2 Unix SMB/CIFS implementation.
4 Winbind daemon for ntdom nss module
6 Copyright (C) by Tim Potter 2000-2002
7 Copyright (C) Andrew Tridgell 2002
8 Copyright (C) Jelmer Vernooij 2003
9 Copyright (C) Volker Lendecke 2004
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "popt_common.h"
28 #include "nsswitch/winbind_client.h"
29 #include "nsswitch/wb_reqtrans.h"
31 #include "../librpc/gen_ndr/srv_lsa.h"
32 #include "../librpc/gen_ndr/srv_samr.h"
35 #include "lib/addrchange.h"
39 #include "../lib/util/pidfile.h"
42 #define DBGC_CLASS DBGC_WINBIND
44 static bool client_is_idle(struct winbindd_cli_state *state);
45 static void remove_client(struct winbindd_cli_state *state);
47 static bool opt_nocache = False;
48 static bool interactive = False;
50 extern bool override_logfile;
52 struct tevent_context *winbind_event_context(void)
54 static struct tevent_context *ev = NULL;
61 * Note we MUST use the NULL context here, not the autofree context,
62 * to avoid side effects in forked children exiting.
64 ev = samba_tevent_context_init(NULL);
66 smb_panic("Could not init winbindd's messaging context.\n");
71 struct messaging_context *winbind_messaging_context(void)
73 static struct messaging_context *msg = NULL;
80 * Note we MUST use the NULL context here, not the autofree context,
81 * to avoid side effects in forked children exiting.
83 msg = messaging_init(NULL, winbind_event_context());
85 smb_panic("Could not init winbindd's messaging context.\n");
90 /* Reload configuration */
92 static bool reload_services_file(const char *lfile)
97 char *fname = lp_configfile(talloc_tos());
99 if (file_exist(fname) && !strcsequal(fname,get_dyn_CONFIGFILE())) {
100 set_dyn_CONFIGFILE(fname);
105 /* if this is a child, restore the logfile to the special
106 name - <domain>, idmap, etc. */
107 if (lfile && *lfile) {
108 lp_set_logfile(lfile);
112 ret = lp_load_global(get_dyn_CONFIGFILE());
121 static void winbindd_status(void)
123 struct winbindd_cli_state *tmp;
125 DEBUG(0, ("winbindd status:\n"));
127 /* Print client state information */
129 DEBUG(0, ("\t%d clients currently active\n", winbindd_num_clients()));
131 if (DEBUGLEVEL >= 2 && winbindd_num_clients()) {
132 DEBUG(2, ("\tclient list:\n"));
133 for(tmp = winbindd_client_list(); tmp; tmp = tmp->next) {
134 DEBUGADD(2, ("\t\tpid %lu, sock %d (%s)\n",
135 (unsigned long)tmp->pid, tmp->sock,
136 client_is_idle(tmp) ? "idle" : "active"));
141 /* Flush client cache */
143 static void flush_caches(void)
145 /* We need to invalidate cached user list entries on a SIGHUP
146 otherwise cached access denied errors due to restrict anonymous
147 hang around until the sequence number changes. */
149 if (!wcache_invalidate_cache()) {
150 DEBUG(0, ("invalidating the cache failed; revalidate the cache\n"));
151 if (!winbindd_cache_validate_and_initialize()) {
157 static void flush_caches_noinit(void)
160 * We need to invalidate cached user list entries on a SIGHUP
161 * otherwise cached access denied errors due to restrict anonymous
162 * hang around until the sequence number changes.
164 * Skip uninitialized domains when flush cache.
165 * If domain is not initialized, it means it is never
166 * used or never become online. look, wcache_invalidate_cache()
167 * -> get_cache() -> init_dc_connection(). It causes a lot of traffic
168 * for unused domains and large traffic for primay domain's DC if there
172 if (!wcache_invalidate_cache_noinit()) {
173 DEBUG(0, ("invalidating the cache failed; revalidate the cache\n"));
174 if (!winbindd_cache_validate_and_initialize()) {
180 /* Handle the signal by unlinking socket and exiting */
182 static void terminate(bool is_parent)
185 /* When parent goes away we should
186 * remove the socket file. Not so
187 * when children terminate.
