77 rc = asprintf(&lfile, "%s/log.%s",
78 get_dyn_LOGFILEBASE(), extension);
80 if (strstr(lfile, extension) == NULL) {
82 rc = asprintf(&lfile, "%s.%d",
86 rc = asprintf(&lfile, "%s.%s",
94 lp_set_logfile(lfile);
103 static void lsasd_smb_conf_updated(struct messaging_context *msg,
106 struct server_id server_id,
109 struct tevent_context *ev_ctx;
111 DEBUG(10, ("Got message saying smb.conf was updated. Reloading.\n"));
112 ev_ctx = talloc_get_type_abort(private_data, struct tevent_context);
114 change_to_root_user();
115 lp_load(get_dyn_CONFIGFILE(), true, false, false, true);
117 lsasd_reopen_logs(lsasd_child_id);
118 if (lsasd_child_id == 0) {
119 pfh_daemon_config(DAEMON_NAME,
121 &default_pf_lsasd_cfg);
122 pfh_manage_pool(ev_ctx, msg, &pf_lsasd_cfg, lsasd_pool);
126 static void lsasd_sig_term_handler(struct tevent_context *ev,
127 struct tevent_signal *se,
133 rpc_netlogon_shutdown();
135 rpc_lsarpc_shutdown();
137 DEBUG(0, ("termination signal\n"));
141 static void lsasd_setup_sig_term_handler(struct tevent_context *ev_ctx)
143 struct tevent_signal *se;
145 se = tevent_add_signal(ev_ctx,
148 lsasd_sig_term_handler,
151 DEBUG(0, ("failed to setup SIGTERM handler\n"));
156 static void lsasd_sig_hup_handler(struct tevent_context *ev,
157 struct tevent_signal *se,
164 change_to_root_user();
165 lp_load(get_dyn_CONFIGFILE(), true, false, false, true);
167 lsasd_reopen_logs(lsasd_child_id);
168 pfh_daemon_config(DAEMON_NAME,
170 &default_pf_lsasd_cfg);
172 /* relay to all children */
173 prefork_send_signal_to_all(lsasd_pool, SIGHUP);
176 static void lsasd_setup_sig_hup_handler(struct tevent_context *ev_ctx)
178 struct tevent_signal *se;
180 se = tevent_add_signal(ev_ctx,
183 lsasd_sig_hup_handler,
186 DEBUG(0, ("failed to setup SIGHUP handler\n"));
191 /**********************************************************
193 **********************************************************/
195 static void lsasd_chld_sig_hup_handler(struct tevent_context *ev,
196 struct tevent_signal *se,
202 change_to_root_user();
203 lsasd_reopen_logs(lsasd_child_id);
206 static bool lsasd_setup_chld_hup_handler(struct tevent_context *ev_ctx)
208 struct tevent_signal *se;
210 se = tevent_add_signal(ev_ctx,
213 lsasd_chld_sig_hup_handler,
216 DEBUG(1, ("failed to setup SIGHUP handler"));
223 static void parent_ping(struct messaging_context *msg_ctx,
226 struct server_id server_id,
230 /* The fact we received this message is enough to let make the event
231 * loop if it was idle. lsasd_children_main will cycle through
232 * lsasd_next_client at least once. That function will take whatever
233 * action is necessary */
235 DEBUG(10, ("Got message that the parent changed status.\n"));
239 static bool lsasd_child_init(struct tevent_context *ev_ctx,
241 struct pf_worker_data *pf)
244 struct messaging_context *msg_ctx = server_messaging_context();
247 status = reinit_after_fork(msg_ctx, ev_ctx,
248 procid_self(), true);
249 if (!NT_STATUS_IS_OK(status)) {
250 DEBUG(0,("reinit_after_fork() failed\n"));
251 smb_panic("reinit_after_fork() failed");
254 lsasd_child_id = child_id;
255 lsasd_reopen_logs(child_id);
257 ok = lsasd_setup_chld_hup_handler(ev_ctx);
262 if (!serverid_register(procid_self(), FLAG_MSG_GENERAL)) {
266 messaging_register(msg_ctx, ev_ctx,
267 MSG_SMB_CONF_UPDATED, lsasd_smb_conf_updated);
