+/*
+ Unix SMB/CIFS implementation.
+
+ Winbind daemon for ntdom nss module
+
+ Copyright (C) by Tim Potter 2000-2002
+ Copyright (C) Andrew Tridgell 2002
+ Copyright (C) Jelmer Vernooij 2003
+ Copyright (C) Volker Lendecke 2004
+ Copyright (C) Andrew Bartlett 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "winbindd.h"
+#include "../../nsswitch/libwbclient/wbc_async.h"
+
+/*
+ * This is the main event loop of winbind requests. It goes through a
+ * state-machine of 3 read/write requests, 4 if you have extra data to send.
+ *
+ * An idle winbind client has a read request of 4 bytes outstanding,
+ * finalizing function is request_len_recv, checking the length. request_recv
+ * then processes the packet. The processing function then at some point has
+ * to call request_finished which schedules sending the response.
+ */
+
+static void winbind_client_request_read(struct tevent_req *req);
+static void winbind_client_response_written(struct tevent_req *req);
+
+void request_finished(struct winbindd_cli_state *state)
+{
+ struct tevent_req *req;
+
+ TALLOC_FREE(state->request);
+
+ req = wb_resp_write_send(state, winbind_event_context(),
+ state->out_queue, state->sock,
+ state->response);
+ if (req == NULL) {
+ DEBUG(10,("request_finished[%d:%s]: wb_resp_write_send() failed\n",
+ (int)state->pid, state->cmd_name));
+ winbindd_remove_client(state);
+ return;
+ }
+ tevent_req_set_callback(req, winbind_client_response_written, state);
+}
+
+static void winbind_client_response_written(struct tevent_req *req)
+{
+ struct winbindd_cli_state *state = tevent_req_callback_data(
+ req, struct winbindd_cli_state);
+ ssize_t ret;
+ int err;
+
+ ret = wb_resp_write_recv(req, &err);
+ TALLOC_FREE(req);
+ if (ret == -1) {
+ close(state->sock);
+ state->sock = -1;
+ DEBUG(2, ("Could not write response[%d:%s] to client: %s\n",
+ (int)state->pid, state->cmd_name, strerror(err)));
+ winbindd_remove_client(state);
+ return;
+ }
+
+ DEBUG(10,("winbind_client_response_written[%d:%s]: delivered response "
+ "to client\n", (int)state->pid, state->cmd_name));
+
+ TALLOC_FREE(state->mem_ctx);
+ state->response = NULL;
+ state->cmd_name = "no request";
+ state->recv_fn = NULL;
+
+ req = wb_req_read_send(state, winbind_event_context(), state->sock,
+ WINBINDD_MAX_EXTRA_DATA);
+ if (req == NULL) {
+ winbindd_remove_client(state);
+ return;
+ }
+ tevent_req_set_callback(req, winbind_client_request_read, state);
+}
+
+/* Process a new connection by adding it to the client connection list */
+
+static void new_connection(int listen_sock, bool privileged)
+{
+ struct sockaddr_un sunaddr;
+ struct winbindd_cli_state *state;
+ struct tevent_req *req;
+ socklen_t len;
+ int sock;
+
+ /* Accept connection */
+
+ len = sizeof(sunaddr);
+
+ do {
+ sock = accept(listen_sock, (struct sockaddr *)(void *)&sunaddr,
+ &len);
+ } while (sock == -1 && errno == EINTR);
+
+ if (sock == -1)
+ return;
+
+ DEBUG(6,("accepted socket %d\n", sock));
+
+ /* Create new connection structure */
+
+ if ((state = TALLOC_ZERO_P(NULL, struct winbindd_cli_state)) == NULL) {
+ close(sock);
+ return;
+ }
+
+ state->sock = sock;
+
+ state->out_queue = tevent_queue_create(state, "winbind client reply");
+ if (state->out_queue == NULL) {
+ close(sock);
+ TALLOC_FREE(state);
+ return;
+ }
+
+ state->last_access = time(NULL);
+
+ state->privileged = privileged;
+
+ req = wb_req_read_send(state, winbind_event_context(), state->sock,
+ WINBINDD_MAX_EXTRA_DATA);
+ if (req == NULL) {
+ TALLOC_FREE(state);
+ close(sock);
+ return;
+ }
+ tevent_req_set_callback(req, winbind_client_request_read, state);
+
+ /* Add to connection list */
+
+ winbindd_add_client(state);
+}
+
+static void winbind_client_request_read(struct tevent_req *req)
+{
+ struct winbindd_cli_state *state = tevent_req_callback_data(
+ req, struct winbindd_cli_state);
+ ssize_t ret;
+ int err;
+
+ ret = wb_req_read_recv(req, state, &state->request, &err);
+ TALLOC_FREE(req);
+ if (ret == -1) {
+ if (err == EPIPE) {
+ DEBUG(6, ("closing socket %d, client exited\n",
+ state->sock));
+ } else {
