2 Unix SMB/CIFS implementation.
6 Copyright (C) Andrew Tridgell 2002
7 Copyright (C) Volker Lendecke 2004,2005
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 * We fork a child per domain to be able to act non-blocking in the main
25 * winbind daemon. A domain controller thousands of miles away being being
26 * slow replying with a 10.000 user list should not hold up netlogon calls
27 * that can be handled locally.
34 #define DBGC_CLASS DBGC_WINBIND
36 extern bool override_logfile;
37 extern struct winbindd_methods cache_methods;
39 /* Read some data from a client connection */
41 static void child_read_request(struct winbindd_cli_state *state)
47 status = read_data(state->sock, (char *)&state->request,
48 sizeof(state->request));
50 if (!NT_STATUS_IS_OK(status)) {
51 DEBUG(3, ("child_read_request: read_data failed: %s\n",
53 state->finished = True;
57 if (state->request.extra_len == 0) {
58 state->request.extra_data.data = NULL;
62 DEBUG(10, ("Need to read %d extra bytes\n", (int)state->request.extra_len));
64 state->request.extra_data.data =
65 SMB_MALLOC_ARRAY(char, state->request.extra_len + 1);
67 if (state->request.extra_data.data == NULL) {
68 DEBUG(0, ("malloc failed\n"));
69 state->finished = True;
73 /* Ensure null termination */
74 state->request.extra_data.data[state->request.extra_len] = '\0';
76 status= read_data(state->sock, state->request.extra_data.data,
77 state->request.extra_len);
79 if (!NT_STATUS_IS_OK(status)) {
80 DEBUG(0, ("Could not read extra data: %s\n",
82 state->finished = True;
88 * Machinery for async requests sent to children. You set up a
89 * winbindd_request, select a child to query, and issue a async_request
90 * call. When the request is completed, the callback function you specified is
91 * called back with the private pointer you gave to async_request.
94 struct winbindd_async_request {
95 struct winbindd_async_request *next, *prev;
97 struct winbindd_child *child;
98 struct winbindd_request *request;
99 struct winbindd_response *response;
100 void (*continuation)(void *private_data, bool success);
101 struct timed_event *reply_timeout_event;
102 pid_t child_pid; /* pid of the child we're waiting on. Used to detect
103 a restart of the child (child->pid != child_pid). */
107 static void async_request_fail(struct winbindd_async_request *state);
108 static void async_main_request_sent(void *private_data, bool success);
109 static void async_request_sent(void *private_data, bool success);
110 static void async_reply_recv(void *private_data, bool success);
111 static void schedule_async_request(struct winbindd_child *child);
113 void async_request(TALLOC_CTX *mem_ctx, struct winbindd_child *child,
114 struct winbindd_request *request,
115 struct winbindd_response *response,
116 void (*continuation)(void *private_data, bool success),
119 struct winbindd_async_request *state;
121 SMB_ASSERT(continuation != NULL);
123 DEBUG(10, ("Sending request to child pid %d (domain=%s)\n",
125 (child->domain != NULL) ? child->domain->name : "''"));
127 state = TALLOC_P(mem_ctx, struct winbindd_async_request);
130 DEBUG(0, ("talloc failed\n"));
131 continuation(private_data, False);
135 state->mem_ctx = mem_ctx;
136 state->child = child;
137 state->reply_timeout_event = NULL;
138 state->request = request;
139 state->response = response;
140 state->continuation = continuation;
141 state->private_data = private_data;
143 DLIST_ADD_END(child->requests, state, struct winbindd_async_request *);
145 schedule_async_request(child);
150 static void async_main_request_sent(void *private_data, bool success)
152 struct winbindd_async_request *state =
153 talloc_get_type_abort(private_data, struct winbindd_async_request);
156 DEBUG(5, ("Could not send async request\n"));
157 async_request_fail(state);
161 if (state->request->extra_len == 0) {
162 async_request_sent(private_data, True);
166 setup_async_write(&state->child->event, state->request->extra_data.data,
167 state->request->extra_len,
168 async_request_sent, state);
171 /****************************************************************
172 Handler triggered if the child winbindd doesn't respond within
174 ****************************************************************/
176 static void async_request_timeout_handler(struct event_context *ctx,
177 struct timed_event *te,
178 const struct timeval *now,
181 struct winbindd_async_request *state =
182 talloc_get_type_abort(private_data, struct winbindd_async_request);
184 DEBUG(0,("async_request_timeout_handler: child pid %u is not responding. "
185 "Closing connection to it.\n",
188 /* Deal with the reply - set to error. */
189 async_reply_recv(private_data, False);