191 if (asprintf(&path, "%s/%s",
192 get_winbind_pipe_dir(), WINBINDD_SOCKET_NAME) > 0) {
200 trustdom_cache_shutdown();
202 gencache_stabilize();
206 TALLOC_CTX *mem_ctx = talloc_init("end_description");
207 char *description = talloc_describe_all(mem_ctx);
209 DEBUG(3, ("tallocs left:\n%s\n", description));
210 talloc_destroy(mem_ctx);
215 struct messaging_context *msg = winbind_messaging_context();
216 struct server_id self = messaging_server_id(msg);
217 serverid_deregister(self);
218 pidfile_unlink(lp_piddir(), "winbindd");
224 static void winbindd_sig_term_handler(struct tevent_context *ev,
225 struct tevent_signal *se,
231 bool *is_parent = talloc_get_type_abort(private_data, bool);
233 DEBUG(0,("Got sig[%d] terminate (is_parent=%d)\n",
234 signum, (int)*is_parent));
235 terminate(*is_parent);
239 handle stdin becoming readable when we are in --foreground mode
241 static void winbindd_stdin_handler(struct tevent_context *ev,
242 struct tevent_fd *fde,
247 if (read(0, &c, 1) != 1) {
248 bool *is_parent = talloc_get_type_abort(private_data, bool);
250 /* we have reached EOF on stdin, which means the
251 parent has exited. Shutdown the server */
252 DEBUG(0,("EOF on stdin (is_parent=%d)\n",
254 terminate(*is_parent);
258 bool winbindd_setup_sig_term_handler(bool parent)
260 struct tevent_signal *se;
263 is_parent = talloc(winbind_event_context(), bool);
270 se = tevent_add_signal(winbind_event_context(),
273 winbindd_sig_term_handler,
276 DEBUG(0,("failed to setup SIGTERM handler"));
277 talloc_free(is_parent);
281 se = tevent_add_signal(winbind_event_context(),
284 winbindd_sig_term_handler,
287 DEBUG(0,("failed to setup SIGINT handler"));
288 talloc_free(is_parent);
292 se = tevent_add_signal(winbind_event_context(),
295 winbindd_sig_term_handler,
298 DEBUG(0,("failed to setup SIGINT handler"));
299 talloc_free(is_parent);
306 bool winbindd_setup_stdin_handler(bool parent, bool foreground)
311 is_parent = talloc(winbind_event_context(), bool);
318 /* if we are running in the foreground then look for
319 EOF on stdin, and exit if it happens. This allows
320 us to die if the parent process dies
322 tevent_add_fd(winbind_event_context(), is_parent, 0, TEVENT_FD_READ, winbindd_stdin_handler, is_parent);
328 static void winbindd_sig_hup_handler(struct tevent_context *ev,
329 struct tevent_signal *se,
335 const char *file = (const char *)private_data;
337 DEBUG(1,("Reloading services after SIGHUP\n"));
338 flush_caches_noinit();
339 reload_services_file(file);
342 bool winbindd_setup_sig_hup_handler(const char *lfile)
344 struct tevent_signal *se;
348 file = talloc_strdup(winbind_event_context(),
355 se = tevent_add_signal(winbind_event_context(),
356 winbind_event_context(),
358 winbindd_sig_hup_handler,
367 static void winbindd_sig_chld_handler(struct tevent_context *ev,
368 struct tevent_signal *se,
376 while ((pid = sys_waitpid(-1, NULL, WNOHANG)) > 0) {
377 winbind_child_died(pid);
381 static bool winbindd_setup_sig_chld_handler(void)
383 struct tevent_signal *se;
385 se = tevent_add_signal(winbind_event_context(),
386 winbind_event_context(),
388 winbindd_sig_chld_handler,
397 static void winbindd_sig_usr2_handler(struct tevent_context *ev,
398 struct tevent_signal *se,
407 static bool winbindd_setup_sig_usr2_handler(void)
409 struct tevent_signal *se;
411 se = tevent_add_signal(winbind_event_context(),
412 winbind_event_context(),
414 winbindd_sig_usr2_handler,
423 /* React on 'smbcontrol winbindd reload-config' in the same way as on SIGHUP*/
424 static void msg_reload_services(struct messaging_context *msg,
427 struct server_id server_id,
430 /* Flush various caches */
432 reload_services_file((const char *) private_data);
435 /* React on 'smbcontrol winbindd shutdown' in the same way as on SIGTERM*/
436 static void msg_shutdown(struct messaging_context *msg,
439 struct server_id server_id,
442 /* only the parent waits for this message */
443 DEBUG(0,("Got shutdown message\n"));
448 static void winbind_msg_validate_cache(struct messaging_context *msg_ctx,
451 struct server_id server_id,
458 DEBUG(10, ("winbindd_msg_validate_cache: got validate-cache "
462 * call the validation code from a child:
463 * so we don't block the main winbindd and the validation
464 * code can safely use fork/waitpid...
468 if (child_pid == -1) {
469 DEBUG(1, ("winbind_msg_validate_cache: Could not fork: %s\n",
474 if (child_pid != 0) {
476 DEBUG(5, ("winbind_msg_validate_cache: child created with "
477 "pid %d.\n", (int)child_pid));
483 status = winbindd_reinit_after_fork(NULL, NULL);
