2 Unix SMB/CIFS implementation.
3 Main winbindd server routines
5 Copyright (C) Stefan Metzmacher 2005-2008
6 Copyright (C) Andrew Tridgell 2005
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2010
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "smbd/process_model.h"
25 #include "winbind/wb_server.h"
26 #include "lib/stream/packet.h"
27 #include "lib/tsocket/tsocket.h"
28 #include "libcli/util/tstream.h"
29 #include "param/param.h"
30 #include "param/secrets.h"
32 void wbsrv_terminate_connection(struct wbsrv_connection
*wbconn
, const char *reason
)
34 stream_terminate_connection(wbconn
->conn
, reason
);
37 static void wbsrv_call_loop(struct tevent_req
*subreq
)
39 struct wbsrv_connection
*wbsrv_conn
= tevent_req_callback_data(subreq
,
40 struct wbsrv_connection
);
41 struct wbsrv_samba3_call
*call
;
44 call
= talloc_zero(wbsrv_conn
, struct wbsrv_samba3_call
);
46 wbsrv_terminate_connection(wbsrv_conn
, "wbsrv_call_loop: "
47 "no memory for wbsrv_samba3_call");
50 call
->wbconn
= wbsrv_conn
;
52 status
= tstream_read_pdu_blob_recv(subreq
,
56 if (!NT_STATUS_IS_OK(status
)) {
59 reason
= talloc_asprintf(call
, "wbsrv_call_loop: "
60 "tstream_read_pdu_blob_recv() - %s",
63 reason
= nt_errstr(status
);
66 wbsrv_terminate_connection(wbsrv_conn
, reason
);
70 DEBUG(10,("Received winbind TCP packet of length %lu from %s\n",
71 (long) call
->in
.length
,
72 tsocket_address_string(wbsrv_conn
->conn
->remote_address
, call
)));
74 status
= wbsrv_samba3_process(call
);
75 if (!NT_STATUS_IS_OK(status
)) {
78 reason
= talloc_asprintf(call
, "wbsrv_call_loop: "
79 "tstream_read_pdu_blob_recv() - %s",
82 reason
= nt_errstr(status
);
85 wbsrv_terminate_connection(wbsrv_conn
, reason
);
90 * The winbind pdu's has the length as 4 byte (initial_read_size),
91 * wbsrv_samba3_packet_full_request provides the pdu length then.
93 subreq
= tstream_read_pdu_blob_send(wbsrv_conn
,
94 wbsrv_conn
->conn
->event
.ctx
,
96 4, /* initial_read_size */
97 wbsrv_samba3_packet_full_request
,
100 wbsrv_terminate_connection(wbsrv_conn
, "wbsrv_call_loop: "
101 "no memory for tstream_read_pdu_blob_send");
104 tevent_req_set_callback(subreq
, wbsrv_call_loop
, wbsrv_conn
);
107 static void wbsrv_accept(struct stream_connection
*conn
)
109 struct wbsrv_listen_socket
*wbsrv_socket
= talloc_get_type(conn
->private_data
,
110 struct wbsrv_listen_socket
);
111 struct wbsrv_connection
*wbsrv_conn
;
112 struct tevent_req
*subreq
;
115 wbsrv_conn
= talloc_zero(conn
, struct wbsrv_connection
);
116 if (wbsrv_conn
== NULL
) {
117 stream_terminate_connection(conn
, "wbsrv_accept: out of memory");
121 wbsrv_conn
->send_queue
= tevent_queue_create(conn
, "wbsrv_accept");
122 if (wbsrv_conn
->send_queue
== NULL
) {
123 stream_terminate_connection(conn
,
124 "wbsrv_accept: out of memory");
128 TALLOC_FREE(conn
->event
.fde
);
130 rc
= tstream_bsd_existing_socket(wbsrv_conn
,
131 socket_get_fd(conn
->socket
),
132 &wbsrv_conn
->tstream
);
134 stream_terminate_connection(conn
,
135 "wbsrv_accept: out of memory");
139 wbsrv_conn
->conn
= conn
;
140 wbsrv_conn
->listen_socket
= wbsrv_socket
;
141 wbsrv_conn
->lp_ctx
= wbsrv_socket
->service
->task
->lp_ctx
;
142 conn
->private_data
= wbsrv_conn
;
145 * The winbind pdu's has the length as 4 byte (initial_read_size),
146 * wbsrv_samba3_packet_full_request provides the pdu length then.