192 /**************************************************************
193 Common function called on both async send and recv fail.
194 Cleans up the child and schedules the next request.
195 **************************************************************/
197 static void async_request_fail(struct winbindd_async_request *state)
199 DLIST_REMOVE(state->child->requests, state);
201 TALLOC_FREE(state->reply_timeout_event);
203 /* If child exists and is not already reaped,
204 send kill signal to child. */
206 if ((state->child->pid != (pid_t)0) &&
207 (state->child->pid != (pid_t)-1) &&
208 (state->child->pid == state->child_pid)) {
209 kill(state->child_pid, SIGTERM);
212 * Close the socket to the child.
214 winbind_child_died(state->child_pid);
217 state->response->length = sizeof(struct winbindd_response);
218 state->response->result = WINBINDD_ERROR;
219 state->continuation(state->private_data, False);
222 static void async_request_sent(void *private_data_data, bool success)
224 struct winbindd_async_request *state =
225 talloc_get_type_abort(private_data_data, struct winbindd_async_request);
228 DEBUG(5, ("Could not send async request to child pid %u\n",
229 (unsigned int)state->child_pid ));
230 async_request_fail(state);
234 /* Request successfully sent to the child, setup the wait for reply */
236 setup_async_read(&state->child->event,
237 &state->response->result,
238 sizeof(state->response->result),
239 async_reply_recv, state);
242 * Set up a timeout of 300 seconds for the response.
243 * If we don't get it close the child socket and
247 state->reply_timeout_event = event_add_timed(winbind_event_context(),
249 timeval_current_ofs(300,0),
250 "async_request_timeout",
251 async_request_timeout_handler,
253 if (!state->reply_timeout_event) {
254 smb_panic("async_request_sent: failed to add timeout handler.\n");
258 static void async_reply_recv(void *private_data, bool success)
260 struct winbindd_async_request *state =
261 talloc_get_type_abort(private_data, struct winbindd_async_request);
262 struct winbindd_child *child = state->child;
264 TALLOC_FREE(state->reply_timeout_event);
266 state->response->length = sizeof(struct winbindd_response);
269 DEBUG(5, ("Could not receive async reply from child pid %u\n",
270 (unsigned int)state->child_pid ));
272 cache_cleanup_response(state->child_pid);
273 async_request_fail(state);
277 SMB_ASSERT(cache_retrieve_response(state->child_pid,
280 cache_cleanup_response(state->child_pid);
282 DLIST_REMOVE(child->requests, state);
284 schedule_async_request(child);
286 state->continuation(state->private_data, True);
289 static bool winbindd_child_busy(const struct winbindd_child *child)
291 return (child->event.flags != 0);
294 static bool fork_domain_child(struct winbindd_child *child);
296 static void schedule_async_request(struct winbindd_child *child)
298 struct winbindd_async_request *request = child->requests;
300 if (request == NULL) {
304 if (winbindd_child_busy(child)) {
309 * This may be a reschedule, so we might
310 * have an existing timeout event pending on
311 * the first entry in the child->requests list
312 * (we only send one request at a time).
313 * Ensure we free it before we reschedule.
314 * Bug #5814, from hargagan <shargagan@novell.com>.
318 TALLOC_FREE(request->reply_timeout_event);
320 if ((child->pid == 0) && (!fork_domain_child(child))) {
321 /* fork_domain_child failed.