484 if (!NT_STATUS_IS_OK(status)) {
485 DEBUG(1, ("winbindd_reinit_after_fork failed: %s\n",
490 /* install default SIGCHLD handler: validation code uses fork/waitpid */
491 CatchSignal(SIGCHLD, SIG_DFL);
493 ret = (uint8)winbindd_validate_cache_nobackup();
494 DEBUG(10, ("winbindd_msg_validata_cache: got return value %d\n", ret));
495 messaging_send_buf(msg_ctx, server_id, MSG_WINBIND_VALIDATE_CACHE, &ret,
500 static struct winbindd_dispatch_table {
501 enum winbindd_cmd cmd;
502 void (*fn)(struct winbindd_cli_state *state);
503 const char *winbindd_cmd_name;
504 } dispatch_table[] = {
506 /* Enumeration functions */
508 { WINBINDD_LIST_TRUSTDOM, winbindd_list_trusted_domains,
513 { WINBINDD_INFO, winbindd_info, "INFO" },
514 { WINBINDD_INTERFACE_VERSION, winbindd_interface_version,
515 "INTERFACE_VERSION" },
516 { WINBINDD_DOMAIN_NAME, winbindd_domain_name, "DOMAIN_NAME" },
517 { WINBINDD_DOMAIN_INFO, winbindd_domain_info, "DOMAIN_INFO" },
518 { WINBINDD_DC_INFO, winbindd_dc_info, "DC_INFO" },
519 { WINBINDD_NETBIOS_NAME, winbindd_netbios_name, "NETBIOS_NAME" },
520 { WINBINDD_PRIV_PIPE_DIR, winbindd_priv_pipe_dir,
521 "WINBINDD_PRIV_PIPE_DIR" },
523 /* Credential cache access */
524 { WINBINDD_CCACHE_NTLMAUTH, winbindd_ccache_ntlm_auth, "NTLMAUTH" },
525 { WINBINDD_CCACHE_SAVE, winbindd_ccache_save, "CCACHE_SAVE" },
529 { WINBINDD_NUM_CMDS, NULL, "NONE" }
532 struct winbindd_async_dispatch_table {
533 enum winbindd_cmd cmd;
534 const char *cmd_name;
535 struct tevent_req *(*send_req)(TALLOC_CTX *mem_ctx,
536 struct tevent_context *ev,
537 struct winbindd_cli_state *cli,
538 struct winbindd_request *request);
539 NTSTATUS (*recv_req)(struct tevent_req *req,
540 struct winbindd_response *presp);
543 static struct winbindd_async_dispatch_table async_nonpriv_table[] = {
544 { WINBINDD_PING, "PING",
545 wb_ping_send, wb_ping_recv },
546 { WINBINDD_LOOKUPSID, "LOOKUPSID",
547 winbindd_lookupsid_send, winbindd_lookupsid_recv },
548 { WINBINDD_LOOKUPSIDS, "LOOKUPSIDS",
549 winbindd_lookupsids_send, winbindd_lookupsids_recv },
550 { WINBINDD_LOOKUPNAME, "LOOKUPNAME",
551 winbindd_lookupname_send, winbindd_lookupname_recv },
552 { WINBINDD_SID_TO_UID, "SID_TO_UID",
553 winbindd_sid_to_uid_send, winbindd_sid_to_uid_recv },
554 { WINBINDD_SID_TO_GID, "SID_TO_GID",
555 winbindd_sid_to_gid_send, winbindd_sid_to_gid_recv },
556 { WINBINDD_UID_TO_SID, "UID_TO_SID",
557 winbindd_uid_to_sid_send, winbindd_uid_to_sid_recv },
558 { WINBINDD_GID_TO_SID, "GID_TO_SID",
559 winbindd_gid_to_sid_send, winbindd_gid_to_sid_recv },
560 { WINBINDD_SIDS_TO_XIDS, "SIDS_TO_XIDS",
561 winbindd_sids_to_xids_send, winbindd_sids_to_xids_recv },
562 { WINBINDD_GETPWSID, "GETPWSID",
563 winbindd_getpwsid_send, winbindd_getpwsid_recv },
564 { WINBINDD_GETPWNAM, "GETPWNAM",
565 winbindd_getpwnam_send, winbindd_getpwnam_recv },
566 { WINBINDD_GETPWUID, "GETPWUID",
567 winbindd_getpwuid_send, winbindd_getpwuid_recv },
568 { WINBINDD_GETSIDALIASES, "GETSIDALIASES",
569 winbindd_getsidaliases_send, winbindd_getsidaliases_recv },
570 { WINBINDD_GETUSERDOMGROUPS, "GETUSERDOMGROUPS",
571 winbindd_getuserdomgroups_send, winbindd_getuserdomgroups_recv },
572 { WINBINDD_GETGROUPS, "GETGROUPS",
573 winbindd_getgroups_send, winbindd_getgroups_recv },
574 { WINBINDD_SHOW_SEQUENCE, "SHOW_SEQUENCE",
575 winbindd_show_sequence_send, winbindd_show_sequence_recv },
576 { WINBINDD_GETGRGID, "GETGRGID",
577 winbindd_getgrgid_send, winbindd_getgrgid_recv },
578 { WINBINDD_GETGRNAM, "GETGRNAM",
579 winbindd_getgrnam_send, winbindd_getgrnam_recv },
580 { WINBINDD_GETUSERSIDS, "GETUSERSIDS",
581 winbindd_getusersids_send, winbindd_getusersids_recv },
582 { WINBINDD_LOOKUPRIDS, "LOOKUPRIDS",
583 winbindd_lookuprids_send, winbindd_lookuprids_recv },
584 { WINBINDD_SETPWENT, "SETPWENT",
585 winbindd_setpwent_send, winbindd_setpwent_recv },
586 { WINBINDD_GETPWENT, "GETPWENT",
587 winbindd_getpwent_send, winbindd_getpwent_recv },
588 { WINBINDD_ENDPWENT, "ENDPWENT",
589 winbindd_endpwent_send, winbindd_endpwent_recv },
590 { WINBINDD_DSGETDCNAME, "DSGETDCNAME",
591 winbindd_dsgetdcname_send, winbindd_dsgetdcname_recv },
592 { WINBINDD_GETDCNAME, "GETDCNAME",
593 winbindd_getdcname_send, winbindd_getdcname_recv },
594 { WINBINDD_SETGRENT, "SETGRENT",
595 winbindd_setgrent_send, winbindd_setgrent_recv },
596 { WINBINDD_GETGRENT, "GETGRENT",
597 winbindd_getgrent_send, winbindd_getgrent_recv },
598 { WINBINDD_ENDGRENT, "ENDGRENT",
599 winbindd_endgrent_send, winbindd_endgrent_recv },
