Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : Winbind child daemons
5 :
6 : Copyright (C) Andrew Tridgell 2002
7 : Copyright (C) Volker Lendecke 2004,2005
8 :
9 : This program is free software; you can redistribute it and/or modify
10 : it under the terms of the GNU General Public License as published by
11 : the Free Software Foundation; either version 3 of the License, or
12 : (at your option) any later version.
13 :
14 : This program is distributed in the hope that it will be useful,
15 : but WITHOUT ANY WARRANTY; without even the implied warranty of
16 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 : GNU General Public License for more details.
18 :
19 : You should have received a copy of the GNU General Public License
20 : along with this program. If not, see <http://www.gnu.org/licenses/>.
21 : */
22 :
23 : /*
24 : * We fork a child per domain to be able to act non-blocking in the main
25 : * winbind daemon. A domain controller thousands of miles away being being
26 : * slow replying with a 10.000 user list should not hold up netlogon calls
27 : * that can be handled locally.
28 : */
29 :
30 : #include "includes.h"
31 : #include "winbindd.h"
32 : #include "rpc_client/rpc_client.h"
33 : #include "nsswitch/wb_reqtrans.h"
34 : #include "secrets.h"
35 : #include "../lib/util/select.h"
36 : #include "winbindd_traceid.h"
37 : #include "../libcli/security/security.h"
38 : #include "system/select.h"
39 : #include "messages.h"
40 : #include "../lib/util/tevent_unix.h"
41 : #include "lib/param/loadparm.h"
42 : #include "lib/util/sys_rw.h"
43 : #include "lib/util/sys_rw_data.h"
44 : #include "passdb.h"
45 : #include "lib/util/string_wrappers.h"
46 : #include "lib/global_contexts.h"
47 : #include "idmap.h"
48 : #include "libcli/auth/netlogon_creds_cli.h"
49 : #include "../lib/util/pidfile.h"
50 : #include "librpc/gen_ndr/ndr_winbind_c.h"
51 : #include "lib/util/util_process.h"
52 :
53 : #undef DBGC_CLASS
54 : #define DBGC_CLASS DBGC_WINBIND
55 :
56 101 : static void forall_domain_children(bool (*fn)(struct winbindd_child *c,
57 : void *private_data),
58 : void *private_data)
59 : {
60 0 : struct winbindd_domain *d;
61 :
62 327 : for (d = domain_list(); d != NULL; d = d->next) {
63 : int i;
64 :
65 452 : for (i = 0; i < talloc_array_length(d->children); i++) {
66 226 : struct winbindd_child *c = &d->children[i];
67 0 : bool ok;
68 :
69 226 : if (c->pid == 0) {
70 24 : continue;
71 : }
72 :
73 202 : ok = fn(c, private_data);
74 202 : if (!ok) {
75 0 : return;
76 : }
77 : }
78 : }
79 : }
80 :
81 97 : static void forall_children(bool (*fn)(struct winbindd_child *c,
82 : void *private_data),
83 : void *private_data)
84 : {
85 0 : struct winbindd_child *c;
86 0 : bool ok;
87 :
88 97 : c = idmap_child();
89 97 : if (c->pid != 0) {
90 97 : ok = fn(c, private_data);
91 97 : if (!ok) {
92 0 : return;
93 : }
94 : }
95 :
96 97 : c = locator_child();
97 97 : if (c->pid != 0) {
98 0 : ok = fn(c, private_data);
99 0 : if (!ok) {
100 0 : return;
101 : }
102 : }
103 :
104 97 : forall_domain_children(fn, private_data);
105 : }
106 :
107 : /* Read some data from a client connection */
108 :
109 0 : static NTSTATUS child_read_request(int sock, struct winbindd_request *wreq)
110 : {
111 0 : NTSTATUS status;
112 :
113 0 : status = read_data_ntstatus(sock, (char *)wreq, sizeof(*wreq));
114 0 : if (!NT_STATUS_IS_OK(status)) {
115 0 : DEBUG(3, ("child_read_request: read_data failed: %s\n",
116 : nt_errstr(status)));
117 0 : return status;
118 : }
119 :
120 0 : if (wreq->extra_len == 0) {
121 0 : wreq->extra_data.data = NULL;
122 0 : return NT_STATUS_OK;
123 : }
124 :
125 0 : DEBUG(10, ("Need to read %d extra bytes\n", (int)wreq->extra_len));
126 :
127 0 : wreq->extra_data.data = SMB_MALLOC_ARRAY(char, wreq->extra_len + 1);
128 0 : if (wreq->extra_data.data == NULL) {
129 0 : DEBUG(0, ("malloc failed\n"));
130 0 : return NT_STATUS_NO_MEMORY;
131 : }
132 :
133 : /* Ensure null termination */
134 0 : wreq->extra_data.data[wreq->extra_len] = '\0';
135 :
136 0 : status = read_data_ntstatus(sock, wreq->extra_data.data,
137 0 : wreq->extra_len);
138 0 : if (!NT_STATUS_IS_OK(status)) {
139 0 : DEBUG(0, ("Could not read extra data: %s\n",
140 : nt_errstr(status)));
141 : }
142 0 : return status;
143 : }
144 :