322 Cancel all outstanding requests */
324 while (request != NULL) {
325 /* request might be free'd in the continuation */
326 struct winbindd_async_request *next = request->next;
328 async_request_fail(request);
334 /* Now we know who we're sending to - remember the pid. */
335 request->child_pid = child->pid;
337 setup_async_write(&child->event, request->request,
338 sizeof(*request->request),
339 async_main_request_sent, request);
344 struct domain_request_state {
346 struct winbindd_domain *domain;
347 struct winbindd_request *request;
348 struct winbindd_response *response;
349 void (*continuation)(void *private_data_data, bool success);
350 void *private_data_data;
353 static void domain_init_recv(void *private_data_data, bool success);
355 void async_domain_request(TALLOC_CTX *mem_ctx,
356 struct winbindd_domain *domain,
357 struct winbindd_request *request,
358 struct winbindd_response *response,
359 void (*continuation)(void *private_data_data, bool success),
360 void *private_data_data)
362 struct domain_request_state *state;
364 if (domain->initialized) {
365 async_request(mem_ctx, &domain->child, request, response,
366 continuation, private_data_data);
370 state = TALLOC_P(mem_ctx, struct domain_request_state);
372 DEBUG(0, ("talloc failed\n"));
373 continuation(private_data_data, False);
377 state->mem_ctx = mem_ctx;
378 state->domain = domain;
379 state->request = request;
380 state->response = response;
381 state->continuation = continuation;
382 state->private_data_data = private_data_data;
384 init_child_connection(domain, domain_init_recv, state);
387 static void domain_init_recv(void *private_data_data, bool success)
389 struct domain_request_state *state =
390 talloc_get_type_abort(private_data_data, struct domain_request_state);
393 DEBUG(5, ("Domain init returned an error\n"));
394 state->continuation(state->private_data_data, False);
398 async_request(state->mem_ctx, &state->domain->child,
399 state->request, state->response,
400 state->continuation, state->private_data_data);
403 static void recvfrom_child(void *private_data_data, bool success)
405 struct winbindd_cli_state *state =
406 talloc_get_type_abort(private_data_data, struct winbindd_cli_state);
407 enum winbindd_result result = state->response.result;
409 /* This is an optimization: The child has written directly to the
410 * response buffer. The request itself is still in pending state,
411 * state that in the result code. */
413 state->response.result = WINBINDD_PENDING;
415 if ((!success) || (result != WINBINDD_OK)) {
416 request_error(state);
423 void sendto_child(struct winbindd_cli_state *state,
424 struct winbindd_child *child)
426 async_request(state->mem_ctx, child, &state->request,
427 &state->response, recvfrom_child, state);
430 void sendto_domain(struct winbindd_cli_state *state,
431 struct winbindd_domain *domain)
433 async_domain_request(state->mem_ctx, domain,
434 &state->request, &state->response,
435 recvfrom_child, state);
438 static void child_process_request(struct winbindd_child *child,
439 struct winbindd_cli_state *state)
441 struct winbindd_domain *domain = child->domain;
442 const struct winbindd_child_dispatch_table *table = child->table;
444 /* Free response data - we may be interrupted and receive another
445 command before being able to send this data off. */
447 state->response.result = WINBINDD_ERROR;
448 state->response.length = sizeof(struct winbindd_response);
450 /* as all requests in the child are sync, we can use talloc_tos() */
451 state->mem_ctx = talloc_tos();
453 /* Process command */
455 for (; table->name; table++) {
456 if (state->request.cmd == table->struct_cmd) {
457 DEBUG(10,("child_process_request: request fn %s\n",
459 state->response.result = table->struct_fn(domain, state);
464 DEBUG(1 ,("child_process_request: unknown request fn number %d\n",
465 (int)state->request.cmd));
466 state->response.result = WINBINDD_ERROR;
469 void setup_child(struct winbindd_child *child,
470 const struct winbindd_child_dispatch_table *table,
471 const char *logprefix,
474 if (logprefix && logname) {
475 if (asprintf(&child->logfilename, "%s/%s-%s",
476 get_dyn_LOGFILEBASE(), logprefix, logname) < 0) {
477 smb_panic("Internal error: asprintf failed");
480 smb_panic("Internal error: logprefix == NULL && "
484 child->domain = NULL;
485 child->table = table;
488 struct winbindd_child *children = NULL;
490 void winbind_child_died(pid_t pid)
492 struct winbindd_child *child;
494 for (child = children; child != NULL; child = child->next) {
495 if (child->pid == pid) {
501 DEBUG(5, ("Already reaped child %u died\n", (unsigned int)pid));
505 /* This will be re-added in fork_domain_child() */
507 DLIST_REMOVE(children, child);
509 remove_fd_event(&child->event);
510 close(child->event.fd);
512 child->event.flags = 0;
515 if (child->requests) {
517 * schedule_async_request() will also
518 * clear this event but the call is
519 * idempotent so it doesn't hurt to
520 * cover all possible future code
523 TALLOC_FREE(child->requests->reply_timeout_event);
526 schedule_async_request(child);
529 /* Ensure any negative cache entries with the netbios or realm names are removed. */
531 void winbindd_flush_negative_conn_cache(struct winbindd_domain *domain)
533 flush_negative_conn_cache_for_domain(domain->name);
534 if (*domain->alt_name) {
535 flush_negative_conn_cache_for_domain(domain->alt_name);
540 * Parent winbindd process sets its own debug level first and then
541 * sends a message to all the winbindd children to adjust their debug
542 * level to that of parents.