600 { WINBINDD_LIST_USERS, "LIST_USERS",
601 winbindd_list_users_send, winbindd_list_users_recv },
602 { WINBINDD_LIST_GROUPS, "LIST_GROUPS",
603 winbindd_list_groups_send, winbindd_list_groups_recv },
604 { WINBINDD_CHECK_MACHACC, "CHECK_MACHACC",
605 winbindd_check_machine_acct_send, winbindd_check_machine_acct_recv },
606 { WINBINDD_PING_DC, "PING_DC",
607 winbindd_ping_dc_send, winbindd_ping_dc_recv },
608 { WINBINDD_PAM_AUTH, "PAM_AUTH",
609 winbindd_pam_auth_send, winbindd_pam_auth_recv },
610 { WINBINDD_PAM_LOGOFF, "PAM_LOGOFF",
611 winbindd_pam_logoff_send, winbindd_pam_logoff_recv },
612 { WINBINDD_PAM_CHAUTHTOK, "PAM_CHAUTHTOK",
613 winbindd_pam_chauthtok_send, winbindd_pam_chauthtok_recv },
614 { WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP, "PAM_CHNG_PSWD_AUTH_CRAP",
615 winbindd_pam_chng_pswd_auth_crap_send,
616 winbindd_pam_chng_pswd_auth_crap_recv },
617 { WINBINDD_WINS_BYIP, "WINS_BYIP",
618 winbindd_wins_byip_send, winbindd_wins_byip_recv },
619 { WINBINDD_WINS_BYNAME, "WINS_BYNAME",
620 winbindd_wins_byname_send, winbindd_wins_byname_recv },
622 { 0, NULL, NULL, NULL }
625 static struct winbindd_async_dispatch_table async_priv_table[] = {
626 { WINBINDD_ALLOCATE_UID, "ALLOCATE_UID",
627 winbindd_allocate_uid_send, winbindd_allocate_uid_recv },
628 { WINBINDD_ALLOCATE_GID, "ALLOCATE_GID",
629 winbindd_allocate_gid_send, winbindd_allocate_gid_recv },
630 { WINBINDD_CHANGE_MACHACC, "CHANGE_MACHACC",
631 winbindd_change_machine_acct_send, winbindd_change_machine_acct_recv },
632 { WINBINDD_PAM_AUTH_CRAP, "PAM_AUTH_CRAP",
633 winbindd_pam_auth_crap_send, winbindd_pam_auth_crap_recv },
635 { 0, NULL, NULL, NULL }
638 static void wb_request_done(struct tevent_req *req);
640 static void process_request(struct winbindd_cli_state *state)
642 struct winbindd_dispatch_table *table = dispatch_table;
643 struct winbindd_async_dispatch_table *atable;
645 state->mem_ctx = talloc_named(state, 0, "winbind request");
646 if (state->mem_ctx == NULL)
649 /* Remember who asked us. */
650 state->pid = state->request->pid;
652 state->cmd_name = "unknown request";
653 state->recv_fn = NULL;
654 state->last_access = time(NULL);
656 /* Process command */
658 for (atable = async_nonpriv_table; atable->send_req; atable += 1) {
659 if (state->request->cmd == atable->cmd) {
664 if ((atable->send_req == NULL) && state->privileged) {
665 for (atable = async_priv_table; atable->send_req;
667 if (state->request->cmd == atable->cmd) {
673 if (atable->send_req != NULL) {
674 struct tevent_req *req;
676 state->cmd_name = atable->cmd_name;
677 state->recv_fn = atable->recv_req;
679 DEBUG(10, ("process_request: Handling async request %d:%s\n",
680 (int)state->pid, state->cmd_name));
682 req = atable->send_req(state->mem_ctx, winbind_event_context(),
683 state, state->request);
685 DEBUG(0, ("process_request: atable->send failed for "
686 "%s\n", atable->cmd_name));
687 request_error(state);
690 tevent_req_set_callback(req, wb_request_done, state);
694 state->response = talloc_zero(state->mem_ctx,
695 struct winbindd_response);
696 if (state->response == NULL) {
697 DEBUG(10, ("talloc failed\n"));
698 remove_client(state);
701 state->response->result = WINBINDD_PENDING;
702 state->response->length = sizeof(struct winbindd_response);
704 for (table = dispatch_table; table->fn; table++) {
705 if (state->request->cmd == table->cmd) {
706 DEBUG(10,("process_request: request fn %s\n",
707 table->winbindd_cmd_name ));
708 state->cmd_name = table->winbindd_cmd_name;
715 DEBUG(10,("process_request: unknown request fn number %d\n",
716 (int)state->request->cmd ));
717 request_error(state);
721 static void wb_request_done(struct tevent_req *req)
723 struct winbindd_cli_state *state = tevent_req_callback_data(
724 req, struct winbindd_cli_state);
727 state->response = talloc_zero(state->mem_ctx,
728 struct winbindd_response);
729 if (state->response == NULL) {
730 DEBUG(0, ("wb_request_done[%d:%s]: talloc_zero failed - removing client\n",
731 (int)state->pid, state->cmd_name));
732 remove_client(state);
735 state->response->result = WINBINDD_PENDING;
736 state->response->length = sizeof(struct winbindd_response);
738 status = state->recv_fn(req, state->response);
741 DEBUG(10,("wb_request_done[%d:%s]: %s\n",
742 (int)state->pid, state->cmd_name, nt_errstr(status)));
744 if (!NT_STATUS_IS_OK(status)) {
745 request_error(state);
752 * This is the main event loop of winbind requests. It goes through a
753 * state-machine of 3 read/write requests, 4 if you have extra data to send.
