2 * Unix SMB/CIFS implementation.
6 * Copyright (c) 2011 Andreas Schneider <asn@samba.org>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
27 #include "../lib/tsocket/tsocket.h"
28 #include "lib/server_prefork.h"
29 #include "librpc/rpc/dcerpc_ep.h"
31 #include "rpc_server/rpc_server.h"
32 #include "rpc_server/rpc_ep_register.h"
33 #include "rpc_server/rpc_sock_helper.h"
35 #include "librpc/gen_ndr/srv_lsa.h"
36 #include "librpc/gen_ndr/srv_samr.h"
37 #include "librpc/gen_ndr/srv_netlogon.h"
39 #define DAEMON_NAME "lsasd"
41 #define LSASD_MIN_CHILDREN 5
42 #define LSASD_MAX_CHILDREN 25
43 #define LSASD_SPAWN_RATE 5
44 #define LSASD_MIN_LIFE 60 /* 1 minute minimum life time */
46 #define LSASD_MAX_SOCKETS 64
48 #define LSASD_ALL_FINE 0x00
49 #define LSASD_NEW_MAX 0x01
50 #define LSASD_ENOSPC 0x02
52 static int lsasd_min_children;
53 static int lsasd_max_children;
54 static int lsasd_spawn_rate;
55 static int lsasd_prefork_status;
57 void start_lsasd(struct tevent_context *ev_ctx,
58 struct messaging_context *msg_ctx);
60 static void lsasd_prefork_config(void)
62 static int lsasd_prefork_config_init = false;
63 const char *prefork_str;
65 bool use_defaults = false;
68 if (!lsasd_prefork_config_init) {
69 lsasd_prefork_status = LSASD_ALL_FINE;
70 lsasd_min_children = 0;
71 lsasd_max_children = 0;
73 lsasd_prefork_config_init = true;
76 prefork_str = lp_parm_const_string(GLOBAL_SECTION_SNUM,
77 "lsasd", "prefork", "none");
78 if (strcmp(prefork_str, "none") == 0) {
81 ret = sscanf(prefork_str, "%d:%d:%d", &min, &max, &rate);
83 DEBUG(0, ("invalid format for lsasd:prefork!\n"));
89 min = LSASD_MIN_CHILDREN;
90 max = LSASD_MAX_CHILDREN;
91 rate = LSASD_SPAWN_RATE;
94 if (max > lsasd_max_children && lsasd_max_children != 0) {
95 lsasd_prefork_status |= LSASD_NEW_MAX;
98 lsasd_min_children = min;
99 lsasd_max_children = max;
100 lsasd_spawn_rate = rate;
103 static void lsasd_reopen_logs(int child_id)
105 char *lfile = lp_logfile();
110 rc = asprintf(&extension, "%s.%d", DAEMON_NAME, child_id);
112 rc = asprintf(&extension, "%s", DAEMON_NAME);
119 if (lfile == NULL || lfile[0] == '\0') {
120 rc = asprintf(&lfile, "%s/log.%s",
121 get_dyn_LOGFILEBASE(), extension);
123 if (strstr(lfile, extension) == NULL) {
125 rc = asprintf(&lfile, "%s.%d",
129 rc = asprintf(&lfile, "%s.%s",
137 lp_set_logfile(lfile);
141 SAFE_FREE(extension);
146 static void lsasd_smb_conf_updated(struct messaging_context *msg,
149 struct server_id server_id,
152 DEBUG(10, ("Got message saying smb.conf was updated. Reloading.\n"));
153 change_to_root_user();
154 lp_load(get_dyn_CONFIGFILE(), true, false, false, true);
156 lsasd_reopen_logs(0);
157 lsasd_prefork_config();
160 static void lsasd_sig_term_handler(struct tevent_context *ev,
161 struct tevent_signal *se,
167 rpc_netlogon_shutdown();
169 rpc_lsarpc_shutdown();
171 DEBUG(0, ("termination signal\n"));
175 static void lsasd_setup_sig_term_handler(struct tevent_context *ev_ctx)
177 struct tevent_signal *se;
179 se = tevent_add_signal(ev_ctx,
182 lsasd_sig_term_handler,
185 DEBUG(0, ("failed to setup SIGTERM handler\n"));
190 struct lsasd_hup_ctx {
191 struct messaging_context *msg_ctx;
192 struct prefork_pool *pfp;