545 void winbind_msg_debug(struct messaging_context *msg_ctx,
548 struct server_id server_id,
551 struct winbindd_child *child;
553 DEBUG(10,("winbind_msg_debug: got debug message.\n"));
555 debug_message(msg_ctx, private_data, MSG_DEBUG, server_id, data);
557 for (child = children; child != NULL; child = child->next) {
559 DEBUG(10,("winbind_msg_debug: sending message to pid %u.\n",
560 (unsigned int)child->pid));
562 messaging_send_buf(msg_ctx, pid_to_procid(child->pid),
565 strlen((char *) data->data) + 1);
569 /* Set our domains as offline and forward the offline message to our children. */
571 void winbind_msg_offline(struct messaging_context *msg_ctx,
574 struct server_id server_id,
577 struct winbindd_child *child;
578 struct winbindd_domain *domain;
580 DEBUG(10,("winbind_msg_offline: got offline message.\n"));
582 if (!lp_winbind_offline_logon()) {
583 DEBUG(10,("winbind_msg_offline: rejecting offline message.\n"));
587 /* Set our global state as offline. */
588 if (!set_global_winbindd_state_offline()) {
589 DEBUG(10,("winbind_msg_offline: offline request failed.\n"));
593 /* Set all our domains as offline. */
594 for (domain = domain_list(); domain; domain = domain->next) {
595 if (domain->internal) {
598 DEBUG(5,("winbind_msg_offline: marking %s offline.\n", domain->name));
599 set_domain_offline(domain);
602 for (child = children; child != NULL; child = child->next) {
603 /* Don't send message to internal childs. We've already
605 if (!child->domain || winbindd_internal_child(child)) {
609 /* Or internal domains (this should not be possible....) */
610 if (child->domain->internal) {
614 /* Each winbindd child should only process requests for one domain - make sure
615 we only set it online / offline for that domain. */
617 DEBUG(10,("winbind_msg_offline: sending message to pid %u for domain %s.\n",
618 (unsigned int)child->pid, domain->name ));
620 messaging_send_buf(msg_ctx, pid_to_procid(child->pid),
622 (uint8 *)child->domain->name,
623 strlen(child->domain->name)+1);
627 /* Set our domains as online and forward the online message to our children. */
629 void winbind_msg_online(struct messaging_context *msg_ctx,
632 struct server_id server_id,
635 struct winbindd_child *child;
636 struct winbindd_domain *domain;
638 DEBUG(10,("winbind_msg_online: got online message.\n"));
640 if (!lp_winbind_offline_logon()) {
641 DEBUG(10,("winbind_msg_online: rejecting online message.\n"));
645 /* Set our global state as online. */
646 set_global_winbindd_state_online();
648 smb_nscd_flush_user_cache();
649 smb_nscd_flush_group_cache();
651 /* Set all our domains as online. */
652 for (domain = domain_list(); domain; domain = domain->next) {
653 if (domain->internal) {
656 DEBUG(5,("winbind_msg_online: requesting %s to go online.\n", domain->name));
658 winbindd_flush_negative_conn_cache(domain);
659 set_domain_online_request(domain);
661 /* Send an online message to the idmap child when our
662 primary domain comes back online */
664 if ( domain->primary ) {
665 struct winbindd_child *idmap = idmap_child();
667 if ( idmap->pid != 0 ) {
668 messaging_send_buf(msg_ctx,
669 pid_to_procid(idmap->pid),
671 (uint8 *)domain->name,
672 strlen(domain->name)+1);
678 for (child = children; child != NULL; child = child->next) {
679 /* Don't send message to internal childs. */
680 if (!child->domain || winbindd_internal_child(child)) {
684 /* Or internal domains (this should not be possible....) */
685 if (child->domain->internal) {
689 /* Each winbindd child should only process requests for one domain - make sure
690 we only set it online / offline for that domain. */
692 DEBUG(10,("winbind_msg_online: sending message to pid %u for domain %s.\n",
693 (unsigned int)child->pid, child->domain->name ));
695 messaging_send_buf(msg_ctx, pid_to_procid(child->pid),
697 (uint8 *)child->domain->name,