145 0 : static NTSTATUS child_write_response(int sock, struct winbindd_response *wrsp)
146 : {
147 0 : struct iovec iov[2];
148 0 : int iov_count;
149 :
150 0 : iov[0].iov_base = (void *)wrsp;
151 0 : iov[0].iov_len = sizeof(struct winbindd_response);
152 0 : iov_count = 1;
153 :
154 0 : if (wrsp->length > sizeof(struct winbindd_response)) {
155 0 : iov[1].iov_base = (void *)wrsp->extra_data.data;
156 0 : iov[1].iov_len = wrsp->length-iov[0].iov_len;
157 0 : iov_count = 2;
158 : }
159 :
160 0 : DEBUG(10, ("Writing %d bytes to parent\n", (int)wrsp->length));
161 :
162 0 : if (write_data_iov(sock, iov, iov_count) != wrsp->length) {
163 0 : DEBUG(0, ("Could not write result\n"));
164 0 : return NT_STATUS_INVALID_HANDLE;
165 : }
166 :
167 0 : return NT_STATUS_OK;
168 : }
169 :
170 : /*
171 : * Do winbind child async request. This is not simply wb_simple_trans. We have
172 : * to do the queueing ourselves because while a request is queued, the child
173 : * might have crashed, and we have to re-fork it in the _trigger function.
174 : */
175 :
176 : struct wb_child_request_state {
177 : struct tevent_context *ev;
178 : struct tevent_req *queue_subreq;
179 : struct tevent_req *subreq;
180 : struct winbindd_child *child;
181 : struct winbindd_request *request;
182 : struct winbindd_response *response;
183 : };
184 :
185 : static bool fork_domain_child(struct winbindd_child *child);
186 :
187 : static void wb_child_request_waited(struct tevent_req *subreq);
188 : static void wb_child_request_done(struct tevent_req *subreq);
189 : static void wb_child_request_orphaned(struct tevent_req *subreq);
190 :
191 : static void wb_child_request_cleanup(struct tevent_req *req,
192 : enum tevent_req_state req_state);
193 :
194 120797 : struct tevent_req *wb_child_request_send(TALLOC_CTX *mem_ctx,
195 : struct tevent_context *ev,
196 : struct winbindd_child *child,
197 : struct winbindd_request *request)
198 : {
199 0 : struct tevent_req *req;
200 0 : struct wb_child_request_state *state;
201 0 : struct tevent_req *subreq;
202 :
203 120797 : req = tevent_req_create(mem_ctx, &state,
204 : struct wb_child_request_state);
205 120797 : if (req == NULL) {
206 0 : return NULL;
207 : }
208 :
209 120797 : state->ev = ev;
210 120797 : state->child = child;
211 :
212 : /*
213 : * We have to make a copy of "request", because our caller
214 : * might drop us via talloc_free().
215 : *
216 : * The talloc_move() magic in wb_child_request_cleanup() keeps
217 : * all the requests, but if we are sitting deep within
218 : * writev_send() down to the client, we have given it the
219 : * pointer to "request". As our caller lost interest, it will
220 : * just free "request", while writev_send still references it.
221 : */
222 :
223 120797 : state->request = talloc_memdup(state, request, sizeof(*request));
224 120797 : if (tevent_req_nomem(state->request, req)) {
225 0 : return tevent_req_post(req, ev);
226 : }
227 :
228 120797 : state->request->traceid = debug_traceid_get();
229 :
230 120797 : if (request->extra_data.data != NULL) {
231 120797 : state->request->extra_data.data = talloc_memdup(
232 : state->request,
233 : request->extra_data.data,
234 : request->extra_len);
235 120797 : if (tevent_req_nomem(state->request->extra_data.data, req)) {
236 0 : return tevent_req_post(req, ev);
237 : }
238 : }
239 :
240 120797 : subreq = tevent_queue_wait_send(state, ev, child->queue);
241 120797 : if (tevent_req_nomem(subreq, req)) {
242 0 : return tevent_req_post(req, ev);
243 : }
244 120797 : tevent_req_set_callback(subreq, wb_child_request_waited, req);
245 120797 : state->queue_subreq = subreq;
246 :
247 120797 : tevent_req_set_cleanup_fn(req, wb_child_request_cleanup);
248 :
249 120797 : return req;
250 : }
251 :
252 120797 : static void wb_child_request_waited(struct tevent_req *subreq)
253 : {
254 120797 : struct tevent_req *req = tevent_req_callback_data(
255 : subreq, struct tevent_req);
256 120797 : struct wb_child_request_state *state = tevent_req_data(
257 : req, struct wb_child_request_state);
258 0 : bool ok;
259 :
260 120797 : ok = tevent_queue_wait_recv(subreq);
261 120797 : if (!ok) {
262 0 : tevent_req_oom(req);
263 0 : return;
264 : }
265 : /*
266 : * We need to keep state->queue_subreq
267 : * in order to block the queue.