268 messaging_register(msg_ctx, ev_ctx,
269 MSG_PREFORK_PARENT_EVENT, parent_ping);
271 status = rpc_lsarpc_init(NULL);
272 if (!NT_STATUS_IS_OK(status)) {
273 DEBUG(0, ("Failed to register lsarpc rpc inteface! (%s)\n",
278 status = rpc_samr_init(NULL);
279 if (!NT_STATUS_IS_OK(status)) {
280 DEBUG(0, ("Failed to register samr rpc inteface! (%s)\n",
285 status = rpc_netlogon_init(NULL);
286 if (!NT_STATUS_IS_OK(status)) {
287 DEBUG(0, ("Failed to register netlogon rpc inteface! (%s)\n",
295 struct lsasd_children_data {
296 struct tevent_context *ev_ctx;
297 struct messaging_context *msg_ctx;
298 struct pf_worker_data *pf;
303 static void lsasd_next_client(void *pvt);
305 static int lsasd_children_main(struct tevent_context *ev_ctx,
306 struct messaging_context *msg_ctx,
307 struct pf_worker_data *pf,
313 struct lsasd_children_data *data;
317 ok = lsasd_child_init(ev_ctx, child_id, pf);
322 data = talloc(ev_ctx, struct lsasd_children_data);
327 data->ev_ctx = ev_ctx;
328 data->msg_ctx = msg_ctx;
329 data->listen_fd_size = listen_fd_size;
330 data->listen_fds = listen_fds;
332 /* loop until it is time to exit */
333 while (pf->status != PF_WORKER_EXITING) {
334 /* try to see if it is time to schedule the next client */
335 lsasd_next_client(data);
337 ret = tevent_loop_once(ev_ctx);
339 DEBUG(0, ("tevent_loop_once() exited with %d: %s\n",
340 ret, strerror(errno)));
341 pf->status = PF_WORKER_EXITING;
348 static void lsasd_client_terminated(void *pvt)
350 struct lsasd_children_data *data;
352 data = talloc_get_type_abort(pvt, struct lsasd_children_data);
354 pfh_client_terminated(data->pf);
356 lsasd_next_client(pvt);
359 struct lsasd_new_client {
360 struct lsasd_children_data *data;
363 static void lsasd_handle_client(struct tevent_req *req);
365 static void lsasd_next_client(void *pvt)
367 struct tevent_req *req;
368 struct lsasd_children_data *data;
369 struct lsasd_new_client *next;
371 data = talloc_get_type_abort(pvt, struct lsasd_children_data);
373 if (!pfh_child_allowed_to_accept(data->pf)) {
374 /* nothing to do for now we are already listening
375 * or we are not allowed to listen further */
379 next = talloc_zero(data, struct lsasd_new_client);
381 DEBUG(1, ("Out of memory!?\n"));
386 req = prefork_listen_send(next,
389 data->listen_fd_size,
392 DEBUG(1, ("Failed to make listening request!?\n"));
396 tevent_req_set_callback(req, lsasd_handle_client, next);
399 static void lsasd_handle_client(struct tevent_req *req)
401 struct lsasd_children_data *data;
402 struct lsasd_new_client *client;
403 const DATA_BLOB ping = data_blob_null;
407 struct tsocket_address *srv_addr;
408 struct tsocket_address *cli_addr;
410 client = tevent_req_callback_data(req, struct lsasd_new_client);
413 tmp_ctx = talloc_stackframe();
414 if (tmp_ctx == NULL) {
415 DEBUG(1, ("Failed to allocate stackframe!\n"));
419 rc = prefork_listen_recv(req,
425 /* this will free the request too */
429 DEBUG(6, ("No client connection was available after all!\n"));
433 /* Warn parent that our status changed */
434 messaging_send(data->msg_ctx, parent_id,
435 MSG_PREFORK_CHILD_EVENT, &ping);
437 DEBUG(2, ("LSASD preforked child %d got client connection!\n",
438 (int)(data->pf->pid)));
440 if (tsocket_address_is_inet(srv_addr, "ip")) {
441 DEBUG(3, ("Got a tcpip client connection from %s on inteface %s\n",