698 strlen(child->domain->name)+1);
702 /* Forward the online/offline messages to our children. */
703 void winbind_msg_onlinestatus(struct messaging_context *msg_ctx,
706 struct server_id server_id,
709 struct winbindd_child *child;
711 DEBUG(10,("winbind_msg_onlinestatus: got onlinestatus message.\n"));
713 for (child = children; child != NULL; child = child->next) {
714 if (child->domain && child->domain->primary) {
715 DEBUG(10,("winbind_msg_onlinestatus: "
716 "sending message to pid %u of primary domain.\n",
717 (unsigned int)child->pid));
718 messaging_send_buf(msg_ctx, pid_to_procid(child->pid),
719 MSG_WINBIND_ONLINESTATUS,
727 void winbind_msg_dump_event_list(struct messaging_context *msg_ctx,
730 struct server_id server_id,
733 struct winbindd_child *child;
735 DEBUG(10,("winbind_msg_dump_event_list received\n"));
737 dump_event_list(winbind_event_context());
739 for (child = children; child != NULL; child = child->next) {
741 DEBUG(10,("winbind_msg_dump_event_list: sending message to pid %u\n",
742 (unsigned int)child->pid));
744 messaging_send_buf(msg_ctx, pid_to_procid(child->pid),
751 void winbind_msg_dump_domain_list(struct messaging_context *msg_ctx,
754 struct server_id server_id,
758 const char *message = NULL;
759 struct server_id *sender = NULL;
760 const char *domain = NULL;
763 struct winbindd_domain *dom = NULL;
765 DEBUG(5,("winbind_msg_dump_domain_list received.\n"));
767 if (!data || !data->data) {
771 if (data->length < sizeof(struct server_id)) {
775 mem_ctx = talloc_init("winbind_msg_dump_domain_list");
780 sender = (struct server_id *)data->data;
781 if (data->length > sizeof(struct server_id)) {
782 domain = (const char *)data->data+sizeof(struct server_id);
787 DEBUG(5,("winbind_msg_dump_domain_list for domain: %s\n",
790 message = NDR_PRINT_STRUCT_STRING(mem_ctx, winbindd_domain,
791 find_domain_from_name_noinit(domain));
793 talloc_destroy(mem_ctx);
797 messaging_send_buf(msg_ctx, *sender,
798 MSG_WINBIND_DUMP_DOMAIN_LIST,
799 (uint8_t *)message, strlen(message) + 1);
801 talloc_destroy(mem_ctx);
806 DEBUG(5,("winbind_msg_dump_domain_list all domains\n"));
808 for (dom = domain_list(); dom; dom=dom->next) {
809 message = NDR_PRINT_STRUCT_STRING(mem_ctx, winbindd_domain, dom);
811 talloc_destroy(mem_ctx);
815 s = talloc_asprintf_append(s, "%s\n", message);
817 talloc_destroy(mem_ctx);
822 status = messaging_send_buf(msg_ctx, *sender,
823 MSG_WINBIND_DUMP_DOMAIN_LIST,
824 (uint8_t *)s, strlen(s) + 1);
825 if (!NT_STATUS_IS_OK(status)) {
826 DEBUG(0,("failed to send message: %s\n",
830 talloc_destroy(mem_ctx);
833 static void account_lockout_policy_handler(struct event_context *ctx,
834 struct timed_event *te,
835 const struct timeval *now,
838 struct winbindd_child *child =
839 (struct winbindd_child *)private_data;
840 TALLOC_CTX *mem_ctx = NULL;
841 struct winbindd_methods *methods;
842 struct samr_DomInfo12 lockout_policy;
845 DEBUG(10,("account_lockout_policy_handler called\n"));
847 TALLOC_FREE(child->lockout_policy_event);
849 if ( !winbindd_can_contact_domain( child->domain ) ) {
850 DEBUG(10,("account_lockout_policy_handler: Removing myself since I "
851 "do not have an incoming trust to domain %s\n",
852 child->domain->name));
857 methods = child->domain->methods;
859 mem_ctx = talloc_init("account_lockout_policy_handler ctx");
861 result = NT_STATUS_NO_MEMORY;
863 result = methods->lockout_policy(child->domain, mem_ctx, &lockout_policy);
865 TALLOC_FREE(mem_ctx);
867 if (!NT_STATUS_IS_OK(result)) {
868 DEBUG(10,("account_lockout_policy_handler: lockout_policy failed error %s\n",
872 child->lockout_policy_event = event_add_timed(winbind_event_context(), NULL,
873 timeval_current_ofs(3600, 0),
874 "account_lockout_policy_handler",
875 account_lockout_policy_handler,
879 /* Deal with a request to go offline. */
881 static void child_msg_offline(struct messaging_context *msg,