755 * An idle winbind client has a read request of 4 bytes outstanding,
756 * finalizing function is request_len_recv, checking the length. request_recv
757 * then processes the packet. The processing function then at some point has
758 * to call request_finished which schedules sending the response.
761 static void request_finished(struct winbindd_cli_state *state);
763 static void winbind_client_request_read(struct tevent_req *req);
764 static void winbind_client_response_written(struct tevent_req *req);
766 static void request_finished(struct winbindd_cli_state *state)
768 struct tevent_req *req;
770 TALLOC_FREE(state->request);
772 req = wb_resp_write_send(state, winbind_event_context(),
773 state->out_queue, state->sock,
776 DEBUG(10,("request_finished[%d:%s]: wb_resp_write_send() failed\n",
777 (int)state->pid, state->cmd_name));
778 remove_client(state);
781 tevent_req_set_callback(req, winbind_client_response_written, state);
784 static void winbind_client_response_written(struct tevent_req *req)
786 struct winbindd_cli_state *state = tevent_req_callback_data(
787 req, struct winbindd_cli_state);
791 ret = wb_resp_write_recv(req, &err);
796 DEBUG(2, ("Could not write response[%d:%s] to client: %s\n",
797 (int)state->pid, state->cmd_name, strerror(err)));
798 remove_client(state);
802 DEBUG(10,("winbind_client_response_written[%d:%s]: delivered response "
803 "to client\n", (int)state->pid, state->cmd_name));
805 TALLOC_FREE(state->mem_ctx);
806 state->response = NULL;
807 state->cmd_name = "no request";
808 state->recv_fn = NULL;
810 req = wb_req_read_send(state, winbind_event_context(), state->sock,
811 WINBINDD_MAX_EXTRA_DATA);
813 remove_client(state);
816 tevent_req_set_callback(req, winbind_client_request_read, state);
819 void request_error(struct winbindd_cli_state *state)
821 SMB_ASSERT(state->response->result == WINBINDD_PENDING);
822 state->response->result = WINBINDD_ERROR;
823 request_finished(state);
826 void request_ok(struct winbindd_cli_state *state)
828 SMB_ASSERT(state->response->result == WINBINDD_PENDING);
829 state->response->result = WINBINDD_OK;
830 request_finished(state);
833 /* Process a new connection by adding it to the client connection list */
835 static void new_connection(int listen_sock, bool privileged)
837 struct sockaddr_un sunaddr;
838 struct winbindd_cli_state *state;
839 struct tevent_req *req;
843 /* Accept connection */
845 len = sizeof(sunaddr);
847 sock = accept(listen_sock, (struct sockaddr *)(void *)&sunaddr, &len);
850 if (errno != EINTR) {
851 DEBUG(0, ("Failed to accept socket - %s\n",
857 DEBUG(6,("accepted socket %d\n", sock));
859 /* Create new connection structure */
861 if ((state = talloc_zero(NULL, struct winbindd_cli_state)) == NULL) {
868 state->out_queue = tevent_queue_create(state, "winbind client reply");
869 if (state->out_queue == NULL) {
875 state->last_access = time(NULL);
877 state->privileged = privileged;
879 req = wb_req_read_send(state, winbind_event_context(), state->sock,
880 WINBINDD_MAX_EXTRA_DATA);
886 tevent_req_set_callback(req, winbind_client_request_read, state);
888 /* Add to connection list */
890 winbindd_add_client(state);
893 static void winbind_client_request_read(struct tevent_req *req)
895 struct winbindd_cli_state *state = tevent_req_callback_data(
896 req, struct winbindd_cli_state);
900 ret = wb_req_read_recv(req, state, &state->request, &err);
904 DEBUG(6, ("closing socket %d, client exited\n",
907 DEBUG(2, ("Could not read client request from fd %d: "
908 "%s\n", state->sock, strerror(err)));
912 remove_client(state);
915 process_request(state);
918 /* Remove a client connection from client connection list */
920 static void remove_client(struct winbindd_cli_state *state)
925 /* It's a dead client - hold a funeral */
931 if (state->sock != -1) {
932 /* tell client, we are closing ... */
933 nwritten = write(state->sock, &c, sizeof(c));
934 if (nwritten == -1) {
935 DEBUG(2, ("final write to client failed: %s\n",
945 TALLOC_FREE(state->mem_ctx);
947 /* Remove from list and free */
949 winbindd_remove_client(state);
953 /* Is a client idle? */
955 static bool client_is_idle(struct winbindd_cli_state *state) {
956 return (state->request == NULL &&
957 state->response == NULL &&
958 !state->pwent_state && !state->grent_state);
