2 Unix SMB/CIFS implementation.
3 Main winbindd server routines
5 Copyright (C) Stefan Metzmacher 2005-2008
6 Copyright (C) Andrew Tridgell 2005
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2010
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "smbd/process_model.h"
25 #include "winbind/wb_server.h"
26 #include "lib/stream/packet.h"
27 #include "lib/tsocket/tsocket.h"
28 #include "libcli/util/tstream.h"
29 #include "param/param.h"
30 #include "param/secrets.h"
32 void wbsrv_terminate_connection(struct wbsrv_connection
*wbconn
, const char *reason
)
34 stream_terminate_connection(wbconn
->conn
, reason
);
37 static void wbsrv_call_loop(struct tevent_req
*subreq
)
39 struct wbsrv_connection
*wbsrv_conn
= tevent_req_callback_data(subreq
,
40 struct wbsrv_connection
);
41 struct wbsrv_samba3_call
*call
;
44 call
= talloc_zero(wbsrv_conn
, struct wbsrv_samba3_call
);
46 wbsrv_terminate_connection(wbsrv_conn
, "wbsrv_call_loop: "
47 "no memory for wbsrv_samba3_call");
50 call
->wbconn
= wbsrv_conn
;
52 status
= tstream_read_pdu_blob_recv(subreq
,
56 if (!NT_STATUS_IS_OK(status
)) {
59 reason
= talloc_asprintf(call
, "wbsrv_call_loop: "
60 "tstream_read_pdu_blob_recv() - %s",
63 reason
= nt_errstr(status
);
66 wbsrv_terminate_connection(wbsrv_conn
, reason
);
70 DEBUG(10,("Received winbind TCP packet of length %lu from %s\n",
71 (long) call
->in
.length
,
72 tsocket_address_string(wbsrv_conn
->conn
->remote_address
, call
)));
74 status
= wbsrv_samba3_process(call
);
75 if (!NT_STATUS_IS_OK(status
)) {
78 reason
= talloc_asprintf(wbsrv_conn
, "wbsrv_call_loop: "
79 "tstream_read_pdu_blob_recv() - %s",
82 reason
= nt_errstr(status
);
85 wbsrv_terminate_connection(wbsrv_conn
, reason
);
90 * The winbind pdu's has the length as 4 byte (initial_read_size),
91 * wbsrv_samba3_packet_full_request provides the pdu length then.
93 subreq
= tstream_read_pdu_blob_send(wbsrv_conn
,
94 wbsrv_conn
->conn
->event
.ctx
,
96 4, /* initial_read_size */
97 wbsrv_samba3_packet_full_request
,
100 wbsrv_terminate_connection(wbsrv_conn
, "wbsrv_call_loop: "
101 "no memory for tstream_read_pdu_blob_send");
104 tevent_req_set_callback(subreq
, wbsrv_call_loop
, wbsrv_conn
);
107 static void wbsrv_accept(struct stream_connection
*conn
)
109 struct wbsrv_listen_socket
*wbsrv_socket
= talloc_get_type(conn
->private_data
,
110 struct wbsrv_listen_socket
);
111 struct wbsrv_connection
*wbsrv_conn
;
112 struct tevent_req
*subreq
;
115 wbsrv_conn
= talloc_zero(conn
, struct wbsrv_connection
);
116 if (wbsrv_conn
== NULL
) {
117 stream_terminate_connection(conn
, "wbsrv_accept: out of memory");
121 wbsrv_conn
->send_queue
= tevent_queue_create(conn
, "wbsrv_accept");
122 if (wbsrv_conn
->send_queue
== NULL
) {
123 stream_terminate_connection(conn
,
124 "wbsrv_accept: out of memory");
128 TALLOC_FREE(conn
->event
.fde
);
130 rc
= tstream_bsd_existing_socket(wbsrv_conn
,
131 socket_get_fd(conn
->socket
),
132 &wbsrv_conn
->tstream
);
134 stream_terminate_connection(conn
,
135 "wbsrv_accept: out of memory");
139 wbsrv_conn
->conn
= conn
;
140 wbsrv_conn
->listen_socket
= wbsrv_socket
;
141 wbsrv_conn
->lp_ctx
= wbsrv_socket
->service
->task
->lp_ctx
;
142 conn
->private_data
= wbsrv_conn
;
145 * The winbind pdu's has the length as 4 byte (initial_read_size),
146 * wbsrv_samba3_packet_full_request provides the pdu length then.