268 : */
269 120797 : subreq = NULL;
270 :
271 120797 : if ((state->child->sock == -1) && (!fork_domain_child(state->child))) {
272 0 : tevent_req_error(req, errno);
273 0 : return;
274 : }
275 :
276 120797 : tevent_fd_set_flags(state->child->monitor_fde, 0);
277 :
278 120797 : subreq = wb_simple_trans_send(state, global_event_context(), NULL,
279 120797 : state->child->sock, state->request);
280 120797 : if (tevent_req_nomem(subreq, req)) {
281 0 : return;
282 : }
283 :
284 120797 : state->subreq = subreq;
285 120797 : tevent_req_set_callback(subreq, wb_child_request_done, req);
286 120797 : tevent_req_set_endtime(req, state->ev, timeval_current_ofs(300, 0));
287 : }
288 :
289 120797 : static void wb_child_request_done(struct tevent_req *subreq)
290 : {
291 120797 : struct tevent_req *req = tevent_req_callback_data(
292 : subreq, struct tevent_req);
293 120797 : struct wb_child_request_state *state = tevent_req_data(
294 : req, struct wb_child_request_state);
295 0 : int ret, err;
296 :
297 120797 : ret = wb_simple_trans_recv(subreq, state, &state->response, &err);
298 : /* Freeing the subrequest is deferred until the cleanup function,
299 : * which has to know whether a subrequest exists, and consequently
300 : * decide whether to shut down the pipe to the child process.
301 : */
302 120797 : if (ret == -1) {
303 0 : tevent_req_error(req, err);
304 0 : return;
305 : }
306 120797 : tevent_req_done(req);
307 : }
308 :
309 0 : static void wb_child_request_orphaned(struct tevent_req *subreq)
310 : {
311 0 : struct winbindd_child *child =
312 0 : (struct winbindd_child *)tevent_req_callback_data_void(subreq);
313 :
314 0 : DBG_WARNING("cleanup orphaned subreq[%p]\n", subreq);
315 0 : TALLOC_FREE(subreq);
316 :
317 0 : if (child->domain != NULL) {
318 : /*
319 : * If the child is attached to a domain,
320 : * we need to make sure the domain queue
321 : * can move forward, after the orphaned
322 : * request is done.
323 : */
324 0 : tevent_queue_start(child->domain->queue);
325 : }
326 0 : }
327 :
328 120797 : int wb_child_request_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
329 : struct winbindd_response **presponse, int *err)
330 : {
331 120797 : struct wb_child_request_state *state = tevent_req_data(
332 : req, struct wb_child_request_state);
333 :
334 120797 : if (tevent_req_is_unix_error(req, err)) {
335 0 : return -1;
336 : }
337 120797 : *presponse = talloc_move(mem_ctx, &state->response);
338 120797 : return 0;
339 : }
340 :
341 241594 : static void wb_child_request_cleanup(struct tevent_req *req,
342 : enum tevent_req_state req_state)
343 : {
344 0 : struct wb_child_request_state *state =
345 241594 : tevent_req_data(req, struct wb_child_request_state);
346 :
347 241594 : if (state->subreq == NULL) {
348 : /* nothing to cleanup */
349 120797 : return;
350 : }
351 :
352 120797 : if (req_state == TEVENT_REQ_RECEIVED) {
353 0 : struct tevent_req *subreq = NULL;
354 :
355 : /*
356 : * Our caller gave up, but we need to keep
357 : * the low level request (wb_simple_trans)
358 : * in order to maintain the parent child protocol.
359 : *
360 : * We also need to keep the child queue blocked
361 : * until we got the response from the child.