961 /* Shutdown client connection which has been idle for the longest time */
963 static bool remove_idle_client(void)
965 struct winbindd_cli_state *state, *remove_state = NULL;
966 time_t last_access = 0;
969 for (state = winbindd_client_list(); state; state = state->next) {
970 if (client_is_idle(state)) {
972 if (!last_access || state->last_access < last_access) {
973 last_access = state->last_access;
974 remove_state = state;
980 DEBUG(5,("Found %d idle client connections, shutting down sock %d, pid %u\n",
981 nidle, remove_state->sock, (unsigned int)remove_state->pid));
982 remove_client(remove_state);
989 struct winbindd_listen_state {
994 static void winbindd_listen_fde_handler(struct tevent_context *ev,
995 struct tevent_fd *fde,
999 struct winbindd_listen_state *s = talloc_get_type_abort(private_data,
1000 struct winbindd_listen_state);
1002 while (winbindd_num_clients() > lp_winbind_max_clients() - 1) {
1003 DEBUG(5,("winbindd: Exceeding %d client "
1004 "connections, removing idle "
1005 "connection.\n", lp_winbind_max_clients()));
1006 if (!remove_idle_client()) {
1007 DEBUG(0,("winbindd: Exceeding %d "
1008 "client connections, no idle "
1009 "connection found\n",
1010 lp_winbind_max_clients()));
1014 new_connection(s->fd, s->privileged);
1018 * Winbindd socket accessor functions
1021 const char *get_winbind_pipe_dir(void)
1023 return lp_parm_const_string(-1, "winbindd", "socket dir", get_dyn_WINBINDD_SOCKET_DIR());
1026 char *get_winbind_priv_pipe_dir(void)
1028 return state_path(WINBINDD_PRIV_SOCKET_SUBDIR);
1031 static bool winbindd_setup_listeners(void)
1033 struct winbindd_listen_state *pub_state = NULL;
1034 struct winbindd_listen_state *priv_state = NULL;
1035 struct tevent_fd *fde;
1038 pub_state = talloc(winbind_event_context(),
1039 struct winbindd_listen_state);
1044 pub_state->privileged = false;
1045 pub_state->fd = create_pipe_sock(
1046 get_winbind_pipe_dir(), WINBINDD_SOCKET_NAME, 0755);
1047 if (pub_state->fd == -1) {
1050 rc = listen(pub_state->fd, 5);
1055 fde = tevent_add_fd(winbind_event_context(), pub_state, pub_state->fd,
1056 TEVENT_FD_READ, winbindd_listen_fde_handler,
1059 close(pub_state->fd);
1062 tevent_fd_set_auto_close(fde);
1064 priv_state = talloc(winbind_event_context(),
1065 struct winbindd_listen_state);
1070 priv_state->privileged = true;
1071 priv_state->fd = create_pipe_sock(
1072 get_winbind_priv_pipe_dir(), WINBINDD_SOCKET_NAME, 0750);
1073 if (priv_state->fd == -1) {
1076 rc = listen(priv_state->fd, 5);
1081 fde = tevent_add_fd(winbind_event_context(), priv_state,
1082 priv_state->fd, TEVENT_FD_READ,
1083 winbindd_listen_fde_handler, priv_state);
1085 close(priv_state->fd);
1088 tevent_fd_set_auto_close(fde);
1092 TALLOC_FREE(pub_state);
1093 TALLOC_FREE(priv_state);
1097 bool winbindd_use_idmap_cache(void)
1099 return !opt_nocache;
1102 bool winbindd_use_cache(void)
1104 return !opt_nocache;
1107 static void winbindd_register_handlers(struct messaging_context *msg_ctx,
1110 /* Setup signal handlers */
1112 if (!winbindd_setup_sig_term_handler(true))
1114 if (!winbindd_setup_stdin_handler(true, foreground))
1116 if (!winbindd_setup_sig_hup_handler(NULL))
1118 if (!winbindd_setup_sig_chld_handler())
1120 if (!winbindd_setup_sig_usr2_handler())
1123 CatchSignal(SIGPIPE, SIG_IGN); /* Ignore sigpipe */
1126 * Ensure all cache and idmap caches are consistent
1127 * and initialized before we startup.
1129 if (!winbindd_cache_validate_and_initialize()) {
1133 /* get broadcast messages */
1135 if (!serverid_register(messaging_server_id(msg_ctx),
1139 DEBUG(1, ("Could not register myself in serverid.tdb\n"));
1143 /* React on 'smbcontrol winbindd reload-config' in the same way
1144 as to SIGHUP signal */
1145 messaging_register(msg_ctx, NULL,
1146 MSG_SMB_CONF_UPDATED, msg_reload_services);
1147 messaging_register(msg_ctx, NULL,
1148 MSG_SHUTDOWN, msg_shutdown);
1150 /* Handle online/offline messages. */
1151 messaging_register(msg_ctx, NULL,
1152 MSG_WINBIND_OFFLINE, winbind_msg_offline);
1153 messaging_register(msg_ctx, NULL,
1154 MSG_WINBIND_ONLINE, winbind_msg_online);
1155 messaging_register(msg_ctx, NULL,
1156 MSG_WINBIND_ONLINESTATUS, winbind_msg_onlinestatus);
1158 messaging_register(msg_ctx, NULL,
1159 MSG_DUMP_EVENT_LIST, winbind_msg_dump_event_list);