195 static void lsasd_sig_hup_handler(struct tevent_context *ev,
196 struct tevent_signal *se,
202 struct lsasd_hup_ctx *hup_ctx;
204 hup_ctx = talloc_get_type_abort(pvt, struct lsasd_hup_ctx);
206 change_to_root_user();
207 lp_load(get_dyn_CONFIGFILE(), true, false, false, true);
209 lsasd_reopen_logs(0);
210 lsasd_prefork_config();
212 /* relay to all children */
213 prefork_send_signal_to_all(hup_ctx->pfp, SIGHUP);
216 static void lsasd_setup_sig_hup_handler(struct tevent_context *ev_ctx,
217 struct prefork_pool *pfp,
218 struct messaging_context *msg_ctx)
220 struct lsasd_hup_ctx *hup_ctx;
221 struct tevent_signal *se;
223 hup_ctx = talloc(ev_ctx, struct lsasd_hup_ctx);
225 DEBUG(0, ("failed to setup SIGHUP handler\n"));
229 hup_ctx->msg_ctx = msg_ctx;
231 se = tevent_add_signal(ev_ctx,
234 lsasd_sig_hup_handler,
237 DEBUG(0, ("failed to setup SIGHUP handler\n"));
242 /**********************************************************
244 **********************************************************/
246 struct lsasd_chld_sig_hup_ctx {
247 struct messaging_context *msg_ctx;
248 struct pf_worker_data *pf;
252 static void lsasd_chld_sig_hup_handler(struct tevent_context *ev,
253 struct tevent_signal *se,
259 struct lsasd_chld_sig_hup_ctx *shc;
261 shc = talloc_get_type_abort(pvt, struct lsasd_chld_sig_hup_ctx);
263 /* avoid wasting CPU cycles if we are going to exit soon anyways */
264 if (shc->pf != NULL &&
265 shc->pf->cmds == PF_SRV_MSG_EXIT) {
269 change_to_root_user();
270 lsasd_reopen_logs(shc->child_id);
273 static bool lsasd_setup_chld_hup_handler(struct tevent_context *ev_ctx,
274 struct pf_worker_data *pf,
275 struct messaging_context *msg_ctx,
278 struct lsasd_chld_sig_hup_ctx *shc;
279 struct tevent_signal *se;
281 shc = talloc(ev_ctx, struct lsasd_chld_sig_hup_ctx);
283 DEBUG(1, ("failed to setup SIGHUP handler"));
286 shc->child_id = child_id;
288 shc->msg_ctx = msg_ctx;
290 se = tevent_add_signal(ev_ctx,
293 lsasd_chld_sig_hup_handler,
296 DEBUG(1, ("failed to setup SIGHUP handler"));
303 static bool lsasd_child_init(struct tevent_context *ev_ctx,
305 struct pf_worker_data *pf)
308 struct messaging_context *msg_ctx = server_messaging_context();
311 status = reinit_after_fork(msg_ctx, ev_ctx,
312 procid_self(), true);
313 if (!NT_STATUS_IS_OK(status)) {
314 DEBUG(0,("reinit_after_fork() failed\n"));
315 smb_panic("reinit_after_fork() failed");
318 lsasd_reopen_logs(child_id);
320 ok = lsasd_setup_chld_hup_handler(ev_ctx, pf, msg_ctx, child_id);
325 if (!serverid_register(procid_self(), FLAG_MSG_GENERAL)) {
329 messaging_register(msg_ctx, ev_ctx,
330 MSG_SMB_CONF_UPDATED, lsasd_smb_conf_updated);
332 status = rpc_lsarpc_init(NULL);
333 if (!NT_STATUS_IS_OK(status)) {
334 DEBUG(0, ("Failed to register lsarpc rpc inteface! (%s)\n",
339 status = rpc_samr_init(NULL);
340 if (!NT_STATUS_IS_OK(status)) {
341 DEBUG(0, ("Failed to register samr rpc inteface! (%s)\n",
346 status = rpc_netlogon_init(NULL);
347 if (!NT_STATUS_IS_OK(status)) {
348 DEBUG(0, ("Failed to register netlogon rpc inteface! (%s)\n",
356 struct lsasd_children_data {
357 struct tevent_context *ev_ctx;
358 struct messaging_context *msg_ctx;
360 struct pf_worker_data *pf;