362 : */
363 :
364 0 : subreq = talloc_move(state->child->queue, &state->subreq);
365 0 : talloc_move(subreq, &state->queue_subreq);
366 0 : talloc_move(subreq, &state->request);
367 0 : tevent_req_set_callback(subreq,
368 : wb_child_request_orphaned,
369 : state->child);
370 :
371 0 : DBG_WARNING("keep orphaned subreq[%p]\n", subreq);
372 0 : return;
373 : }
374 :
375 120797 : TALLOC_FREE(state->subreq);
376 120797 : TALLOC_FREE(state->queue_subreq);
377 :
378 120797 : tevent_fd_set_flags(state->child->monitor_fde, TEVENT_FD_READ);
379 :
380 120797 : if (state->child->domain != NULL) {
381 : /*
382 : * If the child is attached to a domain,
383 : * we need to make sure the domain queue
384 : * can move forward, after the request
385 : * is done.
386 : */
387 22768 : tevent_queue_start(state->child->domain->queue);
388 : }
389 :
390 120797 : if (req_state == TEVENT_REQ_DONE) {
391 : /* transmitted request and got response */
392 120797 : return;
393 : }
394 :
395 : /*
396 : * Failed to transmit and receive response, or request
397 : * cancelled while being serviced.
398 : * The basic parent/child communication broke, close
399 : * our socket
400 : */
401 0 : TALLOC_FREE(state->child->monitor_fde);
402 0 : close(state->child->sock);
403 0 : state->child->sock = -1;
404 : }
405 :
406 0 : static void child_socket_readable(struct tevent_context *ev,
407 : struct tevent_fd *fde,
408 : uint16_t flags,
409 : void *private_data)
410 : {
411 0 : struct winbindd_child *child = private_data;
412 :
413 0 : if ((flags & TEVENT_FD_READ) == 0) {
414 0 : return;
415 : }
416 :
417 0 : TALLOC_FREE(child->monitor_fde);
418 :
419 : /*
420 : * We're only active when there is no outstanding child
421 : * request. Arriving here means the child closed its socket,
422 : * it died. Do the same here.
423 : */
424 :
425 0 : SMB_ASSERT(child->sock != -1);
426 :
427 0 : close(child->sock);
428 0 : child->sock = -1;
429 : }
430 :
431 22680 : static struct winbindd_child *choose_domain_child(struct winbindd_domain *domain)
432 : {
433 22680 : struct winbindd_child *shortest = &domain->children[0];
434 0 : struct winbindd_child *current;
435 0 : int i;
436 :
437 22683 : for (i=0; i<talloc_array_length(domain->children); i++) {
438 0 : size_t shortest_len, current_len;
439 :
440 22680 : current = &domain->children[i];
441 22680 : current_len = tevent_queue_length(current->queue);
442 :
443 22680 : if (current_len == 0) {
444 : /* idle child */
445 22677 : return current;
446 : }
447 :
448 3 : shortest_len = tevent_queue_length(shortest->queue);
449 :
450 3 : if (current_len < shortest_len) {
451 0 : shortest = current;
452 : }
453 : }
454 :
455 3 : return shortest;
456 : }
457 :
458 121018 : struct dcerpc_binding_handle *dom_child_handle(struct winbindd_domain *domain)
459 : {
460 121018 : return domain->binding_handle;
461 : }
462 :
463 : struct wb_domain_request_state {
464 : struct tevent_context *ev;
465 : struct tevent_queue_entry *queue_entry;
466 : struct winbindd_domain *domain;
467 : struct winbindd_child *child;
468 : struct winbindd_request *request;
469 : struct winbindd_request *init_req;
470 : struct winbindd_response *response;
471 : struct tevent_req *pending_subreq;
472 : struct wbint_InitConnection r;
473 : };
474 :
475 45354 : static void wb_domain_request_cleanup(struct tevent_req *req,
476 : enum tevent_req_state req_state)
477 : {
478 45354 : struct wb_domain_request_state *state = tevent_req_data(
479 : req, struct wb_domain_request_state);
480 :
481 : /*
482 : * If we're completely done or got a failure.
483 : * we should remove ourself from the domain queue,
484 : * after removing the child subreq from the child queue
485 : * and give the next one in the queue the chance
486 : * to check for an idle child.
