2 Unix SMB/CIFS implementation.
4 Winbind daemon for ntdom nss module
6 Copyright (C) by Tim Potter 2000-2002
7 Copyright (C) Andrew Tridgell 2002
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 BOOL opt_nocache = False;
27 BOOL opt_dual_daemon = False;
29 /* Reload configuration */
31 static BOOL reload_services_file(BOOL test)
39 pstrcpy(fname,lp_configfile());
40 if (file_exist(fname,NULL) && !strcsequal(fname,dyn_CONFIGFILE)) {
41 pstrcpy(dyn_CONFIGFILE,fname);
46 snprintf(logfile, sizeof(logfile), "%s/log.winbindd", dyn_LOGFILEBASE);
47 lp_set_logfile(logfile);
50 ret = lp_load(dyn_CONFIGFILE,False,False,True);
52 snprintf(logfile, sizeof(logfile), "%s/log.winbindd", dyn_LOGFILEBASE);
53 lp_set_logfile(logfile);
61 /*******************************************************************
62 Print out all talloc memory info.
63 ********************************************************************/
65 void return_all_talloc_info(int msg_type, pid_t src_pid, void *buf, size_t len)
67 TALLOC_CTX *ctx = talloc_init("info context");
73 info = talloc_describe_all(ctx);
76 message_send_pid(src_pid, MSG_TALLOC_USAGE, info, info ? strlen(info) + 1: 0, True);
82 /**************************************************************************** **
83 Prepare to dump a core file - carefully!
84 **************************************************************************** */
86 static BOOL dump_core(void)
90 pstrcpy( dname, lp_logfile() );
91 if ((p=strrchr(dname,'/')))
93 pstrcat( dname, "/corefiles" );
95 sys_chown( dname, getuid(), getgid() );
101 #ifdef HAVE_GETRLIMIT
105 getrlimit( RLIMIT_CORE, &rlp );
106 rlp.rlim_cur = MAX( 4*1024*1024, rlp.rlim_cur );
107 setrlimit( RLIMIT_CORE, &rlp );
108 getrlimit( RLIMIT_CORE, &rlp );
109 DEBUG( 3, ( "Core limits now %d %d\n", (int)rlp.rlim_cur, (int)rlp.rlim_max ) );
114 DEBUG(0,("Dumping core in %s\n",dname));
120 /**************************************************************************** **
122 **************************************************************************** */
124 static void fault_quit(void)
131 static void winbindd_status(void)
133 struct winbindd_cli_state *tmp;
135 DEBUG(0, ("winbindd status:\n"));
137 /* Print client state information */
139 DEBUG(0, ("\t%d clients currently active\n", winbindd_num_clients()));
141 if (DEBUGLEVEL >= 2 && winbindd_num_clients()) {
142 DEBUG(2, ("\tclient list:\n"));
143 for(tmp = winbindd_client_list(); tmp; tmp = tmp->next) {
144 DEBUG(2, ("\t\tpid %d, sock %d, rbl %d, wbl %d\n",
145 tmp->pid, tmp->sock, tmp->read_buf_len,
146 tmp->write_buf_len));
151 /* Print winbindd status to log file */
153 static void print_winbindd_status(void)
156 winbindd_idmap_status();
157 winbindd_cm_status();
160 /* Flush client cache */
162 static void flush_caches(void)
164 /* Clear cached user and group enumation info */
165 wcache_flush_cache();
168 /* Handle the signal by unlinking socket and exiting */
170 static void terminate(void)
174 winbindd_idmap_close();
176 /* Remove socket file */
177 snprintf(path, sizeof(path), "%s/%s",
178 WINBINDD_SOCKET_DIR, WINBINDD_SOCKET_NAME);
183 static BOOL do_sigterm;
185 static void termination_handler(int signum)
191 static BOOL do_sigusr2;
193 static void sigusr2_handler(int signum)
199 static BOOL do_sighup;
201 static void sighup_handler(int signum)
207 struct dispatch_table {
208 enum winbindd_cmd cmd;
209 enum winbindd_result (*fn)(struct winbindd_cli_state *state);
