2 * Unix SMB/CIFS implementation.
6 * Copyright (c) 2011 Andreas Schneider <asn@samba.org>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 #include "lib/id_cache.h"
28 #include "../lib/tsocket/tsocket.h"
29 #include "lib/server_prefork.h"
30 #include "lib/server_prefork_util.h"
31 #include "librpc/rpc/dcerpc_ep.h"
33 #include "rpc_server/rpc_server.h"
34 #include "rpc_server/rpc_ep_register.h"
35 #include "rpc_server/rpc_sock_helper.h"
37 #include "librpc/gen_ndr/srv_lsa.h"
38 #include "librpc/gen_ndr/srv_samr.h"
39 #include "librpc/gen_ndr/srv_netlogon.h"
41 #define DAEMON_NAME "lsasd"
42 #define LSASD_MAX_SOCKETS 64
44 static struct server_id parent_id;
45 static struct prefork_pool *lsasd_pool = NULL;
46 static int lsasd_child_id = 0;
48 static struct pf_daemon_config default_pf_lsasd_cfg = {
49 .prefork_status = PFH_INIT,
53 .max_allowed_clients = 100,
54 .child_min_life = 60 /* 1 minute minimum life time */
56 static struct pf_daemon_config pf_lsasd_cfg = { 0 };
58 void start_lsasd(struct tevent_context *ev_ctx,
59 struct messaging_context *msg_ctx);
61 static void lsasd_reopen_logs(int child_id)
63 char *lfile = lp_logfile(talloc_tos());
68 rc = asprintf(&extension, "%s.%d", DAEMON_NAME, child_id);
70 rc = asprintf(&extension, "%s", DAEMON_NAME);
77 if (lfile == NULL || lfile[0] == '\0') {
78 rc = asprintf(&lfile, "%s/log.%s",
79 get_dyn_LOGFILEBASE(), extension);
81 if (strstr(lfile, extension) == NULL) {
83 rc = asprintf(&lfile, "%s.%d",
84 lp_logfile(talloc_tos()),
87 rc = asprintf(&lfile, "%s.%s",
88 lp_logfile(talloc_tos()),
95 lp_set_logfile(lfile);
104 static void lsasd_smb_conf_updated(struct messaging_context *msg,
107 struct server_id server_id,
110 struct tevent_context *ev_ctx;
112 DEBUG(10, ("Got message saying smb.conf was updated. Reloading.\n"));
113 ev_ctx = talloc_get_type_abort(private_data, struct tevent_context);
115 change_to_root_user();
116 lp_load_global(get_dyn_CONFIGFILE());
118 lsasd_reopen_logs(lsasd_child_id);
119 if (lsasd_child_id == 0) {
120 pfh_daemon_config(DAEMON_NAME,
122 &default_pf_lsasd_cfg);
123 pfh_manage_pool(ev_ctx, msg, &pf_lsasd_cfg, lsasd_pool);
127 static void lsasd_sig_term_handler(struct tevent_context *ev,
128 struct tevent_signal *se,
134 rpc_netlogon_shutdown();
136 rpc_lsarpc_shutdown();
138 DEBUG(0, ("termination signal\n"));
142 static void lsasd_setup_sig_term_handler(struct tevent_context *ev_ctx)
144 struct tevent_signal *se;
146 se = tevent_add_signal(ev_ctx,
149 lsasd_sig_term_handler,
152 DEBUG(0, ("failed to setup SIGTERM handler\n"));
157 static void lsasd_sig_hup_handler(struct tevent_context *ev,
158 struct tevent_signal *se,
165 change_to_root_user();
166 lp_load_global(get_dyn_CONFIGFILE());
168 lsasd_reopen_logs(lsasd_child_id);
169 pfh_daemon_config(DAEMON_NAME,
171 &default_pf_lsasd_cfg);
173 /* relay to all children */
174 prefork_send_signal_to_all(lsasd_pool, SIGHUP);
177 static void lsasd_setup_sig_hup_handler(struct tevent_context *ev_ctx)
179 struct tevent_signal *se;
181 se = tevent_add_signal(ev_ctx,
184 lsasd_sig_hup_handler,
187 DEBUG(0, ("failed to setup SIGHUP handler\n"));
192 /**********************************************************
194 **********************************************************/
196 static void lsasd_chld_sig_hup_handler(struct tevent_context *ev,
197 struct tevent_signal *se,