368 static void lsasd_next_client(void *pvt);
370 static int lsasd_children_main(struct tevent_context *ev_ctx,
371 struct messaging_context *msg_ctx,
372 struct pf_worker_data *pf,
379 struct lsasd_children_data *data;
383 ok = lsasd_child_init(ev_ctx, child_id, pf);
388 data = talloc(ev_ctx, struct lsasd_children_data);
392 data->child_id = child_id;
394 data->ev_ctx = ev_ctx;
395 data->msg_ctx = msg_ctx;
396 data->lock_fd = lock_fd;
397 data->listen_fd_size = listen_fd_size;
398 data->listen_fds = listen_fds;
399 data->listening = false;
401 /* loop until it is time to exit */
402 while (pf->status != PF_WORKER_EXITING) {
403 /* try to see if it is time to schedule the next client */
404 lsasd_next_client(data);
406 ret = tevent_loop_once(ev_ctx);
408 DEBUG(0, ("tevent_loop_once() exited with %d: %s\n",
409 ret, strerror(errno)));
410 pf->status = PF_WORKER_EXITING;
417 static void lsasd_client_terminated(void *pvt)
419 struct lsasd_children_data *data;
421 data = talloc_get_type_abort(pvt, struct lsasd_children_data);
423 if (data->pf->num_clients) {
424 data->pf->num_clients--;
426 DEBUG(2, ("Invalid num clients, aborting!\n"));
427 data->pf->status = PF_WORKER_EXITING;
431 lsasd_next_client(pvt);
434 struct lsasd_new_client {
435 struct lsasd_children_data *data;
438 static void lsasd_handle_client(struct tevent_req *req);
440 static void lsasd_next_client(void *pvt)
442 struct tevent_req *req;
443 struct lsasd_children_data *data;
444 struct lsasd_new_client *next;
446 data = talloc_get_type_abort(pvt, struct lsasd_children_data);
448 if (data->pf->num_clients == 0) {
449 data->pf->status = PF_WORKER_IDLE;
452 if (data->pf->cmds == PF_SRV_MSG_EXIT) {
453 DEBUG(2, ("Parent process commands we terminate!\n"));
457 if (data->listening ||
458 data->pf->num_clients >= data->pf->allowed_clients) {
459 /* nothing to do for now we are already listening
460 * or reached the number of clients we are allowed
461 * to handle in parallel */
465 next = talloc_zero(data, struct lsasd_new_client);
467 DEBUG(1, ("Out of memory!?\n"));
472 req = prefork_listen_send(next,
475 data->listen_fd_size,
479 DEBUG(1, ("Failed to make listening request!?\n"));
483 tevent_req_set_callback(req, lsasd_handle_client, next);
485 data->listening = true;
488 static void lsasd_handle_client(struct tevent_req *req)
490 struct lsasd_children_data *data;
491 struct lsasd_new_client *client;
495 struct tsocket_address *srv_addr;
496 struct tsocket_address *cli_addr;
498 client = tevent_req_callback_data(req, struct lsasd_new_client);
501 tmp_ctx = talloc_stackframe();
502 if (tmp_ctx == NULL) {
503 DEBUG(1, ("Failed to allocate stackframe!\n"));
507 rc = prefork_listen_recv(req,
513 /* this will free the request too */
515 /* we are done listening */
516 data->listening = false;
519 DEBUG(1, ("Failed to accept client connection!\n"));
520 /* bail out if we are not serving any other client */
521 if (data->pf->num_clients == 0) {
522 data->pf->status = PF_WORKER_EXITING;
528 DEBUG(1, ("Server asks us to die!\n"));
529 data->pf->status = PF_WORKER_EXITING;
533 DEBUG(2, ("LSASD preforked child %d got client connection!\n",
534 (int)(data->pf->pid)));
536 if (tsocket_address_is_inet(srv_addr, "ip")) {