884 struct server_id server_id,
887 struct winbindd_domain *domain;
888 struct winbindd_domain *primary_domain = NULL;
889 const char *domainname = (const char *)data->data;
891 if (data->data == NULL || data->length == 0) {
895 DEBUG(5,("child_msg_offline received for domain %s.\n", domainname));
897 if (!lp_winbind_offline_logon()) {
898 DEBUG(10,("child_msg_offline: rejecting offline message.\n"));
902 primary_domain = find_our_domain();
904 /* Mark the requested domain offline. */
906 for (domain = domain_list(); domain; domain = domain->next) {
907 if (domain->internal) {
910 if (strequal(domain->name, domainname)) {
911 DEBUG(5,("child_msg_offline: marking %s offline.\n", domain->name));
912 set_domain_offline(domain);
913 /* we are in the trusted domain, set the primary domain
915 if (domain != primary_domain) {
916 set_domain_offline(primary_domain);
922 /* Deal with a request to go online. */
924 static void child_msg_online(struct messaging_context *msg,
927 struct server_id server_id,
930 struct winbindd_domain *domain;
931 struct winbindd_domain *primary_domain = NULL;
932 const char *domainname = (const char *)data->data;
934 if (data->data == NULL || data->length == 0) {
938 DEBUG(5,("child_msg_online received for domain %s.\n", domainname));
940 if (!lp_winbind_offline_logon()) {
941 DEBUG(10,("child_msg_online: rejecting online message.\n"));
945 primary_domain = find_our_domain();
947 /* Set our global state as online. */
948 set_global_winbindd_state_online();
950 /* Try and mark everything online - delete any negative cache entries
951 to force a reconnect now. */
953 for (domain = domain_list(); domain; domain = domain->next) {
954 if (domain->internal) {
957 if (strequal(domain->name, domainname)) {
958 DEBUG(5,("child_msg_online: requesting %s to go online.\n", domain->name));
959 winbindd_flush_negative_conn_cache(domain);
960 set_domain_online_request(domain);
962 /* we can be in trusted domain, which will contact primary domain
963 * we have to bring primary domain online in trusted domain process
964 * see, winbindd_dual_pam_auth() --> winbindd_dual_pam_auth_samlogon()
965 * --> contact_domain = find_our_domain()
967 if (domain != primary_domain) {
968 winbindd_flush_negative_conn_cache(primary_domain);
969 set_domain_online_request(primary_domain);
975 static const char *collect_onlinestatus(TALLOC_CTX *mem_ctx)
977 struct winbindd_domain *domain;
980 if ((buf = talloc_asprintf(mem_ctx, "global:%s ",
981 get_global_winbindd_state_offline() ?
982 "Offline":"Online")) == NULL) {
986 for (domain = domain_list(); domain; domain = domain->next) {
987 if ((buf = talloc_asprintf_append_buffer(buf, "%s:%s ",
990 "Online":"Offline")) == NULL) {
995 buf = talloc_asprintf_append_buffer(buf, "\n");
997 DEBUG(5,("collect_onlinestatus: %s", buf));
1002 static void child_msg_onlinestatus(struct messaging_context *msg_ctx,
1005 struct server_id server_id,
1008 TALLOC_CTX *mem_ctx;
1009 const char *message;
1010 struct server_id *sender;
1012 DEBUG(5,("winbind_msg_onlinestatus received.\n"));
1018 sender = (struct server_id *)data->data;
1020 mem_ctx = talloc_init("winbind_msg_onlinestatus");
1021 if (mem_ctx == NULL) {
1025 message = collect_onlinestatus(mem_ctx);
1026 if (message == NULL) {
1027 talloc_destroy(mem_ctx);
1031 messaging_send_buf(msg_ctx, *sender, MSG_WINBIND_ONLINESTATUS,
1032 (uint8 *)message, strlen(message) + 1);
1034 talloc_destroy(mem_ctx);
1037 static void child_msg_dump_event_list(struct messaging_context *msg,
1040 struct server_id server_id,
1043 DEBUG(5,("child_msg_dump_event_list received\n"));
1045 dump_event_list(winbind_event_context());
1048 void ccache_remove_all_after_fork(void);
1050 bool winbindd_reinit_after_fork(const char *logfilename)
1052 struct winbindd_domain *domain;
1053 struct winbindd_child *cl;