487 : */
488 45354 : TALLOC_FREE(state->pending_subreq);
489 45354 : TALLOC_FREE(state->queue_entry);
490 45354 : tevent_queue_start(state->domain->queue);
491 45354 : }
492 :
493 : static void wb_domain_request_trigger(struct tevent_req *req,
494 : void *private_data);
495 : static void wb_domain_request_gotdc(struct tevent_req *subreq);
496 : static void wb_domain_request_initialized(struct tevent_req *subreq);
497 : static void wb_domain_request_done(struct tevent_req *subreq);
498 :
499 22677 : struct tevent_req *wb_domain_request_send(TALLOC_CTX *mem_ctx,
500 : struct tevent_context *ev,
501 : struct winbindd_domain *domain,
502 : struct winbindd_request *request)
503 : {
504 0 : struct tevent_req *req;
505 0 : struct wb_domain_request_state *state;
506 :
507 22677 : req = tevent_req_create(mem_ctx, &state,
508 : struct wb_domain_request_state);
509 22677 : if (req == NULL) {
510 0 : return NULL;
511 : }
512 :
513 22677 : state->domain = domain;
514 22677 : state->ev = ev;
515 22677 : state->request = request;
516 :
517 22677 : tevent_req_set_cleanup_fn(req, wb_domain_request_cleanup);
518 :
519 22677 : state->queue_entry = tevent_queue_add_entry(
520 : domain->queue, state->ev, req,
521 0 : wb_domain_request_trigger, NULL);
522 22677 : if (tevent_req_nomem(state->queue_entry, req)) {
523 0 : return tevent_req_post(req, ev);
524 : }
525 :
526 22677 : return req;
527 : }
528 :
529 22680 : static void wb_domain_request_trigger(struct tevent_req *req,
530 : void *private_data)
531 : {
532 22680 : struct wb_domain_request_state *state = tevent_req_data(
533 : req, struct wb_domain_request_state);
534 22680 : struct winbindd_domain *domain = state->domain;
535 22680 : struct tevent_req *subreq = NULL;
536 0 : size_t shortest_queue_length;
537 :
538 22680 : state->child = choose_domain_child(domain);
539 22680 : shortest_queue_length = tevent_queue_length(state->child->queue);
540 22680 : if (shortest_queue_length > 0) {
541 : /*
542 : * All children are busy, we need to stop
543 : * the queue and untrigger our own queue
544 : * entry. Once a pending request
545 : * is done it calls tevent_queue_start
546 : * and we get retriggered.
547 : */
548 3 : state->child = NULL;
549 3 : tevent_queue_stop(state->domain->queue);
550 3 : tevent_queue_entry_untrigger(state->queue_entry);
551 3 : return;
552 : }
553 :
554 22677 : if (domain->initialized) {
555 22586 : subreq = wb_child_request_send(state, state->ev, state->child,
556 : state->request);
557 22586 : if (tevent_req_nomem(subreq, req)) {
558 0 : return;
559 : }
560 22586 : tevent_req_set_callback(subreq, wb_domain_request_done, req);
561 22586 : state->pending_subreq = subreq;
562 :
563 : /*
564 : * Once the domain is initialized and
565 : * once we placed our real request into the child queue,
566 : * we can remove ourself from the domain queue
567 : * and give the next one in the queue the chance
568 : * to check for an idle child.
569 : */
570 22586 : TALLOC_FREE(state->queue_entry);
571 22586 : return;
572 : }
573 :
574 91 : state->init_req = talloc_zero(state, struct winbindd_request);
575 91 : if (tevent_req_nomem(state->init_req, req)) {
576 0 : return;
577 : }
578 :
579 91 : if (IS_DC || domain->primary || domain->internal) {
580 : /* The primary domain has to find the DC name itself */
581 87 : state->r.in.dcname = talloc_strdup(state, "");
582 87 : if (tevent_req_nomem(state->r.in.dcname, req)) {
583 0 : return;
584 : }
585 :
586 87 : subreq = dcerpc_wbint_InitConnection_r_send(state,
587 : state->ev,
588 87 : state->child->binding_handle,
589 : &state->r);
590 87 : if (tevent_req_nomem(subreq, req)) {
591 0 : return;
592 : }
593 87 : tevent_req_set_callback(subreq, wb_domain_request_initialized,
594 : req);
595 87 : state->pending_subreq = subreq;
596 87 : return;
597 : }
598 :
599 : /*
600 : * This is *not* the primary domain,
601 : * let's ask our DC about a DC name.
602 : *
603 : * We prefer getting a dns name in dc_unc,
604 : * which is indicated by DS_RETURN_DNS_NAME.
605 : * For NT4 domains we still get the netbios name.