210 const char *winbindd_cmd_name;
213 static struct dispatch_table dispatch_table[] = {
217 { WINBINDD_GETPWNAM, winbindd_getpwnam, "GETPWNAM" },
218 { WINBINDD_GETPWUID, winbindd_getpwuid, "GETPWUID" },
220 { WINBINDD_SETPWENT, winbindd_setpwent, "SETPWENT" },
221 { WINBINDD_ENDPWENT, winbindd_endpwent, "ENDPWENT" },
222 { WINBINDD_GETPWENT, winbindd_getpwent, "GETPWENT" },
224 { WINBINDD_GETGROUPS, winbindd_getgroups, "GETGROUPS" },
226 /* Group functions */
228 { WINBINDD_GETGRNAM, winbindd_getgrnam, "GETGRNAM" },
229 { WINBINDD_GETGRGID, winbindd_getgrgid, "GETGRGID" },
230 { WINBINDD_SETGRENT, winbindd_setgrent, "SETGRENT" },
231 { WINBINDD_ENDGRENT, winbindd_endgrent, "ENDGRENT" },
232 { WINBINDD_GETGRENT, winbindd_getgrent, "GETGRENT" },
233 { WINBINDD_GETGRLST, winbindd_getgrent, "GETGRLST" },
235 /* PAM auth functions */
237 { WINBINDD_PAM_AUTH, winbindd_pam_auth, "PAM_AUTH" },
238 { WINBINDD_PAM_AUTH_CRAP, winbindd_pam_auth_crap, "AUTH_CRAP" },
239 { WINBINDD_PAM_CHAUTHTOK, winbindd_pam_chauthtok, "CHAUTHTOK" },
241 /* Enumeration functions */
243 { WINBINDD_LIST_USERS, winbindd_list_users, "LIST_USERS" },
244 { WINBINDD_LIST_GROUPS, winbindd_list_groups, "LIST_GROUPS" },
245 { WINBINDD_LIST_TRUSTDOM, winbindd_list_trusted_domains, "LIST_TRUSTDOM" },
246 { WINBINDD_SHOW_SEQUENCE, winbindd_show_sequence, "SHOW_SEQUENCE" },
248 /* SID related functions */
250 { WINBINDD_LOOKUPSID, winbindd_lookupsid, "LOOKUPSID" },
251 { WINBINDD_LOOKUPNAME, winbindd_lookupname, "LOOKUPNAME" },
253 /* Lookup related functions */
255 { WINBINDD_SID_TO_UID, winbindd_sid_to_uid, "SID_TO_UID" },
256 { WINBINDD_SID_TO_GID, winbindd_sid_to_gid, "SID_TO_GID" },
257 { WINBINDD_GID_TO_SID, winbindd_gid_to_sid, "GID_TO_SID" },
258 { WINBINDD_UID_TO_SID, winbindd_uid_to_sid, "UID_TO_SID" },
262 { WINBINDD_CHECK_MACHACC, winbindd_check_machine_acct, "CHECK_MACHACC" },
263 { WINBINDD_PING, winbindd_ping, "PING" },
264 { WINBINDD_INFO, winbindd_info, "INFO" },
265 { WINBINDD_INTERFACE_VERSION, winbindd_interface_version, "INTERFACE_VERSION" },
266 { WINBINDD_DOMAIN_NAME, winbindd_domain_name, "DOMAIN_NAME" },
267 { WINBINDD_NETBIOS_NAME, winbindd_netbios_name, "NETBIOS_NAME" },
271 { WINBINDD_WINS_BYNAME, winbindd_wins_byname, "WINS_BYNAME" },
272 { WINBINDD_WINS_BYIP, winbindd_wins_byip, "WINS_BYIP" },
276 { WINBINDD_NUM_CMDS, NULL, "NONE" }
279 static void process_request(struct winbindd_cli_state *state)
281 struct dispatch_table *table = dispatch_table;
283 /* Free response data - we may be interrupted and receive another
284 command before being able to send this data off. */
286 SAFE_FREE(state->response.extra_data);
288 ZERO_STRUCT(state->response);
290 state->response.result = WINBINDD_ERROR;
291 state->response.length = sizeof(struct winbindd_response);
293 /* Process command */
295 for (table = dispatch_table; table->fn; table++) {
296 if (state->request.cmd == table->cmd) {
297 DEBUG(10,("process_request: request fn %s\n", table->winbindd_cmd_name ));
298 state->response.result = table->fn(state);
304 DEBUG(10,("process_request: unknown request fn number %d\n", (int)state->request.cmd ));
306 /* In case extra data pointer is NULL */
308 if (!state->response.extra_data)
309 state->response.length = sizeof(struct winbindd_response);
312 /* Process a new connection by adding it to the client connection list */
314 static void new_connection(int listen_sock)
316 struct sockaddr_un sunaddr;