203 change_to_root_user();
204 lsasd_reopen_logs(lsasd_child_id);
207 static bool lsasd_setup_chld_hup_handler(struct tevent_context *ev_ctx)
209 struct tevent_signal *se;
211 se = tevent_add_signal(ev_ctx,
214 lsasd_chld_sig_hup_handler,
217 DEBUG(1, ("failed to setup SIGHUP handler"));
224 static void parent_ping(struct messaging_context *msg_ctx,
227 struct server_id server_id,
231 /* The fact we received this message is enough to let make the event
232 * loop if it was idle. lsasd_children_main will cycle through
233 * lsasd_next_client at least once. That function will take whatever
234 * action is necessary */
236 DEBUG(10, ("Got message that the parent changed status.\n"));
240 static bool lsasd_child_init(struct tevent_context *ev_ctx,
242 struct pf_worker_data *pf)
245 struct messaging_context *msg_ctx = server_messaging_context();
248 status = reinit_after_fork(msg_ctx, ev_ctx,
249 true, "lsasd-child");
250 if (!NT_STATUS_IS_OK(status)) {
251 DEBUG(0,("reinit_after_fork() failed\n"));
252 smb_panic("reinit_after_fork() failed");
255 lsasd_child_id = child_id;
256 lsasd_reopen_logs(child_id);
258 ok = lsasd_setup_chld_hup_handler(ev_ctx);
263 messaging_register(msg_ctx, ev_ctx,
264 MSG_SMB_CONF_UPDATED, lsasd_smb_conf_updated);
265 messaging_register(msg_ctx, ev_ctx,
266 MSG_PREFORK_PARENT_EVENT, parent_ping);
267 id_cache_register_msgs(msg_ctx);
269 status = rpc_lsarpc_init(NULL);
270 if (!NT_STATUS_IS_OK(status)) {
271 DEBUG(0, ("Failed to register lsarpc rpc interface! (%s)\n",
276 status = rpc_samr_init(NULL);
277 if (!NT_STATUS_IS_OK(status)) {
278 DEBUG(0, ("Failed to register samr rpc interface! (%s)\n",
283 status = rpc_netlogon_init(NULL);
284 if (!NT_STATUS_IS_OK(status)) {
285 DEBUG(0, ("Failed to register netlogon rpc interface! (%s)\n",
293 struct lsasd_children_data {
294 struct tevent_context *ev_ctx;
295 struct messaging_context *msg_ctx;
296 struct pf_worker_data *pf;
301 static void lsasd_next_client(void *pvt);
303 static int lsasd_children_main(struct tevent_context *ev_ctx,
304 struct messaging_context *msg_ctx,
305 struct pf_worker_data *pf,
311 struct lsasd_children_data *data;
315 ok = lsasd_child_init(ev_ctx, child_id, pf);
320 data = talloc(ev_ctx, struct lsasd_children_data);
325 data->ev_ctx = ev_ctx;
326 data->msg_ctx = msg_ctx;
327 data->listen_fd_size = listen_fd_size;
328 data->listen_fds = listen_fds;
330 /* loop until it is time to exit */
331 while (pf->status != PF_WORKER_EXITING) {
332 /* try to see if it is time to schedule the next client */
333 lsasd_next_client(data);
335 ret = tevent_loop_once(ev_ctx);
337 DEBUG(0, ("tevent_loop_once() exited with %d: %s\n",
338 ret, strerror(errno)));
339 pf->status = PF_WORKER_EXITING;
346 static void lsasd_client_terminated(void *pvt)
348 struct lsasd_children_data *data;
350 data = talloc_get_type_abort(pvt, struct lsasd_children_data);
352 pfh_client_terminated(data->pf);
354 lsasd_next_client(pvt);
357 struct lsasd_new_client {
358 struct lsasd_children_data *data;
361 static void lsasd_handle_client(struct tevent_req *req);
363 static void lsasd_next_client(void *pvt)
365 struct tevent_req *req;
366 struct lsasd_children_data *data;
367 struct lsasd_new_client *next;
369 data = talloc_get_type_abort(pvt, struct lsasd_children_data);
371 if (!pfh_child_allowed_to_accept(data->pf)) {