606 : */
607 4 : subreq = wb_dsgetdcname_send(state, state->ev,
608 4 : state->domain->name,
609 : NULL, /* domain_guid */
610 : NULL, /* site_name */
611 : DS_RETURN_DNS_NAME); /* flags */
612 4 : if (tevent_req_nomem(subreq, req)) {
613 0 : return;
614 : }
615 4 : tevent_req_set_callback(subreq, wb_domain_request_gotdc, req);
616 4 : state->pending_subreq = subreq;
617 4 : return;
618 : }
619 :
620 4 : static void wb_domain_request_gotdc(struct tevent_req *subreq)
621 : {
622 4 : struct tevent_req *req = tevent_req_callback_data(
623 : subreq, struct tevent_req);
624 4 : struct wb_domain_request_state *state = tevent_req_data(
625 : req, struct wb_domain_request_state);
626 4 : struct netr_DsRGetDCNameInfo *dcinfo = NULL;
627 0 : NTSTATUS status;
628 4 : const char *dcname = NULL;
629 :
630 4 : state->pending_subreq = NULL;
631 :
632 4 : status = wb_dsgetdcname_recv(subreq, state, &dcinfo);
633 4 : TALLOC_FREE(subreq);
634 4 : if (tevent_req_nterror(req, status)) {
635 0 : return;
636 : }
637 4 : dcname = dcinfo->dc_unc;
638 12 : while (dcname != NULL && *dcname == '\\') {
639 8 : dcname++;
640 : }
641 :
642 4 : state->r.in.dcname = talloc_strdup(state, dcname);
643 4 : if (tevent_req_nomem(state->r.in.dcname, req)) {
644 0 : return;
645 : }
646 :
647 4 : TALLOC_FREE(dcinfo);
648 :
649 4 : subreq = dcerpc_wbint_InitConnection_r_send(state,
650 : state->ev,
651 4 : state->child->binding_handle,
652 : &state->r);
653 4 : if (tevent_req_nomem(subreq, req)) {
654 0 : return;
655 : }
656 4 : tevent_req_set_callback(subreq, wb_domain_request_initialized, req);
657 4 : state->pending_subreq = subreq;
658 : }
659 :
660 91 : static void wb_domain_request_initialized(struct tevent_req *subreq)
661 : {
662 91 : struct tevent_req *req = tevent_req_callback_data(
663 : subreq, struct tevent_req);
664 91 : struct wb_domain_request_state *state = tevent_req_data(
665 : req, struct wb_domain_request_state);
666 0 : NTSTATUS status;
667 :
668 91 : state->pending_subreq = NULL;
669 :
670 91 : status = dcerpc_wbint_InitConnection_r_recv(subreq, state);
671 91 : TALLOC_FREE(subreq);
672 91 : if (NT_STATUS_IS_ERR(status)) {
673 0 : tevent_req_error(req, map_errno_from_nt_status(status));
674 0 : return;
675 : }
676 :
677 91 : status = state->r.out.result;
678 91 : if (NT_STATUS_IS_ERR(status)) {
679 0 : tevent_req_error(req, map_errno_from_nt_status(status));
680 0 : return;
681 : }
682 :
683 91 : state->domain->sid = *state->r.out.sid;
684 :
685 91 : talloc_free(state->domain->name);
686 91 : state->domain->name = talloc_strdup(state->domain, *state->r.out.name);
687 91 : if (state->domain->name == NULL) {
688 0 : tevent_req_error(req, ENOMEM);
689 0 : return;
690 : }
691 :
692 91 : if (*state->r.out.alt_name != NULL &&
693 35 : strlen(*state->r.out.alt_name) > 0) {
694 32 : talloc_free(state->domain->alt_name);
695 :
696 64 : state->domain->alt_name = talloc_strdup(state->domain,
697 32 : *state->r.out.alt_name);
698 32 : if (state->domain->alt_name == NULL) {
699 0 : tevent_req_error(req, ENOMEM);
700 0 : return;
701 : }
702 : }
703 :
704 91 : state->domain->native_mode =
705 91 : (*state->r.out.flags & WB_DOMINFO_DOMAIN_NATIVE);
706 91 : state->domain->active_directory =
707 91 : (*state->r.out.flags & WB_DOMINFO_DOMAIN_AD);
708 91 : state->domain->initialized = true;
709 :
710 91 : subreq = wb_child_request_send(state, state->ev, state->child,
711 : state->request);
712 91 : if (tevent_req_nomem(subreq, req)) {
713 0 : return;
714 : }
715 91 : tevent_req_set_callback(subreq, wb_domain_request_done, req);
716 91 : state->pending_subreq = subreq;
717 :
718 : /*
719 : * Once the domain is initialized and
720 : * once we placed our real request into the child queue,
721 : * we can remove ourself from the domain queue
722 : * and give the next one in the queue the chance
723 : * to check for an idle child.
