2 Unix SMB/CIFS implementation.
4 winbind client common code
6 Copyright (C) Tim Potter 2000
7 Copyright (C) Andrew Tridgell 2000
8 Copyright (C) Andrew Bartlett 2002
11 This library is free software; you can redistribute it and/or
12 modify it under the terms of the GNU Lesser General Public
13 License as published by the Free Software Foundation; either
14 version 3 of the License, or (at your option) any later version.
16 This library is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Library General Public License for more details.
21 You should have received a copy of the GNU Lesser General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "system/select.h"
27 #include "winbind_client.h"
29 /* Global variables. These are effectively the client state information */
31 int winbindd_fd
= -1; /* fd for winbindd socket */
32 static int is_privileged
= 0;
34 /* Free a response structure */
36 void winbindd_free_response(struct winbindd_response
*response
)
38 /* Free any allocated extra_data */
41 SAFE_FREE(response
->extra_data
.data
);
44 /* Initialise a request structure */
46 static void winbindd_init_request(struct winbindd_request
*request
,
49 request
->length
= sizeof(struct winbindd_request
);
51 request
->cmd
= (enum winbindd_cmd
)request_type
;
52 request
->pid
= getpid();
56 /* Initialise a response structure */
58 static void init_response(struct winbindd_response
*response
)
60 /* Initialise return value */
62 response
->result
= WINBINDD_ERROR
;
65 /* Close established socket */
67 #if HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR
68 __attribute__((destructor
))
70 static void winbind_close_sock(void)
72 if (winbindd_fd
!= -1) {
78 #define CONNECT_TIMEOUT 30
80 /* Make sure socket handle isn't stdin, stdout or stderr */
81 #define RECURSION_LIMIT 3
83 static int make_nonstd_fd_internals(int fd
, int limit
/* Recursion limiter */)
86 if (fd
>= 0 && fd
<= 2) {
88 if ((new_fd
= fcntl(fd
, F_DUPFD
, 3)) == -1) {
106 /* use the program stack to hold our list of FDs to close */
107 new_fd
= make_nonstd_fd_internals(new_fd
, limit
- 1);
115 /****************************************************************************
116 Set a fd into blocking/nonblocking mode. Uses POSIX O_NONBLOCK if available,
120 Set close on exec also.
121 ****************************************************************************/
123 static int make_safe_fd(int fd
)
126 int new_fd
= make_nonstd_fd_internals(fd
, RECURSION_LIMIT
);
132 /* Socket should be nonblocking. */
134 #define FLAG_TO_SET O_NONBLOCK
137 #define FLAG_TO_SET O_NDELAY
139 #define FLAG_TO_SET FNDELAY
143 if ((flags
= fcntl(new_fd
, F_GETFL
)) == -1) {
148 flags
|= FLAG_TO_SET
;
149 if (fcntl(new_fd
, F_SETFL
, flags
) == -1) {
156 /* Socket should be closed on exec() */
158 result
= flags
= fcntl(new_fd
, F_GETFD
, 0);
161 result
= fcntl( new_fd
, F_SETFD
, flags
);
174 * @brief Check if we have priviliged access.
176 * This checks if we have uid_wrapper running and if yes turns it of so that we
177 * can check if we have access.
179 * @param[in] uid The uid to compare if we have access.
181 * @return If we have access it returns true, else false.