442 tsocket_address_string(cli_addr, tmp_ctx),
443 tsocket_address_string(srv_addr, tmp_ctx)));
445 dcerpc_ncacn_accept(data->ev_ctx,
453 } else if (tsocket_address_is_unix(srv_addr)) {
456 p = tsocket_address_unix_path(srv_addr, tmp_ctx);
458 talloc_free(tmp_ctx);
462 if (strstr(p, "/np/")) {
465 named_pipe_accept_function(data->ev_ctx,
469 lsasd_client_terminated,
474 dcerpc_ncacn_accept(data->ev_ctx,
484 DEBUG(0, ("ERROR: Unsupported socket!\n"));
488 talloc_free(tmp_ctx);
495 static void child_ping(struct messaging_context *msg_ctx,
498 struct server_id server_id,
501 struct tevent_context *ev_ctx;
503 ev_ctx = talloc_get_type_abort(private_data, struct tevent_context);
505 DEBUG(10, ("Got message that a child changed status.\n"));
506 pfh_manage_pool(ev_ctx, msg_ctx, &pf_lsasd_cfg, lsasd_pool);
509 static bool lsasd_schedule_check(struct tevent_context *ev_ctx,
510 struct messaging_context *msg_ctx,
511 struct timeval current_time);
513 static void lsasd_check_children(struct tevent_context *ev_ctx,
514 struct tevent_timer *te,
515 struct timeval current_time,
518 static void lsasd_sigchld_handler(struct tevent_context *ev_ctx,
519 struct prefork_pool *pfp,
522 struct messaging_context *msg_ctx;
524 msg_ctx = talloc_get_type_abort(pvt, struct messaging_context);
526 /* run pool management so we can fork/retire or increase
527 * the allowed connections per child based on load */
528 pfh_manage_pool(ev_ctx, msg_ctx, &pf_lsasd_cfg, lsasd_pool);
531 static bool lsasd_setup_children_monitor(struct tevent_context *ev_ctx,
532 struct messaging_context *msg_ctx)
536 /* add our oun sigchld callback */
537 prefork_set_sigchld_callback(lsasd_pool, lsasd_sigchld_handler, msg_ctx);
539 ok = lsasd_schedule_check(ev_ctx, msg_ctx, tevent_timeval_current());
544 static bool lsasd_schedule_check(struct tevent_context *ev_ctx,
545 struct messaging_context *msg_ctx,
546 struct timeval current_time)
548 struct tevent_timer *te;
549 struct timeval next_event;
551 /* check situation again in 10 seconds */
552 next_event = tevent_timeval_current_ofs(10, 0);
554 /* TODO: check when the socket becomes readable, so that children
555 * are checked only when there is some activity ? */
556 te = tevent_add_timer(ev_ctx, lsasd_pool, next_event,
557 lsasd_check_children, msg_ctx);
559 DEBUG(2, ("Failed to set up children monitoring!\n"));
566 static void lsasd_check_children(struct tevent_context *ev_ctx,
567 struct tevent_timer *te,
568 struct timeval current_time,
571 struct messaging_context *msg_ctx;
573 msg_ctx = talloc_get_type_abort(pvt, struct messaging_context);
575 pfh_manage_pool(ev_ctx, msg_ctx, &pf_lsasd_cfg, lsasd_pool);
577 lsasd_schedule_check(ev_ctx, msg_ctx, current_time);
584 static bool lsasd_create_sockets(struct tevent_context *ev_ctx,
585 struct messaging_context *msg_ctx,
589 struct dcerpc_binding_vector *v, *v_orig;
597 tmp_ctx = talloc_stackframe();
598 if (tmp_ctx == NULL) {
602 status = dcerpc_binding_vector_new(tmp_ctx, &v_orig);
603 if (!NT_STATUS_IS_OK(status)) {
608 /* Create only one tcpip listener for all services */
609 status = rpc_create_tcpip_sockets(&ndr_table_lsarpc,
614 if (!NT_STATUS_IS_OK(status)) {
619 /* Start to listen on tcpip sockets */
620 for (i = 0; i < *listen_fd_size; i++) {