372 /* nothing to do for now we are already listening
373 * or we are not allowed to listen further */
377 next = talloc_zero(data, struct lsasd_new_client);
379 DEBUG(1, ("Out of memory!?\n"));
384 req = prefork_listen_send(next,
387 data->listen_fd_size,
390 DEBUG(1, ("Failed to make listening request!?\n"));
394 tevent_req_set_callback(req, lsasd_handle_client, next);
397 static void lsasd_handle_client(struct tevent_req *req)
399 struct lsasd_children_data *data;
400 struct lsasd_new_client *client;
401 const DATA_BLOB ping = data_blob_null;
405 struct tsocket_address *srv_addr;
406 struct tsocket_address *cli_addr;
408 client = tevent_req_callback_data(req, struct lsasd_new_client);
411 tmp_ctx = talloc_stackframe();
412 if (tmp_ctx == NULL) {
413 DEBUG(1, ("Failed to allocate stackframe!\n"));
417 rc = prefork_listen_recv(req,
423 /* this will free the request too */
427 DEBUG(6, ("No client connection was available after all!\n"));
431 /* Warn parent that our status changed */
432 messaging_send(data->msg_ctx, parent_id,
433 MSG_PREFORK_CHILD_EVENT, &ping);
435 DEBUG(2, ("LSASD preforked child %d got client connection!\n",
436 (int)(data->pf->pid)));
438 if (tsocket_address_is_inet(srv_addr, "ip")) {
439 DEBUG(3, ("Got a tcpip client connection from %s on interface %s\n",
440 tsocket_address_string(cli_addr, tmp_ctx),
441 tsocket_address_string(srv_addr, tmp_ctx)));
443 dcerpc_ncacn_accept(data->ev_ctx,
451 } else if (tsocket_address_is_unix(srv_addr)) {
455 p = tsocket_address_unix_path(srv_addr, tmp_ctx);
457 talloc_free(tmp_ctx);
468 if (strstr(p, "/np/")) {
469 named_pipe_accept_function(data->ev_ctx,
473 lsasd_client_terminated,
476 dcerpc_ncacn_accept(data->ev_ctx,
486 DEBUG(0, ("ERROR: Unsupported socket!\n"));
490 talloc_free(tmp_ctx);
497 static void child_ping(struct messaging_context *msg_ctx,
500 struct server_id server_id,
503 struct tevent_context *ev_ctx;
505 ev_ctx = talloc_get_type_abort(private_data, struct tevent_context);
507 DEBUG(10, ("Got message that a child changed status.\n"));
508 pfh_manage_pool(ev_ctx, msg_ctx, &pf_lsasd_cfg, lsasd_pool);
511 static bool lsasd_schedule_check(struct tevent_context *ev_ctx,
512 struct messaging_context *msg_ctx,
513 struct timeval current_time);
515 static void lsasd_check_children(struct tevent_context *ev_ctx,
516 struct tevent_timer *te,
517 struct timeval current_time,
520 static void lsasd_sigchld_handler(struct tevent_context *ev_ctx,
521 struct prefork_pool *pfp,
524 struct messaging_context *msg_ctx;
526 msg_ctx = talloc_get_type_abort(pvt, struct messaging_context);
528 /* run pool management so we can fork/retire or increase
529 * the allowed connections per child based on load */
530 pfh_manage_pool(ev_ctx, msg_ctx, &pf_lsasd_cfg, lsasd_pool);
533 static bool lsasd_setup_children_monitor(struct tevent_context *ev_ctx,
534 struct messaging_context *msg_ctx)
538 /* add our oun sigchld callback */
539 prefork_set_sigchld_callback(lsasd_pool, lsasd_sigchld_handler, msg_ctx);
541 ok = lsasd_schedule_check(ev_ctx, msg_ctx, tevent_timeval_current());
546 static bool lsasd_schedule_check(struct tevent_context *ev_ctx,
547 struct messaging_context *msg_ctx,
548 struct timeval current_time)
550 struct tevent_timer *te;
551 struct timeval next_event;
553 /* check situation again in 10 seconds */