317 struct winbindd_cli_state *state;
321 /* Accept connection */
323 len = sizeof(sunaddr);
326 sock = accept(listen_sock, (struct sockaddr *)&sunaddr, &len);
327 } while (sock == -1 && errno == EINTR);
332 DEBUG(6,("accepted socket %d\n", sock));
334 /* Create new connection structure */
336 if ((state = (struct winbindd_cli_state *)
337 malloc(sizeof(*state))) == NULL)
343 /* Add to connection list */
345 winbindd_add_client(state);
348 /* Remove a client connection from client connection list */
350 static void remove_client(struct winbindd_cli_state *state)
352 /* It's a dead client - hold a funeral */
360 /* Free any getent state */
362 free_getent_state(state->getpwent_state);
363 free_getent_state(state->getgrent_state);
365 /* We may have some extra data that was not freed if the
366 client was killed unexpectedly */
368 SAFE_FREE(state->response.extra_data);
370 /* Remove from list and free */
372 winbindd_remove_client(state);
378 /* Process a complete received packet from a client */
380 void winbind_process_packet(struct winbindd_cli_state *state)
382 /* Process request */
384 /* Ensure null termination of entire request */
385 state->request.null_term = '\0';
387 state->pid = state->request.pid;
389 process_request(state);
391 /* Update client state */
393 state->read_buf_len = 0;
394 state->write_buf_len = sizeof(struct winbindd_response);
396 /* we might need to send it to the dual daemon */
397 if (opt_dual_daemon) {
398 dual_send_request(state);
402 /* Read some data from a client connection */
404 void winbind_client_read(struct winbindd_cli_state *state)
410 n = sys_read(state->sock, state->read_buf_len +
411 (char *)&state->request,
412 sizeof(state->request) - state->read_buf_len);
414 DEBUG(10,("client_read: read %d bytes. Need %d more for a full request.\n", n, sizeof(state->request) - n - state->read_buf_len ));
416 /* Read failed, kill client */
418 if (n == -1 || n == 0) {
419 DEBUG(5,("read failed on sock %d, pid %d: %s\n",
420 state->sock, state->pid,
421 (n == -1) ? strerror(errno) : "EOF"));
423 state->finished = True;
427 /* Update client state */
429 state->read_buf_len += n;
432 /* Write some data to a client connection */
434 static void client_write(struct winbindd_cli_state *state)
439 /* Write some data */
441 if (!state->write_extra_data) {
443 /* Write response structure */
445 data = (char *)&state->response + sizeof(state->response) -
446 state->write_buf_len;
450 /* Write extra data */
452 data = (char *)state->response.extra_data +
453 state->response.length -
454 sizeof(struct winbindd_response) -
455 state->write_buf_len;
458 num_written = sys_write(state->sock, data, state->write_buf_len);
460 DEBUG(10,("client_write: wrote %d bytes.\n", num_written ));
462 /* Write failed, kill cilent */
464 if (num_written == -1 || num_written == 0) {
466 DEBUG(3,("write failed on sock %d, pid %d: %s\n",
467 state->sock, state->pid,
468 (num_written == -1) ? strerror(errno) : "EOF"));
470 state->finished = True;
472 SAFE_FREE(state->response.extra_data);
477 /* Update client state */
479 state->write_buf_len -= num_written;
481 /* Have we written all data? */
483 if (state->write_buf_len == 0) {
485 /* Take care of extra data */
487 if (state->write_extra_data) {
489 SAFE_FREE(state->response.extra_data);
491 state->write_extra_data = False;
493 DEBUG(10,("client_write: client_write: complete response written.\n"));
495 } else if (state->response.length >