621 rc = listen(listen_fd[i], pf_lsasd_cfg.max_allowed_clients);
623 DEBUG(0, ("Failed to listen on tcpip socket - %s\n",
631 fd = create_named_pipe_socket("lsarpc");
636 listen_fd[*listen_fd_size] = fd;
639 rc = listen(fd, pf_lsasd_cfg.max_allowed_clients);
641 DEBUG(0, ("Failed to listen on lsarpc pipe - %s\n",
647 fd = create_named_pipe_socket("lsass");
652 listen_fd[*listen_fd_size] = fd;
655 rc = listen(fd, pf_lsasd_cfg.max_allowed_clients);
657 DEBUG(0, ("Failed to listen on lsass pipe - %s\n",
663 fd = create_dcerpc_ncalrpc_socket("lsarpc");
668 listen_fd[*listen_fd_size] = fd;
671 rc = listen(fd, pf_lsasd_cfg.max_allowed_clients);
673 DEBUG(0, ("Failed to listen on lsarpc ncalrpc - %s\n",
679 v = dcerpc_binding_vector_dup(tmp_ctx, v_orig);
685 status = dcerpc_binding_vector_replace_iface(&ndr_table_lsarpc, v);
686 if (!NT_STATUS_IS_OK(status)) {
690 status = dcerpc_binding_vector_add_np_default(&ndr_table_lsarpc, v);
691 if (!NT_STATUS_IS_OK(status)) {
696 status = dcerpc_binding_vector_add_unix(&ndr_table_lsarpc, v, "lsarpc");
697 if (!NT_STATUS_IS_OK(status)) {
702 status = rpc_ep_register(ev_ctx, msg_ctx, &ndr_table_lsarpc, v);
703 if (!NT_STATUS_IS_OK(status)) {
709 fd = create_named_pipe_socket("samr");
715 rc = listen(fd, pf_lsasd_cfg.max_allowed_clients);
717 DEBUG(0, ("Failed to listen on samr pipe - %s\n",
722 listen_fd[*listen_fd_size] = fd;
725 fd = create_dcerpc_ncalrpc_socket("samr");
730 listen_fd[*listen_fd_size] = fd;
733 rc = listen(fd, pf_lsasd_cfg.max_allowed_clients);
735 DEBUG(0, ("Failed to listen on samr ncalrpc - %s\n",
741 v = dcerpc_binding_vector_dup(tmp_ctx, v_orig);
747 status = dcerpc_binding_vector_replace_iface(&ndr_table_samr, v);
748 if (!NT_STATUS_IS_OK(status)) {
752 status = dcerpc_binding_vector_add_np_default(&ndr_table_samr, v);
753 if (!NT_STATUS_IS_OK(status)) {
758 status = dcerpc_binding_vector_add_unix(&ndr_table_lsarpc, v, "samr");
759 if (!NT_STATUS_IS_OK(status)) {
764 status = rpc_ep_register(ev_ctx, msg_ctx, &ndr_table_samr, v);
765 if (!NT_STATUS_IS_OK(status)) {
771 fd = create_named_pipe_socket("netlogon");
777 rc = listen(fd, pf_lsasd_cfg.max_allowed_clients);
779 DEBUG(0, ("Failed to listen on samr pipe - %s\n",
784 listen_fd[*listen_fd_size] = fd;
787 fd = create_dcerpc_ncalrpc_socket("netlogon");
792 listen_fd[*listen_fd_size] = fd;
795 rc = listen(fd, pf_lsasd_cfg.max_allowed_clients);
797 DEBUG(0, ("Failed to listen on netlogon ncalrpc - %s\n",
803 v = dcerpc_binding_vector_dup(tmp_ctx, v_orig);
809 status = dcerpc_binding_vector_replace_iface(&ndr_table_netlogon, v);
810 if (!NT_STATUS_IS_OK(status)) {
814 status = dcerpc_binding_vector_add_np_default(&ndr_table_netlogon, v);
815 if (!NT_STATUS_IS_OK(status)) {
820 status = dcerpc_binding_vector_add_unix(&ndr_table_lsarpc, v, "netlogon");
821 if (!NT_STATUS_IS_OK(status)) {
826 status = rpc_ep_register(ev_ctx, msg_ctx, &ndr_table_netlogon, v);
827 if (!NT_STATUS_IS_OK(status)) {
833 talloc_free(tmp_ctx);
837 void start_lsasd(struct tevent_context *ev_ctx,
838 struct messaging_context *msg_ctx)
841 int listen_fd[LSASD_MAX_SOCKETS];
842 int listen_fd_size = 0;
847 DEBUG(1, ("Forking LSA Service Daemon\n"));
850 * Block signals before forking child as it will have to
851 * set its own handlers. Child will re-enable SIGHUP as
852 * soon as the handlers are set up.