537 DEBUG(3, ("Got a tcpip client connection from %s on inteface %s\n",
538 tsocket_address_string(cli_addr, tmp_ctx),
539 tsocket_address_string(srv_addr, tmp_ctx)));
541 dcerpc_ncacn_accept(data->ev_ctx,
549 } else if (tsocket_address_is_unix(srv_addr)) {
552 p = tsocket_address_unix_path(srv_addr, tmp_ctx);
554 talloc_free(tmp_ctx);
558 if (strstr(p, "/np/")) {
561 named_pipe_accept_function(data->ev_ctx,
565 lsasd_client_terminated,
570 dcerpc_ncacn_accept(data->ev_ctx,
580 DEBUG(0, ("ERROR: Unsupported socket!\n"));
583 talloc_free(tmp_ctx);
590 static bool lsasd_schedule_check(struct tevent_context *ev_ctx,
591 struct messaging_context *msg_ctx,
592 struct prefork_pool *pfp,
593 struct timeval current_time);
595 static void lsasd_check_children(struct tevent_context *ev_ctx,
596 struct tevent_timer *te,
597 struct timeval current_time,
600 static void lsasd_sigchld_handler(struct tevent_context *ev_ctx,
601 struct prefork_pool *pfp,
604 struct messaging_context *msg_ctx;
608 msg_ctx = talloc_get_type_abort(pvt, struct messaging_context);
610 /* now check we do not descend below the minimum */
611 active = prefork_count_active_children(pfp, &total);
614 if (total < lsasd_min_children) {
615 n = total - lsasd_min_children;
616 } else if (total - active < (total / 4)) {
617 n = lsasd_min_children;
621 r = prefork_add_children(ev_ctx, msg_ctx, pfp, n);
623 DEBUG(10, ("Tried to start %d children but only,"
624 "%d were actually started.!\n", n, r));
629 static bool lsasd_setup_children_monitor(struct tevent_context *ev_ctx,
630 struct messaging_context *msg_ctx,
631 struct prefork_pool *pfp)
635 /* add our oun sigchld callback */
636 prefork_set_sigchld_callback(pfp, lsasd_sigchld_handler, msg_ctx);
638 ok = lsasd_schedule_check(ev_ctx,
641 tevent_timeval_current());
646 struct schedule_check_state {
647 struct messaging_context *msg_ctx;
648 struct prefork_pool *pfp;
651 static bool lsasd_schedule_check(struct tevent_context *ev_ctx,
652 struct messaging_context *msg_ctx,
653 struct prefork_pool *pfp,
654 struct timeval current_time)
656 struct tevent_timer *te;
657 struct timeval next_event;
658 struct schedule_check_state *state;
660 state = talloc(ev_ctx, struct schedule_check_state);
662 DEBUG(0, ("Out of memory!\n"));
665 state->msg_ctx = msg_ctx;
668 /* check situation again in 10 seconds */
669 next_event = tevent_timeval_current_ofs(10, 0);
671 /* TODO: check when the socket becomes readable, so that children
672 * are checked only when there is some activity ? */
673 te = tevent_add_timer(ev_ctx,
676 lsasd_check_children,
679 DEBUG(2, ("Failed to set up children monitoring!\n"));
683 talloc_steal(te, state);
688 static void lsasd_check_children(struct tevent_context *ev_ctx,
689 struct tevent_timer *te,
690 struct timeval current_time,
693 struct schedule_check_state *state;
698 state = talloc_get_type_abort(pvt, struct schedule_check_state);
700 if ((lsasd_prefork_status & LSASD_NEW_MAX) &&
701 !(lsasd_prefork_status & LSASD_ENOSPC)) {
702 rc = prefork_expand_pool(state->pfp, lsasd_max_children);
704 lsasd_prefork_status |= LSASD_ENOSPC;
706 lsasd_prefork_status &= ~LSASD_NEW_MAX;