148 subreq
= tstream_read_pdu_blob_send(wbsrv_conn
,
149 wbsrv_conn
->conn
->event
.ctx
,
151 4, /* initial_read_size */
152 wbsrv_samba3_packet_full_request
,
154 if (subreq
== NULL
) {
155 wbsrv_terminate_connection(wbsrv_conn
, "wbsrv_accept: "
156 "no memory for tstream_read_pdu_blob_send");
159 tevent_req_set_callback(subreq
, wbsrv_call_loop
, wbsrv_conn
);
165 static void wbsrv_recv(struct stream_connection
*conn
, uint16_t flags
)
167 struct wbsrv_connection
*wbsrv_conn
= talloc_get_type(conn
->private_data
,
168 struct wbsrv_connection
);
169 wbsrv_terminate_connection(wbsrv_conn
, "wbsrv_recv: called");
173 called when we can write to a connection
175 static void wbsrv_send(struct stream_connection
*conn
, uint16_t flags
)
177 struct wbsrv_connection
*wbsrv_conn
= talloc_get_type(conn
->private_data
,
178 struct wbsrv_connection
);
179 /* this should never be triggered! */
180 wbsrv_terminate_connection(wbsrv_conn
, "wbsrv_send: called");
183 static const struct stream_server_ops wbsrv_ops
= {
184 .name
= "winbind samba3 protocol",
185 .accept_connection
= wbsrv_accept
,
186 .recv_handler
= wbsrv_recv
,
187 .send_handler
= wbsrv_send
191 startup the winbind task
193 static void winbind_task_init(struct task_server
*task
)
196 const struct model_ops
*model_ops
;
198 struct wbsrv_service
*service
;
199 struct wbsrv_listen_socket
*listen_socket
;
201 struct dom_sid
*primary_sid
;
203 task_server_set_title(task
, "task[winbind]");
205 /* within the winbind task we want to be a single process, so
206 ask for the single process model ops and pass these to the
207 stream_setup_socket() call. */
208 model_ops
= process_model_startup(task
->event_ctx
, "single");
210 task_server_terminate(task
,
211 "Can't find 'single' process model_ops", true);
215 /* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */
216 if (!directory_create_or_exist(lpcfg_winbindd_socket_directory(task
->lp_ctx
), geteuid(), 0755)) {
217 task_server_terminate(task
,
218 "Cannot create winbindd pipe directory", true);
222 /* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */
223 if (!directory_create_or_exist(lpcfg_winbindd_privileged_socket_directory(task
->lp_ctx
), geteuid(), 0750)) {
224 task_server_terminate(task
,
225 "Cannot create winbindd privileged pipe directory", true);
229 service
= talloc_zero(task
, struct wbsrv_service
);
230 if (!service
) goto nomem
;
231 service
->task
= task
;
234 /* Find the primary SID, depending if we are a standalone
235 * server (what good is winbind in this case, but anyway...),
236 * or are in a domain as a member or a DC */
237 switch (lpcfg_server_role(service
->task
->lp_ctx
)) {
238 case ROLE_STANDALONE
:
239 primary_sid
= secrets_get_domain_sid(service
,
240 service
->task
->event_ctx
,
241 service
->task
->lp_ctx
,
242 lpcfg_netbios_name(service
->task
->lp_ctx
),
243 &service
->sec_channel_type
,
246 char *message
= talloc_asprintf(task
,
247 "Cannot start Winbind (standalone configuration): %s: "
248 "Have you provisioned this server (%s) or changed it's name?",
249 errstring
, lpcfg_netbios_name(service
->task
->lp_ctx
));
250 task_server_terminate(task
, message
, true);
254 case ROLE_DOMAIN_MEMBER
