#include "auth/auth.h"
#include "libcli/security/security.h"
#include "libcli/ldap/ldap_ndr.h"
-#include "lib/ldb/include/ldb.h"
-#include "lib/ldb/include/ldb_errors.h"
+#include <ldb.h>
+#include <ldb_errors.h>
#include "../lib/crypto/md5.h"
#include "system/network.h"
#include "system/passwd.h"
+NTSTATUS server_service_ntp_signd_init(TALLOC_CTX *);
+
/*
top level context structure for the ntp_signd server
*/
enum ndr_err_code ndr_err;
struct ldb_result *res;
const char *attrs[] = { "unicodePwd", "userAccountControl", "cn", NULL };
- struct MD5Context ctx;
+ MD5_CTX ctx;
struct samr_Password *nt_hash;
uint32_t user_account_control;
int ret;
}
if (res->count == 0) {
- DEBUG(5, ("Failed to find SID %s in SAM for NTP signing\n",
+ DEBUG(2, ("Failed to find SID %s in SAM for NTP signing\n",
dom_sid_string(mem_ctx, sid)));
+ return signing_failure(ntp_signd_conn,
+ mem_ctx,
+ output,
+ sign_request.packet_id);
} else if (res->count != 1) {
DEBUG(1, ("Found SID %s %u times in SAM for NTP signing\n",
dom_sid_string(mem_ctx, sid), res->count));
/*
startup the ntp_signd task
*/
-static void ntp_signd_task_init(struct task_server *task)
+static NTSTATUS ntp_signd_task_init(struct task_server *task)
{
struct ntp_signd_server *ntp_signd;
NTSTATUS status;
- const struct model_ops *model_ops;
-
const char *address;
- if (!directory_create_or_exist(lpcfg_ntp_signd_socket_directory(task->lp_ctx), geteuid(), 0755)) {
+ if (!directory_create_or_exist_strict(lpcfg_ntp_signd_socket_directory(task->lp_ctx), geteuid(), 0750)) {
char *error = talloc_asprintf(task, "Cannot create NTP signd pipe directory: %s",
lpcfg_ntp_signd_socket_directory(task->lp_ctx));
task_server_terminate(task,
error, true);
- return;
- }
-
- /* within the ntp_signd task we want to be a single process, so
- ask for the single process model ops and pass these to the
- stream_setup_socket() call. */
- model_ops = process_model_startup(task->event_ctx, "single");
- if (!model_ops) {
- DEBUG(0,("Can't find 'single' process model_ops\n"));
- return;
+ return NT_STATUS_UNSUCCESSFUL;
}
task_server_set_title(task, "task[ntp_signd]");
ntp_signd = talloc(task, struct ntp_signd_server);
if (ntp_signd == NULL) {
task_server_terminate(task, "ntp_signd: out of memory", true);
- return;
+ return NT_STATUS_NO_MEMORY;
}
ntp_signd->task = task;
/* Must be system to get at the password hashes */
- ntp_signd->samdb = samdb_connect(ntp_signd, task->event_ctx, task->lp_ctx, system_session(task->lp_ctx), 0);
+ ntp_signd->samdb = samdb_connect(ntp_signd,
+ task->event_ctx,
+ task->lp_ctx,
+ system_session(task->lp_ctx),
+ NULL,
+ 0);
if (ntp_signd->samdb == NULL) {
task_server_terminate(task, "ntp_signd failed to open samdb", true);
- return;
+ return NT_STATUS_UNSUCCESSFUL;
}
address = talloc_asprintf(ntp_signd, "%s/socket", lpcfg_ntp_signd_socket_directory(task->lp_ctx));
+ if (address == NULL) {
+ task_server_terminate(
+ task, "ntp_signd out of memory in talloc_asprintf()", true);
+ return NT_STATUS_NO_MEMORY;
+ }
- status = stream_setup_socket(ntp_signd->task->event_ctx,
+ status = stream_setup_socket(ntp_signd->task,
+ ntp_signd->task->event_ctx,
ntp_signd->task->lp_ctx,
- model_ops,
+ task->model_ops,
&ntp_signd_stream_ops,
"unix", address, NULL,
lpcfg_socket_options(ntp_signd->task->lp_ctx),
- ntp_signd);
+ ntp_signd,
+ ntp_signd->task->process_context);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("Failed to bind to %s - %s\n",
address, nt_errstr(status)));
- return;
+ return status;
}
+ return NT_STATUS_OK;
+
}
/* called at smbd startup - register ourselves as a server service */
-NTSTATUS server_service_ntp_signd_init(void)
+NTSTATUS server_service_ntp_signd_init(TALLOC_CTX *ctx)
{
- return register_server_service("ntp_signd", ntp_signd_task_init);
+ static const struct service_details details = {
+ .inhibit_fork_on_accept = true,
+ .inhibit_pre_fork = true,
+ .task_init = ntp_signd_task_init,
+ .post_fork = NULL
+ };
+ return register_server_service(ctx, "ntp_signd", &details);
}