709 active = prefork_count_active_children(state->pfp, &total);
711 if (total - active < lsasd_spawn_rate) {
712 n = prefork_add_children(ev_ctx,
716 if (n < lsasd_spawn_rate) {
717 DEBUG(10, ("Tried to start 5 children but only,"
718 "%d were actually started.!\n", n));
722 if (total - active > lsasd_min_children) {
723 if ((total - lsasd_min_children) >= lsasd_spawn_rate) {
724 prefork_retire_children(state->pfp,
726 time(NULL) - LSASD_MIN_LIFE);
730 ok = lsasd_schedule_check(ev_ctx,
740 static bool lsasd_create_sockets(struct tevent_context *ev_ctx,
741 struct messaging_context *msg_ctx,
745 struct dcerpc_binding_vector *v, *v_orig;
753 tmp_ctx = talloc_stackframe();
754 if (tmp_ctx == NULL) {
758 status = dcerpc_binding_vector_new(tmp_ctx, &v_orig);
759 if (!NT_STATUS_IS_OK(status)) {
764 /* Create only one tcpip listener for all services */
765 status = rpc_create_tcpip_sockets(&ndr_table_lsarpc,
770 if (!NT_STATUS_IS_OK(status)) {
775 /* Start to listen on tcpip sockets */
776 for (i = 0; i < *listen_fd_size; i++) {
777 rc = listen(listen_fd[i], lsasd_max_children);
779 DEBUG(0, ("Failed to listen on tcpip socket - %s\n",
787 fd = create_named_pipe_socket("lsarpc");
792 listen_fd[*listen_fd_size] = fd;
795 rc = listen(fd, lsasd_max_children);
797 DEBUG(0, ("Failed to listen on lsarpc pipe - %s\n",
803 v = dcerpc_binding_vector_dup(tmp_ctx, v_orig);
809 status = dcerpc_binding_vector_replace_iface(&ndr_table_lsarpc, v);
810 if (!NT_STATUS_IS_OK(status)) {
814 status = dcerpc_binding_vector_add_np_default(&ndr_table_lsarpc, v);
815 if (!NT_STATUS_IS_OK(status)) {
820 status = rpc_ep_register(ev_ctx, msg_ctx, &ndr_table_lsarpc, v);
821 if (!NT_STATUS_IS_OK(status)) {
827 fd = create_named_pipe_socket("samr");
833 rc = listen(fd, lsasd_max_children);
835 DEBUG(0, ("Failed to listen on samr pipe - %s\n",
840 listen_fd[*listen_fd_size] = fd;
843 v = dcerpc_binding_vector_dup(tmp_ctx, v_orig);
849 status = dcerpc_binding_vector_replace_iface(&ndr_table_samr, v);
850 if (!NT_STATUS_IS_OK(status)) {
854 status = dcerpc_binding_vector_add_np_default(&ndr_table_samr, v);
855 if (!NT_STATUS_IS_OK(status)) {
860 status = rpc_ep_register(ev_ctx, msg_ctx, &ndr_table_samr, v);
861 if (!NT_STATUS_IS_OK(status)) {
867 fd = create_named_pipe_socket("netlogon");
873 rc = listen(fd, lsasd_max_children);
875 DEBUG(0, ("Failed to listen on samr pipe - %s\n",
880 listen_fd[*listen_fd_size] = fd;
883 v = dcerpc_binding_vector_dup(tmp_ctx, v_orig);
889 status = dcerpc_binding_vector_replace_iface(&ndr_table_netlogon, v);
890 if (!NT_STATUS_IS_OK(status)) {
894 status = dcerpc_binding_vector_add_np_default(&ndr_table_netlogon, v);
895 if (!NT_STATUS_IS_OK(status)) {
900 status = rpc_ep_register(ev_ctx, msg_ctx, &ndr_table_netlogon, v);
901 if (!NT_STATUS_IS_OK(status)) {
907 talloc_free(tmp_ctx);
911 void start_lsasd(struct tevent_context *ev_ctx,
912 struct messaging_context *msg_ctx)
914 struct prefork_pool *pool;
916 int listen_fd[LSASD_MAX_SOCKETS];
917 int listen_fd_size = 0;
922 DEBUG(1, ("Forking LSA Service Daemon\n"));
925 * Block signals before forking child as it will have to
926 * set its own handlers. Child will re-enable SIGHUP as
927 * soon as the handlers are set up.