496 sizeof(struct winbindd_response)) {
498 /* Start writing extra data */
500 state->write_buf_len =
501 state->response.length -
502 sizeof(struct winbindd_response);
504 DEBUG(10,("client_write: need to write %d extra data bytes.\n", (int)state->write_buf_len));
506 state->write_extra_data = True;
511 /* Process incoming clients on accept_sock. We use a tricky non-blocking,
512 non-forking, non-threaded model which allows us to handle many
513 simultaneous connections while remaining impervious to many denial of
516 static void process_loop(void)
518 /* We'll be doing this a lot */
521 struct winbindd_cli_state *state;
523 int maxfd, listen_sock, selret;
524 struct timeval timeout;
526 /* Handle messages */
530 /* rescan the trusted domains list. This must be done
531 regularly to cope with transitive trusts */
532 rescan_trusted_domains();
534 /* Free up temporary memory */
537 main_loop_talloc_free();
539 /* Initialise fd lists for select() */
541 listen_sock = open_winbindd_socket();
543 if (listen_sock == -1) {
544 perror("open_winbind_socket");
552 FD_SET(listen_sock, &r_fds);
554 timeout.tv_sec = WINBINDD_ESTABLISH_LOOP;
557 if (opt_dual_daemon) {
558 maxfd = dual_select_setup(&w_fds, maxfd);
561 /* Set up client readers and writers */
563 state = winbindd_client_list();
567 /* Dispose of client connection if it is marked as
570 if (state->finished) {
571 struct winbindd_cli_state *next = state->next;
573 remove_client(state);
578 /* Select requires we know the highest fd used */
580 if (state->sock > maxfd)
583 /* Add fd for reading */
585 if (state->read_buf_len != sizeof(state->request))
586 FD_SET(state->sock, &r_fds);
588 /* Add fd for writing */
590 if (state->write_buf_len)
591 FD_SET(state->sock, &w_fds);
598 selret = sys_select(maxfd + 1, &r_fds, &w_fds, NULL, &timeout);
603 if ((selret == -1 && errno != EINTR) || selret == 0) {
605 /* Select error, something is badly wrong */
611 /* Create a new connection if accept_sock readable */
615 if (opt_dual_daemon) {
619 if (FD_ISSET(listen_sock, &r_fds))
620 new_connection(listen_sock);
622 /* Process activity on client connections */
624 for (state = winbindd_client_list(); state;
625 state = state->next) {
627 /* Data available for reading */
629 if (FD_ISSET(state->sock, &r_fds)) {
633 winbind_client_read(state);
636 * If we have the start of a
637 * packet, then check the
638 * length field to make sure
639 * the client's not talking
643 if (state->read_buf_len >= sizeof(uint32)
644 && *(uint32 *) &state->request != sizeof(state->request)) {
645 DEBUG(0,("process_loop: Invalid request size from pid %d: %d bytes sent, should be %d\n",
646 state->request.pid, *(uint32 *) &state->request, sizeof(state->request)));
648 remove_client(state);
652 /* A request packet might be
655 if (state->read_buf_len ==
656 sizeof(state->request)) {
657 winbind_process_packet(state);
661 /* Data available for writing */
663 if (FD_ISSET(state->sock, &w_fds))
669 winbindd_check_cache_size(time(NULL));
672 /* Check signal handling things */
679 DEBUG(3, ("got SIGHUP\n"));
681 /* Flush various caches */
684 reload_services_file(True);
689 print_winbindd_status();
697 these are split out from the main winbindd for use by the background daemon
699 BOOL winbind_setup_common(void)
703 if (!secrets_init()) {
705 DEBUG(0,("Could not initialize domain trust account secrets. Giving up\n"));
709 namecache_enable(); /* Enable netbios namecache */
711 /* Check winbindd parameters are valid */