554 next_event = tevent_timeval_current_ofs(10, 0);
556 /* TODO: check when the socket becomes readable, so that children
557 * are checked only when there is some activity ? */
558 te = tevent_add_timer(ev_ctx, lsasd_pool, next_event,
559 lsasd_check_children, msg_ctx);
561 DEBUG(2, ("Failed to set up children monitoring!\n"));
568 static void lsasd_check_children(struct tevent_context *ev_ctx,
569 struct tevent_timer *te,
570 struct timeval current_time,
573 struct messaging_context *msg_ctx;
575 msg_ctx = talloc_get_type_abort(pvt, struct messaging_context);
577 pfh_manage_pool(ev_ctx, msg_ctx, &pf_lsasd_cfg, lsasd_pool);
579 lsasd_schedule_check(ev_ctx, msg_ctx, current_time);
586 static bool lsasd_create_sockets(struct tevent_context *ev_ctx,
587 struct messaging_context *msg_ctx,
591 struct dcerpc_binding_vector *v, *v_orig;
599 tmp_ctx = talloc_stackframe();
600 if (tmp_ctx == NULL) {
604 status = dcerpc_binding_vector_new(tmp_ctx, &v_orig);
605 if (!NT_STATUS_IS_OK(status)) {
609 /* Create only one tcpip listener for all services */
610 status = rpc_create_tcpip_sockets(&ndr_table_lsarpc,
615 if (!NT_STATUS_IS_OK(status)) {
619 /* Start to listen on tcpip sockets */
620 for (i = 0; i < *listen_fd_size; i++) {
621 rc = listen(listen_fd[i], pf_lsasd_cfg.max_allowed_clients);
623 DEBUG(0, ("Failed to listen on tcpip socket - %s\n",
630 fd = create_named_pipe_socket("lsarpc");
635 rc = listen(fd, pf_lsasd_cfg.max_allowed_clients);
637 DEBUG(0, ("Failed to listen on lsarpc pipe - %s\n",
641 listen_fd[*listen_fd_size] = fd;
644 fd = create_named_pipe_socket("lsass");
649 rc = listen(fd, pf_lsasd_cfg.max_allowed_clients);
651 DEBUG(0, ("Failed to listen on lsass pipe - %s\n",
655 listen_fd[*listen_fd_size] = fd;
658 fd = create_dcerpc_ncalrpc_socket("lsarpc");
663 rc = listen(fd, pf_lsasd_cfg.max_allowed_clients);
665 DEBUG(0, ("Failed to listen on lsarpc ncalrpc - %s\n",
669 listen_fd[*listen_fd_size] = fd;
673 v = dcerpc_binding_vector_dup(tmp_ctx, v_orig);
678 status = dcerpc_binding_vector_replace_iface(&ndr_table_lsarpc, v);
679 if (!NT_STATUS_IS_OK(status)) {
683 status = dcerpc_binding_vector_add_np_default(&ndr_table_lsarpc, v);
684 if (!NT_STATUS_IS_OK(status)) {
688 status = dcerpc_binding_vector_add_unix(&ndr_table_lsarpc, v, "lsarpc");
689 if (!NT_STATUS_IS_OK(status)) {
693 status = rpc_ep_register(ev_ctx, msg_ctx, &ndr_table_lsarpc, v);
694 if (!NT_STATUS_IS_OK(status)) {
699 fd = create_named_pipe_socket("samr");
704 rc = listen(fd, pf_lsasd_cfg.max_allowed_clients);
706 DEBUG(0, ("Failed to listen on samr pipe - %s\n",
710 listen_fd[*listen_fd_size] = fd;
713 fd = create_dcerpc_ncalrpc_socket("samr");
718 rc = listen(fd, pf_lsasd_cfg.max_allowed_clients);
720 DEBUG(0, ("Failed to listen on samr ncalrpc - %s\n",
724 listen_fd[*listen_fd_size] = fd;
728 v = dcerpc_binding_vector_dup(tmp_ctx, v_orig);
733 status = dcerpc_binding_vector_replace_iface(&ndr_table_samr, v);
734 if (!NT_STATUS_IS_OK(status)) {
738 status = dcerpc_binding_vector_add_np_default(&ndr_table_samr, v);
739 if (!NT_STATUS_IS_OK(status)) {
743 status = dcerpc_binding_vector_add_unix(&ndr_table_lsarpc, v, "samr");
744 if (!NT_STATUS_IS_OK(status)) {
748 status = rpc_ep_register(ev_ctx, msg_ctx, &ndr_table_samr, v);
749 if (!NT_STATUS_IS_OK(status)) {
754 fd = create_named_pipe_socket("netlogon");