929 BlockSignals(true, SIGTERM);
930 BlockSignals(true, SIGHUP);
934 DEBUG(0, ("Failed to fork LSASD [%s], aborting ...\n",
939 /* parent or error */
942 /* Re-enable SIGHUP before returnig */
943 BlockSignals(false, SIGTERM);
944 BlockSignals(false, SIGHUP);
950 close_low_fds(false);
952 status = reinit_after_fork(msg_ctx,
954 procid_self(), true);
955 if (!NT_STATUS_IS_OK(status)) {
956 DEBUG(0,("reinit_after_fork() failed\n"));
957 smb_panic("reinit_after_fork() failed");
960 lsasd_reopen_logs(0);
961 lsasd_prefork_config();
963 lsasd_setup_sig_term_handler(ev_ctx);
964 lsasd_setup_sig_hup_handler(ev_ctx, pool, msg_ctx);
966 BlockSignals(false, SIGTERM);
967 BlockSignals(false, SIGHUP);
969 ok = lsasd_create_sockets(ev_ctx, msg_ctx, listen_fd, &listen_fd_size);
974 /* start children before any more initialization is done */
975 ok = prefork_create_pool(ev_ctx, /* mem_ctx */
982 &lsasd_children_main,
989 if (!serverid_register(procid_self(), FLAG_MSG_GENERAL)) {
993 messaging_register(msg_ctx,
995 MSG_SMB_CONF_UPDATED,
996 lsasd_smb_conf_updated);
998 status = rpc_lsarpc_init(NULL);
999 if (!NT_STATUS_IS_OK(status)) {
1000 DEBUG(0, ("Failed to register winreg rpc inteface! (%s)\n",
1001 nt_errstr(status)));
1005 status = rpc_samr_init(NULL);
1006 if (!NT_STATUS_IS_OK(status)) {
1007 DEBUG(0, ("Failed to register lsasd rpc inteface! (%s)\n",
1008 nt_errstr(status)));
1012 status = rpc_netlogon_init(NULL);
1013 if (!NT_STATUS_IS_OK(status)) {
1014 DEBUG(0, ("Failed to register lsasd rpc inteface! (%s)\n",
1015 nt_errstr(status)));
1019 ok = lsasd_setup_children_monitor(ev_ctx, msg_ctx, pool);
1021 DEBUG(0, ("Failed to setup children monitoring!\n"));
1025 DEBUG(1, ("LSASD Daemon Started (%d)\n", getpid()));
1028 rc = tevent_loop_wait(ev_ctx);
1030 /* should not be reached */
1031 DEBUG(0,("background_queue: tevent_loop_wait() exited with %d - %s\n",
1032 rc, (rc == 0) ? "out of events" : strerror(errno)));
git.samba.org / amitay / samba.git / blob