1055 if (!reinit_after_fork(winbind_messaging_context(),
1056 winbind_event_context(), true)) {
1057 DEBUG(0,("reinit_after_fork() failed\n"));
1061 close_conns_after_fork();
1063 if (!override_logfile && logfilename) {
1064 lp_set_logfile(logfilename);
1068 /* Don't handle the same messages as our parent. */
1069 messaging_deregister(winbind_messaging_context(),
1070 MSG_SMB_CONF_UPDATED, NULL);
1071 messaging_deregister(winbind_messaging_context(),
1072 MSG_SHUTDOWN, NULL);
1073 messaging_deregister(winbind_messaging_context(),
1074 MSG_WINBIND_OFFLINE, NULL);
1075 messaging_deregister(winbind_messaging_context(),
1076 MSG_WINBIND_ONLINE, NULL);
1077 messaging_deregister(winbind_messaging_context(),
1078 MSG_WINBIND_ONLINESTATUS, NULL);
1079 messaging_deregister(winbind_messaging_context(),
1080 MSG_DUMP_EVENT_LIST, NULL);
1081 messaging_deregister(winbind_messaging_context(),
1082 MSG_WINBIND_DUMP_DOMAIN_LIST, NULL);
1083 messaging_deregister(winbind_messaging_context(),
1086 /* We have destroyed all events in the winbindd_event_context
1087 * in reinit_after_fork(), so clean out all possible pending
1088 * event pointers. */
1090 /* Deal with check_online_events. */
1092 for (domain = domain_list(); domain; domain = domain->next) {
1093 TALLOC_FREE(domain->check_online_event);
1096 /* Ensure we're not handling a credential cache event inherited
1097 * from our parent. */
1099 ccache_remove_all_after_fork();
1101 /* Destroy all possible events in child list. */
1102 for (cl = children; cl != NULL; cl = cl->next) {
1103 struct winbindd_async_request *request;
1105 for (request = cl->requests; request; request = request->next) {
1106 TALLOC_FREE(request->reply_timeout_event);
1108 TALLOC_FREE(cl->lockout_policy_event);
1110 /* Children should never be able to send
1111 * each other messages, all messages must
1112 * go through the parent.
1117 * This is a little tricky, children must not
1118 * send an MSG_WINBIND_ONLINE message to idmap_child().
1119 * If we are in a child of our primary domain or
1120 * in the process created by fork_child_dc_connect(),
1121 * and the primary domain cannot go online,
1122 * fork_child_dc_connection() sends MSG_WINBIND_ONLINE
1123 * periodically to idmap_child().
1125 * The sequence is, fork_child_dc_connect() ---> getdcs() --->
1126 * get_dc_name_via_netlogon() ---> cm_connect_netlogon()
1127 * ---> init_dc_connection() ---> cm_open_connection --->
1128 * set_domain_online(), sends MSG_WINBIND_ONLINE to
1129 * idmap_child(). Disallow children sending messages
1130 * to each other, all messages must go through the parent.
1138 static bool fork_domain_child(struct winbindd_child *child)
1141 struct winbindd_cli_state state;
1142 struct winbindd_domain *primary_domain = NULL;
1144 if (child->domain) {
1145 DEBUG(10, ("fork_domain_child called for domain '%s'\n",
1146 child->domain->name));
1148 DEBUG(10, ("fork_domain_child called without domain.\n"));
1151 if (socketpair(AF_UNIX, SOCK_STREAM, 0, fdpair) != 0) {
1152 DEBUG(0, ("Could not open child pipe: %s\n",
1158 state.pid = sys_getpid();
1160 child->pid = sys_fork();
1162 if (child->pid == -1) {
1163 DEBUG(0, ("Could not fork: %s\n", strerror(errno)));
1167 if (child->pid != 0) {
1170 child->next = child->prev = NULL;
1171 DLIST_ADD(children, child);
1172 child->event.fd = fdpair[1];
1173 child->event.flags = 0;
1174 add_fd_event(&child->event);
1180 DEBUG(10, ("Child process %d\n", (int)sys_getpid()));
1182 /* Stop zombies in children */
1185 state.sock = fdpair[0];
1188 if (!winbindd_reinit_after_fork(child->logfilename)) {
1189 DEBUG(0, ("winbindd_reinit_after_fork failed.\n"));
1193 /* Handle online/offline messages. */
1194 messaging_register(winbind_messaging_context(), NULL,
1195 MSG_WINBIND_OFFLINE, child_msg_offline);
1196 messaging_register(winbind_messaging_context(), NULL,