854 BlockSignals(true, SIGTERM);
855 BlockSignals(true, SIGHUP);
859 DEBUG(0, ("Failed to fork LSASD [%s], aborting ...\n",
864 /* parent or error */
867 /* Re-enable SIGHUP before returnig */
868 BlockSignals(false, SIGTERM);
869 BlockSignals(false, SIGHUP);
875 close_low_fds(false);
877 /* save the parent process id so the children can use it later */
878 parent_id = procid_self();
880 status = reinit_after_fork(msg_ctx,
882 procid_self(), true);
883 if (!NT_STATUS_IS_OK(status)) {
884 DEBUG(0,("reinit_after_fork() failed\n"));
885 smb_panic("reinit_after_fork() failed");
888 lsasd_reopen_logs(0);
889 pfh_daemon_config(DAEMON_NAME,
891 &default_pf_lsasd_cfg);
893 lsasd_setup_sig_term_handler(ev_ctx);
894 lsasd_setup_sig_hup_handler(ev_ctx);
896 BlockSignals(false, SIGTERM);
897 BlockSignals(false, SIGHUP);
899 ok = lsasd_create_sockets(ev_ctx, msg_ctx, listen_fd, &listen_fd_size);
904 /* start children before any more initialization is done */
905 ok = prefork_create_pool(ev_ctx, /* mem_ctx */
910 pf_lsasd_cfg.min_children,
911 pf_lsasd_cfg.max_children,
912 &lsasd_children_main,
919 if (!serverid_register(procid_self(), FLAG_MSG_GENERAL)) {
923 messaging_register(msg_ctx,
925 MSG_SMB_CONF_UPDATED,
926 lsasd_smb_conf_updated);
927 messaging_register(msg_ctx, ev_ctx,
928 MSG_PREFORK_CHILD_EVENT, child_ping);
930 status = rpc_lsarpc_init(NULL);
931 if (!NT_STATUS_IS_OK(status)) {
932 DEBUG(0, ("Failed to register winreg rpc inteface! (%s)\n",
937 status = rpc_samr_init(NULL);
938 if (!NT_STATUS_IS_OK(status)) {
939 DEBUG(0, ("Failed to register lsasd rpc inteface! (%s)\n",
944 status = rpc_netlogon_init(NULL);
945 if (!NT_STATUS_IS_OK(status)) {
946 DEBUG(0, ("Failed to register lsasd rpc inteface! (%s)\n",
951 ok = lsasd_setup_children_monitor(ev_ctx, msg_ctx);
953 DEBUG(0, ("Failed to setup children monitoring!\n"));
957 DEBUG(1, ("LSASD Daemon Started (%d)\n", getpid()));
960 rc = tevent_loop_wait(ev_ctx);
962 /* should not be reached */
963 DEBUG(0,("lsasd: tevent_loop_wait() exited with %d - %s\n",
964 rc, (rc == 0) ? "out of events" : strerror(errno)));
git.samba.org / kai / samba.git / blob