759 rc = listen(fd, pf_lsasd_cfg.max_allowed_clients);
761 DEBUG(0, ("Failed to listen on samr pipe - %s\n",
765 listen_fd[*listen_fd_size] = fd;
768 fd = create_dcerpc_ncalrpc_socket("netlogon");
773 rc = listen(fd, pf_lsasd_cfg.max_allowed_clients);
775 DEBUG(0, ("Failed to listen on netlogon ncalrpc - %s\n",
779 listen_fd[*listen_fd_size] = fd;
783 v = dcerpc_binding_vector_dup(tmp_ctx, v_orig);
788 status = dcerpc_binding_vector_replace_iface(&ndr_table_netlogon, v);
789 if (!NT_STATUS_IS_OK(status)) {
793 status = dcerpc_binding_vector_add_np_default(&ndr_table_netlogon, v);
794 if (!NT_STATUS_IS_OK(status)) {
798 status = dcerpc_binding_vector_add_unix(&ndr_table_lsarpc, v, "netlogon");
799 if (!NT_STATUS_IS_OK(status)) {
803 status = rpc_ep_register(ev_ctx, msg_ctx, &ndr_table_netlogon, v);
804 if (!NT_STATUS_IS_OK(status)) {
813 talloc_free(tmp_ctx);
817 void start_lsasd(struct tevent_context *ev_ctx,
818 struct messaging_context *msg_ctx)
821 int listen_fd[LSASD_MAX_SOCKETS];
822 int listen_fd_size = 0;
827 DEBUG(1, ("Forking LSA Service Daemon\n"));
830 * Block signals before forking child as it will have to
831 * set its own handlers. Child will re-enable SIGHUP as
832 * soon as the handlers are set up.
834 BlockSignals(true, SIGTERM);
835 BlockSignals(true, SIGHUP);
839 DEBUG(0, ("Failed to fork LSASD [%s], aborting ...\n",
844 /* parent or error */
847 /* Re-enable SIGHUP before returnig */
848 BlockSignals(false, SIGTERM);
849 BlockSignals(false, SIGHUP);
854 status = smbd_reinit_after_fork(msg_ctx, ev_ctx, true, "lsasd-master");
855 if (!NT_STATUS_IS_OK(status)) {
856 DEBUG(0,("reinit_after_fork() failed\n"));
857 smb_panic("reinit_after_fork() failed");
860 /* save the parent process id so the children can use it later */
861 parent_id = messaging_server_id(msg_ctx);
863 lsasd_reopen_logs(0);
864 pfh_daemon_config(DAEMON_NAME,
866 &default_pf_lsasd_cfg);
868 lsasd_setup_sig_term_handler(ev_ctx);
869 lsasd_setup_sig_hup_handler(ev_ctx);
871 BlockSignals(false, SIGTERM);
872 BlockSignals(false, SIGHUP);
874 ok = lsasd_create_sockets(ev_ctx, msg_ctx, listen_fd, &listen_fd_size);
879 /* start children before any more initialization is done */
880 ok = prefork_create_pool(ev_ctx, /* mem_ctx */
885 pf_lsasd_cfg.min_children,
886 pf_lsasd_cfg.max_children,
887 &lsasd_children_main,
894 messaging_register(msg_ctx,
896 MSG_SMB_CONF_UPDATED,
897 lsasd_smb_conf_updated);
898 messaging_register(msg_ctx, ev_ctx,
899 MSG_PREFORK_CHILD_EVENT, child_ping);
901 status = rpc_lsarpc_init(NULL);
902 if (!NT_STATUS_IS_OK(status)) {
903 DEBUG(0, ("Failed to register lsarpc rpc interface in lsasd! (%s)\n",
908 status = rpc_samr_init(NULL);
909 if (!NT_STATUS_IS_OK(status)) {
910 DEBUG(0, ("Failed to register samr rpc interface in lsasd! (%s)\n",
915 status = rpc_netlogon_init(NULL);
916 if (!NT_STATUS_IS_OK(status)) {
917 DEBUG(0, ("Failed to register netlogon rpc interface in lsasd! (%s)\n",
922 ok = lsasd_setup_children_monitor(ev_ctx, msg_ctx);
924 DEBUG(0, ("Failed to setup children monitoring!\n"));
928 DEBUG(1, ("LSASD Daemon Started (%u)\n", (unsigned int)getpid()));
931 rc = tevent_loop_wait(ev_ctx);
933 /* should not be reached */
934 DEBUG(0,("lsasd: tevent_loop_wait() exited with %d - %s\n",
935 rc, (rc == 0) ? "out of events" : strerror(errno)));
git.samba.org / metze / samba / wip.git / blob