183 static bool winbind_privileged_access(uid_t uid
)
187 if (uid_wrapper_enabled()) {
188 setenv("UID_WRAPPER_MYUID", "1", 1);
193 if (uid_wrapper_enabled()) {
194 unsetenv("UID_WRAPPER_MYUID");
197 return (uid
== euid
);
200 /* Connect to winbindd socket */
202 static int winbind_named_pipe_sock(const char *dir
)
204 struct sockaddr_un sunaddr
;
211 /* Check permissions on unix socket directory */
213 if (lstat(dir
, &st
) == -1) {
218 /* This tells uid_wrapper to return the userid for the geteuid check */
219 if (!S_ISDIR(st
.st_mode
) ||
220 !winbind_privileged_access(st
.st_uid
)) {
225 /* Connect to socket */
227 if (asprintf(&path
, "%s/%s", dir
, WINBINDD_SOCKET_NAME
) < 0) {
231 ZERO_STRUCT(sunaddr
);
232 sunaddr
.sun_family
= AF_UNIX
;
233 strncpy(sunaddr
.sun_path
, path
, sizeof(sunaddr
.sun_path
) - 1);
235 /* If socket file doesn't exist, don't bother trying to connect
236 with retry. This is an attempt to make the system usable when
237 the winbindd daemon is not running. */
239 if (lstat(path
, &st
) == -1) {
246 /* Check permissions on unix socket file */
248 /* This tells uid_wrapper to return the userid for the geteuid check */
249 if (!S_ISSOCK(st
.st_mode
) ||
250 !winbind_privileged_access(st
.st_uid
)) {
255 /* Connect to socket */
257 if ((fd
= socket(AF_UNIX
, SOCK_STREAM
, 0)) == -1) {
261 /* Set socket non-blocking and close on exec. */
263 if ((fd
= make_safe_fd( fd
)) == -1) {
267 for (wait_time
= 0; connect(fd
, (struct sockaddr
*)&sunaddr
, sizeof(sunaddr
)) == -1;
268 wait_time
+= slept
) {
271 int connect_errno
= 0;
274 if (wait_time
>= CONNECT_TIMEOUT
)
280 pfd
.events
= POLLOUT
;
282 ret
= poll(&pfd
, 1, (CONNECT_TIMEOUT
- wait_time
) * 1000);
285 errnosize
= sizeof(connect_errno
);
287 ret
= getsockopt(fd
, SOL_SOCKET
,
288 SO_ERROR
, &connect_errno
, &errnosize
);
290 if (ret
>= 0 && connect_errno
== 0) {
291 /* Connect succeed */
296 slept
= CONNECT_TIMEOUT
;
299 slept
= rand() % 3 + 1;
318 static const char *winbindd_socket_dir(void)
320 if (nss_wrapper_enabled()) {
323 env_dir
= getenv("SELFTEST_WINBINDD_SOCKET_DIR");
324 if (env_dir
!= NULL
) {
329 return WINBINDD_SOCKET_DIR
;
332 /* Connect to winbindd socket */
334 static int winbind_open_pipe_sock(int recursing
, int need_priv
)
336 #ifdef HAVE_UNIXSOCKET
337 static pid_t our_pid
;
338 struct winbindd_request request
;
339 struct winbindd_response response
;
340 ZERO_STRUCT(request
);
341 ZERO_STRUCT(response
);
343 if (our_pid
!= getpid()) {
344 winbind_close_sock();
348 if ((need_priv
!= 0) && (is_privileged
== 0)) {
349 winbind_close_sock();
352 if (winbindd_fd
!= -1) {
360 if ((winbindd_fd
= winbind_named_pipe_sock(winbindd_socket_dir())) == -1) {
366 /* version-check the socket */
368 request
.wb_flags
= WBFLAG_RECURSE
;
369 if ((winbindd_request_response(WINBINDD_INTERFACE_VERSION
, &request
, &response
) != NSS_STATUS_SUCCESS
) || (response
.data
.interface_version
!= WINBIND_INTERFACE_VERSION
)) {
370 winbind_close_sock();
374 /* try and get priv pipe */
376 request
.wb_flags
= WBFLAG_RECURSE
;
377 if (winbindd_request_response(WINBINDD_PRIV_PIPE_DIR
, &request
, &response
) == NSS_STATUS_SUCCESS
) {
379 if ((fd
= winbind_named_pipe_sock((char *)response
.extra_data
.data
)) != -1) {
386 if ((need_priv
!= 0) && (is_privileged
== 0)) {
390 SAFE_FREE(response
.extra_data
.data
);
395 #endif /* HAVE_UNIXSOCKET */
398 /* Write data to winbindd socket */
400 static int winbind_write_sock(void *buffer
, int count
, int recursing
,
403 int fd
, result
, nwritten
;
405 /* Open connection to winbind daemon */
409 fd
= winbind_open_pipe_sock(recursing
, need_priv
);
415 /* Write data to socket */
419 while(nwritten
< count
) {
423 /* Catch pipe close on other end by checking if a read()
424 call would not block by calling poll(). */
427 pfd
.events
= POLLIN
|POLLOUT
|POLLHUP
;
429 ret
= poll(&pfd
, 1, -1);
431 winbind_close_sock();
432 return -1; /* poll error */
435 /* Write should be OK if fd not available for reading */
437 if ((ret
== 1) && (pfd
.revents
& (POLLIN
|POLLHUP
|POLLERR
))) {
439 /* Pipe has closed on remote end */
441 winbind_close_sock();
447 result
= write(fd
, (char *)buffer
+ nwritten
,
450 if ((result
== -1) || (result
== 0)) {
454 winbind_close_sock();