1161 messaging_register(msg_ctx, NULL,
1162 MSG_WINBIND_VALIDATE_CACHE,
1163 winbind_msg_validate_cache);
1165 messaging_register(msg_ctx, NULL,
1166 MSG_WINBIND_DUMP_DOMAIN_LIST,
1167 winbind_msg_dump_domain_list);
1169 messaging_register(msg_ctx, NULL,
1170 MSG_WINBIND_IP_DROPPED,
1171 winbind_msg_ip_dropped_parent);
1173 /* Register handler for MSG_DEBUG. */
1174 messaging_register(msg_ctx, NULL,
1178 netsamlogon_cache_init(); /* Non-critical */
1180 /* clear the cached list of trusted domains */
1184 if (!init_domain_list()) {
1185 DEBUG(0,("unable to initialize domain list\n"));
1190 init_locator_child();
1192 smb_nscd_flush_user_cache();
1193 smb_nscd_flush_group_cache();
1195 if (lp_allow_trusted_domains()) {
1196 if (tevent_add_timer(winbind_event_context(), NULL, timeval_zero(),
1197 rescan_trusted_domains, NULL) == NULL) {
1198 DEBUG(0, ("Could not trigger rescan_trusted_domains()\n"));
1205 struct winbindd_addrchanged_state {
1206 struct addrchange_context *ctx;
1207 struct tevent_context *ev;
1208 struct messaging_context *msg_ctx;
1211 static void winbindd_addr_changed(struct tevent_req *req);
1213 static void winbindd_init_addrchange(TALLOC_CTX *mem_ctx,
1214 struct tevent_context *ev,
1215 struct messaging_context *msg_ctx)
1217 struct winbindd_addrchanged_state *state;
1218 struct tevent_req *req;
1221 state = talloc(mem_ctx, struct winbindd_addrchanged_state);
1222 if (state == NULL) {
1223 DEBUG(10, ("talloc failed\n"));
1227 state->msg_ctx = msg_ctx;
1229 status = addrchange_context_create(state, &state->ctx);
1230 if (!NT_STATUS_IS_OK(status)) {
1231 DEBUG(10, ("addrchange_context_create failed: %s\n",
1232 nt_errstr(status)));
1236 req = addrchange_send(state, ev, state->ctx);
1238 DEBUG(0, ("addrchange_send failed\n"));
1242 tevent_req_set_callback(req, winbindd_addr_changed, state);
1245 static void winbindd_addr_changed(struct tevent_req *req)
1247 struct winbindd_addrchanged_state *state = tevent_req_callback_data(
1248 req, struct winbindd_addrchanged_state);
1249 enum addrchange_type type;
1250 struct sockaddr_storage addr;
1253 status = addrchange_recv(req, &type, &addr);
1255 if (!NT_STATUS_IS_OK(status)) {
1256 DEBUG(10, ("addrchange_recv failed: %s, stop listening\n",
1257 nt_errstr(status)));
1261 if (type == ADDRCHANGE_DEL) {
1262 char addrstr[INET6_ADDRSTRLEN];
1265 print_sockaddr(addrstr, sizeof(addrstr), &addr);
1267 DEBUG(3, ("winbindd: kernel (AF_NETLINK) dropped ip %s\n",
1270 blob = data_blob_const(addrstr, strlen(addrstr)+1);
1272 status = messaging_send(state->msg_ctx,
1273 messaging_server_id(state->msg_ctx),
1274 MSG_WINBIND_IP_DROPPED, &blob);
1275 if (!NT_STATUS_IS_OK(status)) {
1276 DEBUG(10, ("messaging_send failed: %s - ignoring\n",
1277 nt_errstr(status)));
1280 req = addrchange_send(state, state->ev, state->ctx);
1282 DEBUG(0, ("addrchange_send failed\n"));
1286 tevent_req_set_callback(req, winbindd_addr_changed, state);
1291 int main(int argc, char **argv, char **envp)
1293 static bool is_daemon = False;
1294 static bool Fork = True;
1295 static bool log_stdout = False;
1296 static bool no_process_group = False;
1300 OPT_NO_PROCESS_GROUP,
1303 struct poptOption long_options[] = {
1305 { "stdout", 'S', POPT_ARG_NONE, NULL, OPT_LOG_STDOUT, "Log to stdout" },
1306 { "foreground", 'F', POPT_ARG_NONE, NULL, OPT_FORK, "Daemon in foreground mode" },
1307 { "no-process-group", 0, POPT_ARG_NONE, NULL, OPT_NO_PROCESS_GROUP, "Don't create a new process group" },
1308 { "daemon", 'D', POPT_ARG_NONE, NULL, OPT_DAEMON, "Become a daemon (default)" },
1309 { "interactive", 'i', POPT_ARG_NONE, NULL, 'i', "Interactive mode" },
1310 { "no-caching", 'n', POPT_ARG_NONE, NULL, 'n', "Disable caching" },
1321 * Do this before any other talloc operation
1323 talloc_enable_null_tracking();
1324 frame = talloc_stackframe();
1326 setup_logging("winbindd", DEBUG_DEFAULT_STDOUT);
1328 /* glibc (?) likes to print "User defined signal 1" and exit if a
1329 SIGUSR[12] is received before a handler is installed */
1331 CatchSignal(SIGUSR1, SIG_IGN);
1332 CatchSignal(SIGUSR2, SIG_IGN);
1335 dump_core_setup("winbindd", lp_logfile(talloc_tos()));
1339 /* Initialise for running in non-root mode */
1343 set_remote_machine_name("winbindd", False);
1345 /* Set environment variable so we don't recursively call ourselves.