1197 MSG_WINBIND_ONLINE, child_msg_online);
1198 messaging_register(winbind_messaging_context(), NULL,
1199 MSG_WINBIND_ONLINESTATUS, child_msg_onlinestatus);
1200 messaging_register(winbind_messaging_context(), NULL,
1201 MSG_DUMP_EVENT_LIST, child_msg_dump_event_list);
1202 messaging_register(winbind_messaging_context(), NULL,
1203 MSG_DEBUG, debug_message);
1205 primary_domain = find_our_domain();
1207 if (primary_domain == NULL) {
1208 smb_panic("no primary domain found");
1211 /* It doesn't matter if we allow cache login,
1212 * try to bring domain online after fork. */
1213 if ( child->domain ) {
1214 child->domain->startup = True;
1215 child->domain->startup_time = time(NULL);
1216 /* we can be in primary domain or in trusted domain
1217 * If we are in trusted domain, set the primary domain
1218 * in start-up mode */
1219 if (!(child->domain->internal)) {
1220 set_domain_online_request(child->domain);
1221 if (!(child->domain->primary)) {
1222 primary_domain->startup = True;
1223 primary_domain->startup_time = time(NULL);
1224 set_domain_online_request(primary_domain);
1230 * We are in idmap child, make sure that we set the
1231 * check_online_event to bring primary domain online.
1233 if (child == idmap_child()) {
1234 set_domain_online_request(primary_domain);
1237 /* We might be in the idmap child...*/
1238 if (child->domain && !(child->domain->internal) &&
1239 lp_winbind_offline_logon()) {
1241 set_domain_online_request(child->domain);
1243 if (primary_domain && (primary_domain != child->domain)) {
1244 /* We need to talk to the primary
1245 * domain as well as the trusted
1246 * domain inside a trusted domain
1249 * set_dc_type_and_flags_trustinfo()
1252 set_domain_online_request(primary_domain);
1255 child->lockout_policy_event = event_add_timed(
1256 winbind_event_context(), NULL, timeval_zero(),
1257 "account_lockout_policy_handler",
1258 account_lockout_policy_handler,
1269 TALLOC_CTX *frame = talloc_stackframe();
1271 /* check for signals */
1272 winbind_check_sigterm(false);
1273 winbind_check_sighup(override_logfile ? NULL :
1274 child->logfilename);
1276 run_events(winbind_event_context(), 0, NULL, NULL);
1280 if (child->domain && child->domain->startup &&
1281 (now.tv_sec > child->domain->startup_time + 30)) {
1282 /* No longer in "startup" mode. */
1283 DEBUG(10,("fork_domain_child: domain %s no longer in 'startup' mode.\n",
1284 child->domain->name ));
1285 child->domain->startup = False;
1288 tp = get_timed_events_timeout(winbind_event_context(), &t);
1290 DEBUG(11,("select will use timeout of %u.%u seconds\n",
1291 (unsigned int)tp->tv_sec, (unsigned int)tp->tv_usec ));
1294 /* Handle messages */
1296 message_dispatch(winbind_messaging_context());
1299 FD_SET(state.sock, &read_fds);
1301 ret = sys_select(state.sock + 1, &read_fds, NULL, NULL, tp);
1304 DEBUG(11,("nothing is ready yet, continue\n"));
1309 if (ret == -1 && errno == EINTR) {
1310 /* We got a signal - continue. */
1315 if (ret == -1 && errno != EINTR) {
1316 DEBUG(0,("select error occured\n"));
1322 /* fetch a request from the main daemon */
1323 child_read_request(&state);
1325 if (state.finished) {
1326 /* we lost contact with our parent */
1330 DEBUG(4,("child daemon request %d\n", (int)state.request.cmd));
1332 ZERO_STRUCT(state.response);
1333 state.request.null_term = '\0';
1334 child_process_request(child, &state);
1336 SAFE_FREE(state.request.extra_data.data);
1338 cache_store_response(sys_getpid(), &state.response);
1340 SAFE_FREE(state.response.extra_data.data);
1342 /* We just send the result code back, the result
1343 * structure needs to be fetched via the
1344 * winbindd_cache. Hmm. That needs fixing... */
1346 if (write_data(state.sock,
1347 (const char *)&state.response.result,
1348 sizeof(state.response.result)) !=
1349 sizeof(state.response.result)) {
1350 DEBUG(0, ("Could not write result\n"));