:
255 primary_sid
= secrets_get_domain_sid(service
,
256 service
->task
->event_ctx
,
257 service
->task
->lp_ctx
,
258 lpcfg_workgroup(service
->task
->lp_ctx
),
259 &service
->sec_channel_type
,
262 char *message
= talloc_asprintf(task
, "Cannot start Winbind (domain member): %s: "
263 "Have you joined the %s domain?",
264 errstring
, lpcfg_workgroup(service
->task
->lp_ctx
));
265 task_server_terminate(task
, message
, true);
269 case ROLE_DOMAIN_CONTROLLER
:
270 primary_sid
= secrets_get_domain_sid(service
,
271 service
->task
->event_ctx
,
272 service
->task
->lp_ctx
,
273 lpcfg_workgroup(service
->task
->lp_ctx
),
274 &service
->sec_channel_type
,
277 char *message
= talloc_asprintf(task
, "Cannot start Winbind (domain controller): %s: "
278 "Have you provisioned the %s domain?",
279 errstring
, lpcfg_workgroup(service
->task
->lp_ctx
));
280 task_server_terminate(task
, message
, true);
285 service
->primary_sid
= primary_sid
;
287 service
->idmap_ctx
= idmap_init(service
, task
->event_ctx
, task
->lp_ctx
);
288 if (service
->idmap_ctx
== NULL
) {
289 task_server_terminate(task
, "Failed to load idmap database", true);
293 service
->priv_pipe_dir
= lpcfg_winbindd_privileged_socket_directory(task
->lp_ctx
);
294 service
->pipe_dir
= lpcfg_winbindd_socket_directory(task
->lp_ctx
);
296 /* setup the unprivileged samba3 socket */
297 listen_socket
= talloc(service
, struct wbsrv_listen_socket
);
298 if (!listen_socket
) goto nomem
;
299 listen_socket
->socket_path
= talloc_asprintf(listen_socket
, "%s/%s",
301 WINBINDD_SOCKET_NAME
);
302 if (!listen_socket
->socket_path
) goto nomem
;
303 listen_socket
->service
= service
;
304 listen_socket
->privileged
= false;
305 status
= stream_setup_socket(task
->event_ctx
, task
->lp_ctx
, model_ops
,
307 listen_socket
->socket_path
, &port
,
308 lpcfg_socket_options(task
->lp_ctx
),
310 if (!NT_STATUS_IS_OK(status
)) goto listen_failed
;
312 /* setup the privileged samba3 socket */
313 listen_socket
= talloc(service
, struct wbsrv_listen_socket
);
314 if (!listen_socket
) goto nomem
;
315 listen_socket
->socket_path
316 = talloc_asprintf(listen_socket
, "%s/%s",
317 service
->priv_pipe_dir
,
318 WINBINDD_SOCKET_NAME
);
319 if (!listen_socket
->socket_path
) goto nomem
;
320 listen_socket
->service
= service
;
321 listen_socket
->privileged
= true;
322 status
= stream_setup_socket(task
->event_ctx
, task
->lp_ctx
, model_ops
,
324 listen_socket
->socket_path
, &port
,
325 lpcfg_socket_options(task
->lp_ctx
),
327 if (!NT_STATUS_IS_OK(status
)) goto listen_failed
;
329 status
= wbsrv_init_irpc(service
);
330 if (!NT_STATUS_IS_OK(status
)) goto irpc_failed
;
335 DEBUG(0,("stream_setup_socket(path=%s) failed - %s\n",
336 listen_socket
->socket_path
, nt_errstr(status
)));
337 task_server_terminate(task
, nt_errstr(status
), true);
340 DEBUG(0,("wbsrv_init_irpc() failed - %s\n",
342 task_server_terminate(task
, nt_errstr(status
), true);
345 task_server_terminate(task
, nt_errstr(NT_STATUS_NO_MEMORY
), true);
350 register ourselves as a available server
352 NTSTATUS
server_service_winbind_init(void)
354 return register_server_service("winbind", winbind_task_init
);