s4-test: Use absolute path for 'samba4srcdir'
[Samba.git] / source4 / winbind / wb_server.c
blob96dab0acd525438c5d0d2c5057a56ce242147571
1 /*
2 Unix SMB/CIFS implementation.
3 Main winbindd server routines
5 Copyright (C) Stefan Metzmacher 2005-2008
6 Copyright (C) Andrew Tridgell 2005
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2010
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "includes.h"
24 #include "smbd/process_model.h"
25 #include "winbind/wb_server.h"
26 #include "lib/stream/packet.h"
27 #include "lib/tsocket/tsocket.h"
28 #include "libcli/util/tstream.h"
29 #include "param/param.h"
30 #include "param/secrets.h"
32 void wbsrv_terminate_connection(struct wbsrv_connection *wbconn, const char *reason)
34 stream_terminate_connection(wbconn->conn, reason);
37 static void wbsrv_call_loop(struct tevent_req *subreq)
39 struct wbsrv_connection *wbsrv_conn = tevent_req_callback_data(subreq,
40 struct wbsrv_connection);
41 struct wbsrv_samba3_call *call;
42 NTSTATUS status;
44 call = talloc_zero(wbsrv_conn, struct wbsrv_samba3_call);
45 if (call == NULL) {
46 wbsrv_terminate_connection(wbsrv_conn, "wbsrv_call_loop: "
47 "no memory for wbsrv_samba3_call");
48 return;
50 call->wbconn = wbsrv_conn;
52 status = tstream_read_pdu_blob_recv(subreq,
53 call,
54 &call->in);
55 TALLOC_FREE(subreq);
56 if (!NT_STATUS_IS_OK(status)) {
57 const char *reason;
59 reason = talloc_asprintf(call, "wbsrv_call_loop: "
60 "tstream_read_pdu_blob_recv() - %s",
61 nt_errstr(status));
62 if (!reason) {
63 reason = nt_errstr(status);
66 wbsrv_terminate_connection(wbsrv_conn, reason);
67 return;
70 DEBUG(10,("Received winbind TCP packet of length %lu from %s\n",
71 (long) call->in.length,
72 tsocket_address_string(wbsrv_conn->conn->remote_address, call)));
74 status = wbsrv_samba3_process(call);
75 if (!NT_STATUS_IS_OK(status)) {
76 const char *reason;
78 reason = talloc_asprintf(call, "wbsrv_call_loop: "
79 "tstream_read_pdu_blob_recv() - %s",
80 nt_errstr(status));
81 if (!reason) {
82 reason = nt_errstr(status);
85 wbsrv_terminate_connection(wbsrv_conn, reason);
86 return;
90 * The winbind pdu's has the length as 4 byte (initial_read_size),
91 * wbsrv_samba3_packet_full_request provides the pdu length then.
93 subreq = tstream_read_pdu_blob_send(wbsrv_conn,
94 wbsrv_conn->conn->event.ctx,
95 wbsrv_conn->tstream,
96 4, /* initial_read_size */
97 wbsrv_samba3_packet_full_request,
98 wbsrv_conn);
99 if (subreq == NULL) {
100 wbsrv_terminate_connection(wbsrv_conn, "wbsrv_call_loop: "
101 "no memory for tstream_read_pdu_blob_send");
102 return;
104 tevent_req_set_callback(subreq, wbsrv_call_loop, wbsrv_conn);
107 static void wbsrv_accept(struct stream_connection *conn)
109 struct wbsrv_listen_socket *wbsrv_socket = talloc_get_type(conn->private_data,
110 struct wbsrv_listen_socket);
111 struct wbsrv_connection *wbsrv_conn;
112 struct tevent_req *subreq;
113 int rc;
115 wbsrv_conn = talloc_zero(conn, struct wbsrv_connection);
116 if (wbsrv_conn == NULL) {
117 stream_terminate_connection(conn, "wbsrv_accept: out of memory");
118 return;
121 wbsrv_conn->send_queue = tevent_queue_create(conn, "wbsrv_accept");
122 if (wbsrv_conn->send_queue == NULL) {
123 stream_terminate_connection(conn,
124 "wbsrv_accept: out of memory");
125 return;
128 TALLOC_FREE(conn->event.fde);
130 rc = tstream_bsd_existing_socket(wbsrv_conn,
131 socket_get_fd(conn->socket),
132 &wbsrv_conn->tstream);
133 if (rc < 0) {
134 stream_terminate_connection(conn,
135 "wbsrv_accept: out of memory");
136 return;
139 wbsrv_conn->conn = conn;
140 wbsrv_conn->listen_socket = wbsrv_socket;
141 wbsrv_conn->lp_ctx = wbsrv_socket->service->task->lp_ctx;
142 conn->private_data = wbsrv_conn;
145 * The winbind pdu's has the length as 4 byte (initial_read_size),
146 * wbsrv_samba3_packet_full_request provides the pdu length then.