148 subreq
= tstream_read_pdu_blob_send(wbsrv_conn
,
149 wbsrv_conn
->conn
->event
.ctx
,
151 4, /* initial_read_size */
152 wbsrv_samba3_packet_full_request
,
154 if (subreq
== NULL
) {
155 wbsrv_terminate_connection(wbsrv_conn
, "wbsrv_accept: "
156 "no memory for tstream_read_pdu_blob_send");
159 tevent_req_set_callback(subreq
, wbsrv_call_loop
, wbsrv_conn
);
165 static void wbsrv_recv(struct stream_connection
*conn
, uint16_t flags
)
167 struct wbsrv_connection
*wbsrv_conn
= talloc_get_type(conn
->private_data
,
168 struct wbsrv_connection
);
169 wbsrv_terminate_connection(wbsrv_conn
, "wbsrv_recv: called");
173 called when we can write to a connection
175 static void wbsrv_send(struct stream_connection
*conn
, uint16_t flags
)
177 struct wbsrv_connection
*wbsrv_conn
= talloc_get_type(conn
->private_data
,
178 struct wbsrv_connection
);
179 /* this should never be triggered! */
180 wbsrv_terminate_connection(wbsrv_conn
, "wbsrv_send: called");
183 static const struct stream_server_ops wbsrv_ops
= {
184 .name
= "winbind samba3 protocol",
185 .accept_connection
= wbsrv_accept
,
186 .recv_handler
= wbsrv_recv
,
187 .send_handler
= wbsrv_send
191 startup the winbind task
193 static void winbind_task_init(struct task_server
*task
)
196 const struct model_ops
*model_ops
;
198 struct wbsrv_service
*service
;
199 struct wbsrv_listen_socket
*listen_socket
;
201 struct dom_sid
*primary_sid
;
204 task_server_set_title(task
, "task[winbind]");
206 /* within the winbind task we want to be a single process, so
207 ask for the single process model ops and pass these to the
208 stream_setup_socket() call. */
209 model_ops
= process_model_startup("single");
211 task_server_terminate(task
,
212 "Can't find 'single' process model_ops", true);
216 /* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */
217 ok
= directory_create_or_exist_strict(lpcfg_winbindd_socket_directory(task
->lp_ctx
),
220 task_server_terminate(task
,
221 "Cannot create winbindd pipe directory", true);
225 /* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */
226 ok
= directory_create_or_exist_strict(lpcfg_winbindd_privileged_socket_directory(task
->lp_ctx
),
229 task_server_terminate(task
,
230 "Cannot create winbindd privileged pipe directory", true);
234 service
= talloc_zero(task
, struct wbsrv_service
);
235 if (!service
) goto nomem
;
236 service
->task
= task
;
239 /* Find the primary SID, depending if we are a standalone
240 * server (what good is winbind in this case, but anyway...),
241 * or are in a domain as a member or a DC */
242 switch (lpcfg_server_role(service
->task
->lp_ctx
)) {
243 case ROLE_STANDALONE
:
244 primary_sid
= secrets_get_domain_sid(service
,
245 service
->task
->lp_ctx
,
246 lpcfg_netbios_name(service
->task
->lp_ctx
),
247 &service
->sec_channel_type
,
250 char *message
= talloc_asprintf(task
,
251 "Cannot start Winbind (standalone configuration): %s: "
252 "Have you provisioned this server (%s) or changed it's name?",
253 errstring
, lpcfg_netbios_name(service
->task
->lp_ctx
));
254 task_server_terminate(task
, message
, true);
258 case ROLE_DOMAIN_MEMBER
:
259 primary_sid
= secrets_get_domain_sid(service
,
260 service
->task
->lp_ctx
,