1346 This may also be useful interactively. */
1348 if ( !winbind_off() ) {
1349 DEBUG(0,("Failed to disable recusive winbindd calls. Exiting.\n"));
1353 /* Initialise samba/rpc client stuff */
1355 pc = poptGetContext("winbindd", argc, (const char **)argv, long_options, 0);
1357 while ((opt = poptGetNextOpt(pc)) != -1) {
1359 /* Don't become a daemon */
1371 case OPT_NO_PROCESS_GROUP:
1372 no_process_group = true;
1374 case OPT_LOG_STDOUT:
1381 d_fprintf(stderr, "\nInvalid option %s: %s\n\n",
1382 poptBadOption(pc, 0), poptStrerror(opt));
1383 poptPrintUsage(pc, stderr, 0);
1388 /* We call dump_core_setup one more time because the command line can
1389 * set the log file or the log-basename and this will influence where
1390 * cores are stored. Without this call get_dyn_LOGFILEBASE will be
1391 * the default value derived from build's prefix. For EOM this value
1392 * is often not related to the path where winbindd is actually run
1395 dump_core_setup("winbindd", lp_logfile(talloc_tos()));
1396 if (is_daemon && interactive) {
1397 d_fprintf(stderr,"\nERROR: "
1398 "Option -i|--interactive is not allowed together with -D|--daemon\n\n");
1399 poptPrintUsage(pc, stderr, 0);
1403 if (log_stdout && Fork) {
1404 d_fprintf(stderr, "\nERROR: "
1405 "Can't log to stdout (-S) unless daemon is in foreground +(-F) or interactive (-i)\n\n");
1406 poptPrintUsage(pc, stderr, 0);
1410 poptFreeContext(pc);
1412 if (!override_logfile) {
1414 if (asprintf(&lfile,"%s/log.winbindd",
1415 get_dyn_LOGFILEBASE()) > 0) {
1416 lp_set_logfile(lfile);
1422 setup_logging("winbindd", DEBUG_STDOUT);
1424 setup_logging("winbindd", DEBUG_FILE);
1428 DEBUG(0,("winbindd version %s started.\n", samba_version_string()));
1429 DEBUGADD(0,("%s\n", COPYRIGHT_STARTUP_MESSAGE));
1431 if (!lp_load_initial_only(get_dyn_CONFIGFILE())) {
1432 DEBUG(0, ("error opening config file '%s'\n", get_dyn_CONFIGFILE()));
1435 /* After parsing the configuration file we setup the core path one more time
1436 * as the log file might have been set in the configuration and cores's
1437 * path is by default basename(lp_logfile()).
1439 dump_core_setup("winbindd", lp_logfile(talloc_tos()));
1441 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
1442 DEBUG(0, ("server role = 'active directory domain controller' not compatible with running the winbindd binary. \n"));
1443 DEBUGADD(0, ("You should start 'samba' instead, and it will control starting the internal AD DC winbindd implementation, which is not the same as this one\n"));
1447 /* Initialise messaging system */
1449 if (winbind_messaging_context() == NULL) {
1453 if (!reload_services_file(NULL)) {
1454 DEBUG(0, ("error opening config file\n"));
1458 ok = directory_create_or_exist(lp_lockdir(), geteuid(), 0755);
1460 DEBUG(0, ("Failed to create directory %s for lock files - %s\n",
1461 lp_lockdir(), strerror(errno)));
1465 ok = directory_create_or_exist(lp_piddir(), geteuid(), 0755);
1467 DEBUG(0, ("Failed to create directory %s for pid files - %s\n",
1468 lp_piddir(), strerror(errno)));
1479 if (!secrets_init()) {
1481 DEBUG(0,("Could not initialize domain trust account secrets. Giving up\n"));
1485 /* Unblock all signals we are interested in as they may have been
1486 blocked by the parent process. */
1488 BlockSignals(False, SIGINT);
1489 BlockSignals(False, SIGQUIT);
1490 BlockSignals(False, SIGTERM);
1491 BlockSignals(False, SIGUSR1);
1492 BlockSignals(False, SIGUSR2);
1493 BlockSignals(False, SIGHUP);
1494 BlockSignals(False, SIGCHLD);
1497 become_daemon(Fork, no_process_group, log_stdout);
1499 pidfile_create(lp_piddir(), "winbindd");
1503 * If we're interactive we want to set our own process group for
1504 * signal management.
1506 if (interactive && !no_process_group)
1507 setpgid( (pid_t)0, (pid_t)0);
1512 /* Don't use winbindd_reinit_after_fork here as
1513 * we're just starting up and haven't created any
1514 * winbindd-specific resources we must free yet. JRA.
1517 status = reinit_after_fork(winbind_messaging_context(),
1518 winbind_event_context(),
1520 if (!NT_STATUS_IS_OK(status)) {
1521 DEBUG(0,("reinit_after_fork() failed\n"));
1526 * Do not initialize the parent-child-pipe before becoming
1527 * a daemon: this is used to detect a died parent in the child
1530 status = init_before_fork();
1531 if (!NT_STATUS_IS_OK(status)) {
1532 DEBUG(0, ("init_before_fork failed: %s\n", nt_errstr(status)));
1536 winbindd_register_handlers(winbind_messaging_context(), !Fork);
1538 status = init_system_session_info();
1539 if (!NT_STATUS_IS_OK(status)) {
1540 DEBUG(1, ("ERROR: failed to setup system user info: %s.\n",
1541 nt_errstr(status)));
1545 rpc_lsarpc_init(NULL);
1546 rpc_samr_init(NULL);
1548 winbindd_init_addrchange(NULL, winbind_event_context(),
1549 winbind_messaging_context());
1551 /* setup listen sockets */
1553 if (!winbindd_setup_listeners()) {
1554 DEBUG(0,("winbindd_setup_listeners() failed\n"));
1559 /* Loop waiting for requests */
1561 frame = talloc_stackframe();
1563 if (tevent_loop_once(winbind_event_context()) == -1) {
1564 DEBUG(1, ("tevent_loop_once() failed: %s\n",
git.samba.org / mat / samba.git / blob