148 subreq = tstream_read_pdu_blob_send(wbsrv_conn,
149 wbsrv_conn->conn->event.ctx,
150 wbsrv_conn->tstream,
151 4, /* initial_read_size */
152 wbsrv_samba3_packet_full_request,
153 wbsrv_conn);
154 if (subreq == NULL) {
155 wbsrv_terminate_connection(wbsrv_conn, "wbsrv_accept: "
156 "no memory for tstream_read_pdu_blob_send");
157 return;
159 tevent_req_set_callback(subreq, wbsrv_call_loop, wbsrv_conn);
163 called on a tcp recv
165 static void wbsrv_recv(struct stream_connection *conn, uint16_t flags)
167 struct wbsrv_connection *wbsrv_conn = talloc_get_type(conn->private_data,
168 struct wbsrv_connection);
169 wbsrv_terminate_connection(wbsrv_conn, "wbsrv_recv: called");
173 called when we can write to a connection
175 static void wbsrv_send(struct stream_connection *conn, uint16_t flags)
177 struct wbsrv_connection *wbsrv_conn = talloc_get_type(conn->private_data,
178 struct wbsrv_connection);
179 /* this should never be triggered! */
180 wbsrv_terminate_connection(wbsrv_conn, "wbsrv_send: called");
183 static const struct stream_server_ops wbsrv_ops = {
184 .name = "winbind samba3 protocol",
185 .accept_connection = wbsrv_accept,
186 .recv_handler = wbsrv_recv,
187 .send_handler = wbsrv_send
191 startup the winbind task
193 static void winbind_task_init(struct task_server *task)
195 uint16_t port = 1;
196 const struct model_ops *model_ops;
197 NTSTATUS status;
198 struct wbsrv_service *service;
199 struct wbsrv_listen_socket *listen_socket;
200 char *errstring;
201 struct dom_sid *primary_sid;
203 task_server_set_title(task, "task[winbind]");
205 /* within the winbind task we want to be a single process, so
206 ask for the single process model ops and pass these to the
207 stream_setup_socket() call. */
208 model_ops = process_model_startup(task->event_ctx, "single");
209 if (!model_ops) {
210 task_server_terminate(task,
211 "Can't find 'single' process model_ops", true);
212 return;
215 /* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */
216 if (!directory_create_or_exist(lpcfg_winbindd_socket_directory(task->lp_ctx), geteuid(), 0755)) {
217 task_server_terminate(task,
218 "Cannot create winbindd pipe directory", true);
219 return;
222 /* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */
223 if (!directory_create_or_exist(lpcfg_winbindd_privileged_socket_directory(task->lp_ctx), geteuid(), 0750)) {
224 task_server_terminate(task,
225 "Cannot create winbindd privileged pipe directory", true);
226 return;
229 service = talloc_zero(task, struct wbsrv_service);
230 if (!service) goto nomem;
231 service->task = task;
234 /* Find the primary SID, depending if we are a standalone
235 * server (what good is winbind in this case, but anyway...),
236 * or are in a domain as a member or a DC */
237 switch (lpcfg_server_role(service->task->lp_ctx)) {
238 case ROLE_STANDALONE:
239 primary_sid = secrets_get_domain_sid(service,
240 service->task->event_ctx,
241 service->task->lp_ctx,
242 lpcfg_netbios_name(service->task->lp_ctx),
243 &service->sec_channel_type,
244 &errstring);
245 if (!primary_sid) {
246 char *message = talloc_asprintf(task,
247 "Cannot start Winbind (standalone configuration): %s: "
248 "Have you provisioned this server (%s) or changed it's name?",
249 errstring, lpcfg_netbios_name(service->task->lp_ctx));
250 task_server_terminate(task, message, true);
251 return;
253 break;
254 case ROLE_DOMAIN_MEMBER:
255 primary_sid = secrets_get_domain_sid(service,
256 service->task->event_ctx,
257 service->task->lp_ctx,
258 lpcfg_workgroup(service->task->lp_ctx),
259 &service->sec_channel_type,
260 &errstring);
261 if (!primary_sid) {
262 char *message = talloc_asprintf(task, "Cannot start Winbind (domain member): %s: "
263 "Have you joined the %s domain?",
264 errstring, lpcfg_workgroup(service->task->lp_ctx));
265 task_server_terminate(task, message, true);
266 return;
268 break;
269 case ROLE_DOMAIN_CONTROLLER:
270 primary_sid = secrets_get_domain_sid(service,
271 service->task->event_ctx,
272 service->task->lp_ctx,
273 lpcfg_workgroup(service->task->lp_ctx),
274 &service->sec_channel_type,
275 &errstring);
276 if (!primary_sid) {
277 char *message = talloc_asprintf(task, "Cannot start Winbind (domain controller): %s: "
278 "Have you provisioned the %s domain?",
279 errstring, lpcfg_workgroup(service->task->lp_ctx));
280 task_server_terminate(task, message, true);
281 return;
283 break;
285 service->primary_sid = primary_sid;
287 service->idmap_ctx = idmap_init(service, task->event_ctx, task->lp_ctx);
288 if (service->idmap_ctx == NULL) {
289 task_server_terminate(task, "Failed to load idmap database", true);
290 return;
293 service->priv_pipe_dir = lpcfg_winbindd_privileged_socket_directory(task->lp_ctx);
294 service->pipe_dir = lpcfg_winbindd_socket_directory(task->lp_ctx);
296 /* setup the unprivileged samba3 socket */
297 listen_socket = talloc(service, struct wbsrv_listen_socket);
298 if (!listen_socket) goto nomem;
299 listen_socket->socket_path = talloc_asprintf(listen_socket, "%s/%s",
300 service->pipe_dir,
301 WINBINDD_SOCKET_NAME);
302 if (!listen_socket->socket_path) goto nomem;
303 listen_socket->service = service;
304 listen_socket->privileged = false;
305 status = stream_setup_socket(task->event_ctx, task->lp_ctx, model_ops,
306 &wbsrv_ops, "unix",
307 listen_socket->socket_path, &port,
308 lpcfg_socket_options(task->lp_ctx),
309 listen_socket);
310 if (!NT_STATUS_IS_OK(status)) goto listen_failed;
312 /* setup the privileged samba3 socket */
313 listen_socket = talloc(service, struct wbsrv_listen_socket);
314 if (!listen_socket) goto nomem;
315 listen_socket->socket_path
316 = talloc_asprintf(listen_socket, "%s/%s",
317 service->priv_pipe_dir,
318 WINBINDD_SOCKET_NAME);
319 if (!listen_socket->socket_path) goto nomem;
320 listen_socket->service = service;
321 listen_socket->privileged = true;
322 status = stream_setup_socket(task->event_ctx, task->lp_ctx, model_ops,
323 &wbsrv_ops, "unix",
324 listen_socket->socket_path, &port,
325 lpcfg_socket_options(task->lp_ctx),
326 listen_socket);
327 if (!NT_STATUS_IS_OK(status)) goto listen_failed;
329 status = wbsrv_init_irpc(service);
330 if (!NT_STATUS_IS_OK(status)) goto irpc_failed;
332 return;
334 listen_failed:
335 DEBUG(0,("stream_setup_socket(path=%s) failed - %s\n",
336 listen_socket->socket_path, nt_errstr(status)));
337 task_server_terminate(task, nt_errstr(status), true);
338 return;
339 irpc_failed:
340 DEBUG(0,("wbsrv_init_irpc() failed - %s\n",
341 nt_errstr(status)));
342 task_server_terminate(task, nt_errstr(status), true);
343 return;
344 nomem:
345 task_server_terminate(task, nt_errstr(NT_STATUS_NO_MEMORY), true);
346 return;
350 register ourselves as a available server
352 NTSTATUS server_service_winbind_init(void)
354 return register_server_service("winbind", winbind_task_init);