261 lpcfg_workgroup(service
->task
->lp_ctx
),
262 &service
->sec_channel_type
,
265 char *message
= talloc_asprintf(task
, "Cannot start Winbind (domain member): %s: "
266 "Have you joined the %s domain?",
267 errstring
, lpcfg_workgroup(service
->task
->lp_ctx
));
268 task_server_terminate(task
, message
, true);
272 case ROLE_ACTIVE_DIRECTORY_DC
:
273 primary_sid
= secrets_get_domain_sid(service
,
274 service
->task
->lp_ctx
,
275 lpcfg_workgroup(service
->task
->lp_ctx
),
276 &service
->sec_channel_type
,
279 char *message
= talloc_asprintf(task
, "Cannot start Winbind (domain controller): %s: "
280 "Have you provisioned the %s domain?",
281 errstring
, lpcfg_workgroup(service
->task
->lp_ctx
));
282 task_server_terminate(task
, message
, true);
286 case ROLE_DOMAIN_PDC
:
287 case ROLE_DOMAIN_BDC
:
288 task_server_terminate(task
, "Cannot start 'samba' winbindd as a 'classic samba' DC: use winbindd instead", true);
291 service
->primary_sid
= primary_sid
;
293 service
->idmap_ctx
= idmap_init(service
, task
->event_ctx
, task
->lp_ctx
);
294 if (service
->idmap_ctx
== NULL
) {
295 task_server_terminate(task
, "Failed to load idmap database", true);
299 service
->priv_pipe_dir
= lpcfg_winbindd_privileged_socket_directory(task
->lp_ctx
);
300 service
->pipe_dir
= lpcfg_winbindd_socket_directory(task
->lp_ctx
);
302 /* setup the unprivileged samba3 socket */
303 listen_socket
= talloc(service
, struct wbsrv_listen_socket
);
304 if (!listen_socket
) goto nomem
;
305 listen_socket
->socket_path
= talloc_asprintf(listen_socket
, "%s/%s",
307 WINBINDD_SOCKET_NAME
);
308 if (!listen_socket
->socket_path
) goto nomem
;
309 listen_socket
->service
= service
;
310 listen_socket
->privileged
= false;
311 status
= stream_setup_socket(task
, task
->event_ctx
, task
->lp_ctx
, model_ops
,
313 listen_socket
->socket_path
, &port
,
314 lpcfg_socket_options(task
->lp_ctx
),
316 if (!NT_STATUS_IS_OK(status
)) goto listen_failed
;
318 /* setup the privileged samba3 socket */
319 listen_socket
= talloc(service
, struct wbsrv_listen_socket
);
320 if (!listen_socket
) goto nomem
;
321 listen_socket
->socket_path
322 = talloc_asprintf(listen_socket
, "%s/%s",
323 service
->priv_pipe_dir
,
324 WINBINDD_SOCKET_NAME
);
325 if (!listen_socket
->socket_path
) goto nomem
;
326 listen_socket
->service
= service
;
327 listen_socket
->privileged
= true;
328 status
= stream_setup_socket(task
, task
->event_ctx
, task
->lp_ctx
, model_ops
,
330 listen_socket
->socket_path
, &port
,
331 lpcfg_socket_options(task
->lp_ctx
),
333 if (!NT_STATUS_IS_OK(status
)) goto listen_failed
;
335 status
= wbsrv_init_irpc(service
);
336 if (!NT_STATUS_IS_OK(status
)) goto irpc_failed
;
341 DEBUG(0,("stream_setup_socket(path=%s) failed - %s\n",
342 listen_socket
->socket_path
, nt_errstr(status
)));
343 task_server_terminate(task
, nt_errstr(status
), true);
346 DEBUG(0,("wbsrv_init_irpc() failed - %s\n",
348 task_server_terminate(task
, nt_errstr(status
), true);
351 task_server_terminate(task
, nt_errstr(NT_STATUS_NO_MEMORY
), true);
356 register ourselves as a available server
358 NTSTATUS
server_service_winbind_init(void)
360 return register_server_service("winbind", winbind_task_init
);