713 ZERO_STRUCT(server_state);
715 if (!winbindd_param_init())
718 /* Winbind daemon initialisation */
720 if (!winbindd_idmap_init())
723 /* Unblock all signals we are interested in as they may have been
724 blocked by the parent process. */
726 BlockSignals(False, SIGINT);
727 BlockSignals(False, SIGQUIT);
728 BlockSignals(False, SIGTERM);
729 BlockSignals(False, SIGUSR1);
730 BlockSignals(False, SIGUSR2);
731 BlockSignals(False, SIGHUP);
733 /* Setup signal handlers */
735 CatchSignal(SIGINT, termination_handler); /* Exit on these sigs */
736 CatchSignal(SIGQUIT, termination_handler);
737 CatchSignal(SIGTERM, termination_handler);
739 CatchSignal(SIGPIPE, SIG_IGN); /* Ignore sigpipe */
741 CatchSignal(SIGUSR2, sigusr2_handler); /* Debugging sigs */
742 CatchSignal(SIGHUP, sighup_handler);
750 struct winbindd_state server_state; /* Server state information */
753 static void usage(void)
755 printf("Usage: winbindd [options]\n");
756 printf("\t-F daemon in foreground mode\n");
757 printf("\t-S log to stdout\n");
758 printf("\t-i interactive mode\n");
759 printf("\t-B dual daemon mode\n");
760 printf("\t-n disable cacheing\n");
761 printf("\t-d level set debug level\n");
762 printf("\t-s configfile choose smb.conf location\n");
763 printf("\t-h show this help message\n");
766 int main(int argc, char **argv)
768 extern BOOL AllowDebugChange;
770 BOOL interactive = False;
772 BOOL log_stdout = False;
775 /* glibc (?) likes to print "User defined signal 1" and exit if a
776 SIGUSR[12] is received before a handler is installed */
778 CatchSignal(SIGUSR1, SIG_IGN);
779 CatchSignal(SIGUSR2, SIG_IGN);
781 fault_setup((void (*)(void *))fault_quit );
783 snprintf(logfile, sizeof(logfile), "%s/log.winbindd", dyn_LOGFILEBASE);
784 lp_set_logfile(logfile);
786 /* Initialise for running in non-root mode */
790 /* Set environment variable so we don't recursively call ourselves.
791 This may also be useful interactively. */
793 SETENV(WINBINDD_DONT_ENV, "1", 1);
795 /* Initialise samba/rpc client stuff */
797 while ((opt = getopt(argc, argv, "FSid:s:nhB")) != EOF) {
806 /* Don't become a daemon */
813 /* dual daemon system */
815 opt_dual_daemon = True;
818 /* disable cacheing */
823 /* Run with specified debug level */
825 DEBUGLEVEL = atoi(optarg);
826 AllowDebugChange = False;
829 /* Load a different smb.conf file */
831 pstrcpy(dyn_CONFIGFILE,optarg);
839 printf("Unknown option %c\n", (char)opt);
844 if (log_stdout && Fork) {
845 printf("Can't log to stdout (-S) unless daemon is in foreground +(-F) or interactive (-i)\n");
850 snprintf(logfile, sizeof(logfile), "%s/log.winbindd", dyn_LOGFILEBASE);
851 lp_set_logfile(logfile);
852 setup_logging("winbindd", log_stdout);
855 DEBUG(1, ("winbindd version %s started.\n", VERSION ) );
856 DEBUGADD( 1, ( "Copyright The Samba Team 2000-2001\n" ) );
858 if (!reload_services_file(False)) {
859 DEBUG(0, ("error opening config file\n"));
870 pidfile_create("winbindd");
876 * If we're interactive we want to set our own process group for
880 setpgid( (pid_t)0, (pid_t)0);
883 if (!winbind_setup_common()) {
887 if (opt_dual_daemon) {
891 /* Initialise messaging system */
893 if (!message_init()) {
894 DEBUG(0, ("unable to initialise messaging system\n"));
898 register_msg_pool_usage();
899 message_register(MSG_REQ_TALLOC_USAGE, return_all_talloc_info);
901 /* Loop waiting for requests */
905 trustdom_cache_shutdown();
906 uni_group_cache_shutdown();