464 /* Read data from winbindd socket */
466 static int winbind_read_sock(void *buffer
, int count
)
472 fd
= winbind_open_pipe_sock(false, false);
477 /* Read data from socket */
478 while(nread
< count
) {
482 /* Catch pipe close on other end by checking if a read()
483 call would not block by calling poll(). */
486 pfd
.events
= POLLIN
|POLLHUP
;
488 /* Wait for 5 seconds for a reply. May need to parameterise this... */
490 ret
= poll(&pfd
, 1, 5000);
492 winbind_close_sock();
493 return -1; /* poll error */
497 /* Not ready for read yet... */
498 if (total_time
>= 30) {
500 winbind_close_sock();
507 if ((ret
== 1) && (pfd
.revents
& (POLLIN
|POLLHUP
|POLLERR
))) {
511 int result
= read(fd
, (char *)buffer
+ nread
,
514 if ((result
== -1) || (result
== 0)) {
516 /* Read failed. I think the only useful thing we
517 can do here is just return -1 and fail since the
518 transaction has failed half way through. */
520 winbind_close_sock();
534 static int winbindd_read_reply(struct winbindd_response
*response
)
536 int result1
, result2
= 0;
542 /* Read fixed length response */
544 result1
= winbind_read_sock(response
,
545 sizeof(struct winbindd_response
));
550 if (response
->length
< sizeof(struct winbindd_response
)) {
554 /* We actually send the pointer value of the extra_data field from
555 the server. This has no meaning in the client's address space
556 so we clear it out. */
558 response
->extra_data
.data
= NULL
;
560 /* Read variable length response */
562 if (response
->length
> sizeof(struct winbindd_response
)) {
563 int extra_data_len
= response
->length
-
564 sizeof(struct winbindd_response
);
566 /* Mallocate memory for extra data */
568 if (!(response
->extra_data
.data
= malloc(extra_data_len
))) {
572 result2
= winbind_read_sock(response
->extra_data
.data
,
575 winbindd_free_response(response
);
580 /* Return total amount of data read */
582 return result1
+ result2
;
586 * send simple types of requests
589 NSS_STATUS
winbindd_send_request(int req_type
, int need_priv
,
590 struct winbindd_request
*request
)
592 struct winbindd_request lrequest
;
594 /* Check for our tricky environment variable */
596 if (winbind_env_set()) {
597 return NSS_STATUS_NOTFOUND
;
601 ZERO_STRUCT(lrequest
);
605 /* Fill in request and send down pipe */
607 winbindd_init_request(request
, req_type
);
609 if (winbind_write_sock(request
, sizeof(*request
),
610 request
->wb_flags
& WBFLAG_RECURSE
,
613 /* Set ENOENT for consistency. Required by some apps */
616 return NSS_STATUS_UNAVAIL
;
619 if ((request
->extra_len
!= 0) &&
620 (winbind_write_sock(request
->extra_data
.data
,
622 request
->wb_flags
& WBFLAG_RECURSE
,
625 /* Set ENOENT for consistency. Required by some apps */
628 return NSS_STATUS_UNAVAIL
;
631 return NSS_STATUS_SUCCESS
;
635 * Get results from winbindd request
638 NSS_STATUS
winbindd_get_response(struct winbindd_response
*response
)
640 struct winbindd_response lresponse
;
643 ZERO_STRUCT(lresponse
);
644 response
= &lresponse
;
647 init_response(response
);
650 if (winbindd_read_reply(response
) == -1) {
651 /* Set ENOENT for consistency. Required by some apps */
654 return NSS_STATUS_UNAVAIL
;
657 /* Throw away extra data if client didn't request it */
658 if (response
== &lresponse
) {
659 winbindd_free_response(response
);
662 /* Copy reply data from socket */
663 if (response
->result
!= WINBINDD_OK
) {
664 return NSS_STATUS_NOTFOUND
;
667 return NSS_STATUS_SUCCESS
;
670 /* Handle simple types of requests */
672 NSS_STATUS
winbindd_request_response(int req_type
,
673 struct winbindd_request
*request
,
674 struct winbindd_response
*response
)
676 NSS_STATUS status
= NSS_STATUS_UNAVAIL
;
679 while ((status
== NSS_STATUS_UNAVAIL
) && (count
< 10)) {
680 status
= winbindd_send_request(req_type
, 0, request
);
681 if (status
!= NSS_STATUS_SUCCESS
)
683 status
= winbindd_get_response(response
);
690 NSS_STATUS
winbindd_priv_request_response(int req_type
,
691 struct winbindd_request
*request
,
692 struct winbindd_response
*response
)
694 NSS_STATUS status
= NSS_STATUS_UNAVAIL
;
697 while ((status
== NSS_STATUS_UNAVAIL
) && (count
< 10)) {
698 status
= winbindd_send_request(req_type
, 1, request
);
699 if (status
!= NSS_STATUS_SUCCESS
)
701 status
= winbindd_get_response(response
);