724 : */
725 91 : TALLOC_FREE(state->queue_entry);
726 : }
727 :
728 22677 : static void wb_domain_request_done(struct tevent_req *subreq)
729 : {
730 22677 : struct tevent_req *req = tevent_req_callback_data(
731 : subreq, struct tevent_req);
732 22677 : struct wb_domain_request_state *state = tevent_req_data(
733 : req, struct wb_domain_request_state);
734 0 : int ret, err;
735 :
736 22677 : state->pending_subreq = NULL;
737 :
738 22677 : ret = wb_child_request_recv(subreq, talloc_tos(), &state->response,
739 : &err);
740 22677 : TALLOC_FREE(subreq);
741 22677 : if (ret == -1) {
742 0 : tevent_req_error(req, err);
743 0 : return;
744 : }
745 22677 : tevent_req_done(req);
746 : }
747 :
748 22677 : int wb_domain_request_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
749 : struct winbindd_response **presponse, int *err)
750 : {
751 22677 : struct wb_domain_request_state *state = tevent_req_data(
752 : req, struct wb_domain_request_state);
753 :
754 22677 : if (tevent_req_is_unix_error(req, err)) {
755 0 : return -1;
756 : }
757 22677 : *presponse = talloc_move(mem_ctx, &state->response);
758 22677 : return 0;
759 : }
760 :
761 0 : static void child_process_request(struct winbindd_child *child,
762 : struct winbindd_cli_state *state)
763 : {
764 0 : struct winbindd_domain *domain = child->domain;
765 :
766 : /* Free response data - we may be interrupted and receive another
767 : command before being able to send this data off. */
768 :
769 0 : state->response->result = WINBINDD_ERROR;
770 0 : state->response->length = sizeof(struct winbindd_response);
771 :
772 : /* as all requests in the child are sync, we can use talloc_tos() */
773 0 : state->mem_ctx = talloc_tos();
774 :
775 : /* Process command */
776 0 : state->response->result = winbindd_dual_ndrcmd(domain, state);
777 0 : }
778 :
779 203 : void setup_child(struct winbindd_domain *domain, struct winbindd_child *child,
780 : const char *logprefix,
781 : const char *logname)
782 : {
783 0 : const struct loadparm_substitution *lp_sub =
784 203 : loadparm_s3_global_substitution();
785 :
786 406 : if (logprefix && logname) {
787 203 : char *logbase = NULL;
788 :
789 203 : if (*lp_logfile(talloc_tos(), lp_sub)) {
790 203 : char *end = NULL;
791 :
792 203 : if (asprintf(&logbase, "%s", lp_logfile(talloc_tos(), lp_sub)) < 0) {
793 0 : smb_panic("Internal error: asprintf failed");
794 : }
795 :
796 203 : if ((end = strrchr_m(logbase, '/'))) {
797 203 : *end = '\0';
798 : }
799 : } else {
800 0 : if (asprintf(&logbase, "%s", get_dyn_LOGFILEBASE()) < 0) {
801 0 : smb_panic("Internal error: asprintf failed");
802 : }
803 : }
804 :
805 203 : if (asprintf(&child->logfilename, "%s/%s-%s",
806 : logbase, logprefix, logname) < 0) {
807 0 : SAFE_FREE(logbase);
808 0 : smb_panic("Internal error: asprintf failed");
809 : }
810 :
811 203 : SAFE_FREE(logbase);
812 : } else {
813 0 : smb_panic("Internal error: logprefix == NULL && "
814 : "logname == NULL");
815 : }
816 :
817 203 : child->pid = 0;
818 203 : child->sock = -1;
819 203 : child->domain = domain;
820 203 : child->queue = tevent_queue_create(NULL, "winbind_child");
821 203 : SMB_ASSERT(child->queue != NULL);
822 :
823 203 : child->binding_handle = wbint_binding_handle(NULL, NULL, child);
824 203 : SMB_ASSERT(child->binding_handle != NULL);
825 203 : }
826 :
827 : struct winbind_child_died_state {
828 : pid_t pid;
829 : struct winbindd_child *child;
830 : };
831 :
832 63 : static bool winbind_child_died_fn(struct winbindd_child *child,
833 : void *private_data)
834 : {
835 63 : struct winbind_child_died_state *state = private_data;
836 :
837 63 : if (child->pid == state->pid) {
838 0 : state->child = child;
839 0 : return false;
840 : }
841 63 : return true;
842 : }
843 :
844 21 : void winbind_child_died(pid_t pid)
845 : {
846 21 : struct winbind_child_died_state state = { .pid = pid };
847 :
848 21 : forall_children(winbind_child_died_fn, &state);
849 :
850 21 : if (state.child == NULL) {
851 21 : DEBUG(5, ("Already reaped child %u died\n", (unsigned int)pid));
852 21 : return;
853 : }
854 :
855 0 : state.child->pid = 0;
856 : }
857 :
858 : /* Ensure any negative cache entries with the netbios or realm names are removed. */
859 :
860 44 : void winbindd_flush_negative_conn_cache(struct winbindd_domain *domain)
861 : {
862 44 : flush_negative_conn_cache_for_domain(domain->name);
863 44 : if (domain->alt_name != NULL) {
864 44 : flush_negative_conn_cache_for_domain(domain->alt_name);
865 : }
866 44 : }
867 :
868 : /*
869 : * Parent winbindd process sets its own debug level first and then
870 : * sends a message to all the winbindd children to adjust their debug
871 : * level to that of parents.
