#include "../libcli/named_pipe_auth/npa_tstream.h"
#include "smbd/process_model.h"
-NTSTATUS server_service_rpc_init(void);
+/*
+ * Need to run the majority of the RPC endpoints in a single process to allow
+ * for shared handles, and the sharing of ldb contexts.
+ *
+ * However other endpoints are capable of being run in multiple processes
+ * e.g. NETLOGON.
+ *
+ * To support this the process model is manipulated to force those end points
+ * not supporting multiple processes into the single process model. The code
+ * responsible for this is in dcesrv_init_endpoints
+ *
+ */
+NTSTATUS server_service_rpc_init(TALLOC_CTX *);
/*
- open the dcerpc server sockets
+ * Initialise the rpc endpoints.
+ */
+static NTSTATUS dcesrv_init_endpoints(struct task_server *task,
+ struct dcesrv_context *dce_ctx,
+ bool use_single_process)
+{
+
+ struct dcesrv_endpoint *e;
+ const struct model_ops *model_ops = NULL;
+
+ /*
+ * For those RPC services that run with shared context we need to
+ * ensure that they don't fork a new process on accept (standard_model).
+ * And as there is only one process handling these requests we need
+ * to handle accept errors in a similar manner to the single process
+ * model.
+ *
+ * To do this we override the process model operations with the single
+ * process operations. This is not the most elegant solution, but it is
+ * the least ugly, and is confined to the next block of code.
+ */
+ if (use_single_process == true) {
+ model_ops = process_model_startup("single");
+ if (model_ops == NULL) {
+ DBG_ERR("Unable to load single process model");
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ } else {
+ model_ops = task->model_ops;
+ }
+
+ for (e = dce_ctx->endpoint_list; e; e = e->next) {
+
+ enum dcerpc_transport_t transport =
+ dcerpc_binding_get_transport(e->ep_description);
+
+ if (transport == NCACN_HTTP) {
+ /*
+ * We don't support ncacn_http yet
+ */
+ continue;
+ }
+ if (e->use_single_process == use_single_process) {
+ NTSTATUS status;
+ status = dcesrv_add_ep(dce_ctx,
+ task->lp_ctx,
+ e,
+ task->event_ctx,
+ model_ops,
+ task->process_context);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ }
+ }
+ return NT_STATUS_OK;
+}
+/*
+ * Initialise the RPC service.
+ * And those end points that can be serviced by multiple processes.
+ * The endpoints that need to be run in a single process are setup in the
+ * post_fork hook.
*/
-static void dcesrv_task_init(struct task_server *task)
+static NTSTATUS dcesrv_task_init(struct task_server *task)
{
- NTSTATUS status;
+ NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
struct dcesrv_context *dce_ctx;
- struct dcesrv_endpoint *e;
- const struct model_ops *single_model_ops;
dcerpc_server_init(task->lp_ctx);
task_server_set_title(task, "task[dcesrv]");
- /*
- * run the rpc server as a single process to allow for shard
- * handles, and sharing of ldb contexts.
- *
- * We make an exception for NETLOGON below, and this follows
- * whatever the top level is.
- */
- single_model_ops = process_model_startup("single");
- if (!single_model_ops) goto failed;
-
status = dcesrv_init_context(task->event_ctx,
task->lp_ctx,
lpcfg_dcerpc_endpoint_servers(task->lp_ctx),
&dce_ctx);
- if (!NT_STATUS_IS_OK(status)) goto failed;
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
/* Make sure the directory for NCALRPC exists */
if (!directory_exist(lpcfg_ncalrpc_dir(task->lp_ctx))) {
mkdir(lpcfg_ncalrpc_dir(task->lp_ctx), 0755);
}
+ status = dcesrv_init_endpoints(task, dce_ctx, false);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
- for (e=dce_ctx->endpoint_list;e;e=e->next) {
- const struct model_ops *this_model_ops = single_model_ops;
-
- enum dcerpc_transport_t transport =
- dcerpc_binding_get_transport(e->ep_description);
-
- /*
- * Ensure that -Msingle sets e->use_single_process for
- * consistency
- */
+ task->private_data = dce_ctx;
+ return NT_STATUS_OK;
+}
- if (task->model_ops == single_model_ops) {
- e->use_single_process = true;
- }
+/*
+ * Initialise the endpoints that need to run in a single process fork.
+ * The endpoint registration is only done for the first process instance.
+ *
+ */
+static void dcesrv_post_fork(struct task_server *task,
+ struct process_details *pd)
+{
- if (transport == NCACN_HTTP) {
- /*
- * We don't support ncacn_http yet
- */
- continue;
+ NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+ struct dcesrv_context *dce_ctx;
- /*
- * For the next two cases, what we are trying
- * to do is put the NETLOGON server into the
- * standard process model, not single, as it
- * has no shared handles and takes a very high
- * load. We only do this for ncacn_np and
- * ncacn_ip_tcp as otherwise it is too hard as
- * all servers share a socket for ncalrpc and
- * unix.
- */
- } else if (e->use_single_process == false) {
- this_model_ops = task->model_ops;
- }
+ if (task->private_data == NULL) {
+ task_server_terminate(task, "dcerpc: No dcesrv_context", true);
+ return;
+ }
+ dce_ctx =
+ talloc_get_type_abort(task->private_data, struct dcesrv_context);
- status = dcesrv_add_ep(dce_ctx, task->lp_ctx, e, task->event_ctx,
- this_model_ops);
+ /*
+ * Ensure the single process endpoints are only available to the
+ * first instance.
+ */
+ if (pd->instances == 0) {
+ status = dcesrv_init_endpoints(task, dce_ctx, true);
if (!NT_STATUS_IS_OK(status)) {
- goto failed;
+ task_server_terminate(
+ task,
+ "dcerpc: Failed to initialise end points",
+ true);
+ return;
}
}
irpc_add_name(task->msg_ctx, "rpc_server");
- return;
-failed:
- task_server_terminate(task, "Failed to startup dcerpc server task", true);
}
-NTSTATUS server_service_rpc_init(void)
+NTSTATUS server_service_rpc_init(TALLOC_CTX *ctx)
{
- return register_server_service("rpc", dcesrv_task_init);
+ static const struct service_details details = {
+ .inhibit_fork_on_accept = false,
+ .inhibit_pre_fork = false,
+ .task_init = dcesrv_task_init,
+ .post_fork = dcesrv_post_fork};
+ return register_server_service(ctx, "rpc", &details);
}