+ DEBUG(2, ("Could not read client request from fd %d: "
+ "%s\n", state->sock, strerror(err)));
+ }
+ close(state->sock);
+ state->sock = -1;
+ winbindd_remove_client(state);
+ return;
+ }
+ wb_process_request(state);
+}
+
+/* Remove a client connection from client connection list */
+
+void winbindd_remove_client(struct winbindd_cli_state *state)
+{
+ char c = 0;
+ int nwritten;
+
+ /* It's a dead client - hold a funeral */
+
+ if (state == NULL) {
+ return;
+ }
+
+ if (state->sock != -1) {
+ /* tell client, we are closing ... */
+ nwritten = write(state->sock, &c, sizeof(c));
+ if (nwritten == -1) {
+ DEBUG(2, ("final write to client failed: %s\n",
+ strerror(errno)));
+ }
+
+ /* Close socket */
+
+ close(state->sock);
+ state->sock = -1;
+ }
+
+ TALLOC_FREE(state->mem_ctx);
+
+ /* Remove from list and free */
+
+ winbindd_remove_client_from_list(state);
+ TALLOC_FREE(state);
+}
+
+/* Is a client idle? */
+
+bool client_is_idle(struct winbindd_cli_state *state) {
+ return (state->response == NULL &&
+ !state->pwent_state && !state->grent_state);
+}
+
+/* Shutdown client connection which has been idle for the longest time */
+
+static bool remove_idle_client(void)
+{
+ struct winbindd_cli_state *state, *remove_state = NULL;
+ time_t last_access = 0;
+ int nidle = 0;
+
+ for (state = winbindd_client_list(); state; state = state->next) {
+ if (client_is_idle(state)) {
+ nidle++;
+ if (!last_access || state->last_access < last_access) {
+ last_access = state->last_access;
+ remove_state = state;
+ }
+ }
+ }
+
+ if (remove_state) {
+ DEBUG(5,("Found %d idle client connections, shutting down sock %d, pid %u\n",
+ nidle, remove_state->sock, (unsigned int)remove_state->pid));
+ winbindd_remove_client(remove_state);
+ return True;
+ }
+
+ return False;
+}
+
+struct winbindd_listen_state {
+ bool privileged;
+ int fd;
+};
+
+static void winbindd_listen_fde_handler(struct tevent_context *ev,
+ struct tevent_fd *fde,
+ uint16_t flags,
+ void *private_data)
+{
+ struct winbindd_listen_state *s = talloc_get_type_abort(private_data,
+ struct winbindd_listen_state);
+
+ while (winbindd_num_clients() > lp_winbind_max_clients() - 1) {
+ DEBUG(5,("winbindd: Exceeding %d client "
+ "connections, removing idle "
+ "connection.\n", lp_winbind_max_clients()));
+ if (!remove_idle_client()) {
+ DEBUG(0,("winbindd: Exceeding %d "
+ "client connections, no idle "
+ "connection found\n",
+ lp_winbind_max_clients()));
+ break;
+ }
+ }
+ new_connection(s->fd, s->privileged);
+}
+
+/*
+ * Winbindd socket accessor functions
+ */
+
+const char *get_winbind_pipe_dir(void)
+{
+ return lp_parm_const_string(-1, "winbindd", "socket dir", WINBINDD_SOCKET_DIR);
+}
+
+char *get_winbind_priv_pipe_dir(void)
+{
+ return lock_path(WINBINDD_PRIV_SOCKET_SUBDIR);
+}
+
+bool winbindd_setup_listeners(void)
+{
+ struct winbindd_listen_state *pub_state = NULL;
+ struct winbindd_listen_state *priv_state = NULL;
+ struct tevent_fd *fde;
+
+ pub_state = talloc(winbind_event_context(),
+ struct winbindd_listen_state);
+ if (!pub_state) {
+ goto failed;
+ }
+
+ pub_state->privileged = false;
+ pub_state->fd = create_pipe_sock(
+ get_winbind_pipe_dir(), WINBINDD_SOCKET_NAME, 0755);
+ if (pub_state->fd == -1) {
+ goto failed;
+ }
+
+ fde = tevent_add_fd(winbind_event_context(), pub_state, pub_state->fd,
+ TEVENT_FD_READ, winbindd_listen_fde_handler,
+ pub_state);
+ if (fde == NULL) {
+ close(pub_state->fd);
+ goto failed;
+ }
+ tevent_fd_set_auto_close(fde);
+
+ priv_state = talloc(winbind_event_context(),
+ struct winbindd_listen_state);
+ if (!priv_state) {
+ goto failed;
+ }
+
+ priv_state->privileged = true;
+ priv_state->fd = create_pipe_sock(
+ get_winbind_priv_pipe_dir(), WINBINDD_SOCKET_NAME, 0750);
+ if (priv_state->fd == -1) {
+ goto failed;
+ }
+
+ fde = tevent_add_fd(winbind_event_context(), priv_state,
+ priv_state->fd, TEVENT_FD_READ,
+ winbindd_listen_fde_handler, priv_state);
+ if (fde == NULL) {
+ close(priv_state->fd);
+ goto failed;
+ }
+ tevent_fd_set_auto_close(fde);
+
+ return true;
+failed:
+ TALLOC_FREE(pub_state);
+ TALLOC_FREE(priv_state);
+ return false;
+}
+