872 : */
873 :
874 : struct winbind_msg_relay_state {
875 : struct messaging_context *msg_ctx;
876 : uint32_t msg_type;
877 : DATA_BLOB *data;
878 : };
879 :
880 228 : static bool winbind_msg_relay_fn(struct winbindd_child *child,
881 : void *private_data)
882 : {
883 228 : struct winbind_msg_relay_state *state = private_data;
884 :
885 228 : DBG_DEBUG("sending message to pid %u.\n",
886 : (unsigned int)child->pid);
887 :
888 228 : messaging_send(state->msg_ctx, pid_to_procid(child->pid),
889 228 : state->msg_type, state->data);
890 228 : return true;
891 : }
892 :
893 0 : void winbind_msg_debug(struct messaging_context *msg_ctx,
894 : void *private_data,
895 : uint32_t msg_type,
896 : struct server_id server_id,
897 : DATA_BLOB *data)
898 : {
899 0 : struct winbind_msg_relay_state state = {
900 : .msg_ctx = msg_ctx, .msg_type = msg_type, .data = data
901 : };
902 :
903 0 : DEBUG(10,("winbind_msg_debug: got debug message.\n"));
904 :
905 0 : debug_message(msg_ctx, private_data, MSG_DEBUG, server_id, data);
906 :
907 0 : forall_children(winbind_msg_relay_fn, &state);
908 0 : }
909 :
910 0 : void winbind_disconnect_dc_parent(struct messaging_context *msg_ctx,
911 : void *private_data,
912 : uint32_t msg_type,
913 : struct server_id server_id,
914 : DATA_BLOB *data)
915 : {
916 0 : struct winbind_msg_relay_state state = {
917 : .msg_ctx = msg_ctx, .msg_type = msg_type, .data = data
918 : };
919 :
920 0 : DBG_DEBUG("Got disconnect_dc message\n");
921 :
922 0 : forall_children(winbind_msg_relay_fn, &state);
923 0 : }
924 :
925 0 : static void winbindd_msg_reload_services_child(struct messaging_context *msg,
926 : void *private_data,
927 : uint32_t msg_type,
928 : struct server_id server_id,
929 : DATA_BLOB *data)
930 : {
931 0 : DBG_DEBUG("Got reload-config message\n");
932 0 : winbindd_reload_services_file((const char *)private_data);
933 0 : }
934 :
935 : /* React on 'smbcontrol winbindd reload-config' in the same way as on SIGHUP*/
936 76 : void winbindd_msg_reload_services_parent(struct messaging_context *msg,
937 : void *private_data,
938 : uint32_t msg_type,
939 : struct server_id server_id,
940 : DATA_BLOB *data)
941 : {
942 76 : struct winbind_msg_relay_state state = {
943 : .msg_ctx = msg,
944 : .msg_type = msg_type,
945 : .data = data,
946 : };
947 :
948 76 : DBG_DEBUG("Got reload-config message\n");
949 :
950 : /* Flush various caches */
951 76 : winbindd_flush_caches();
952 :
953 76 : winbindd_reload_services_file((const char *)private_data);
954 :
955 : /* Set tevent_thread_call_depth_set_callback according to debug level */
956 76 : if (lp_winbind_debug_traceid() && debuglevel_get() > 1) {
957 0 : tevent_thread_call_depth_set_callback(winbind_call_flow, NULL);
958 : } else {
959 76 : tevent_thread_call_depth_set_callback(NULL, NULL);
960 : }
961 :
962 76 : forall_children(winbind_msg_relay_fn, &state);
963 76 : }
964 :
965 : /* Set our domains as offline and forward the offline message to our children. */
966 :
967 : struct winbind_msg_on_offline_state {
968 : struct messaging_context *msg_ctx;
969 : uint32_t msg_type;
970 : };
971 :
972 8 : static bool winbind_msg_on_offline_fn(struct winbindd_child *child,
973 : void *private_data)
974 : {
975 8 : struct winbind_msg_on_offline_state *state = private_data;
976 :
977 8 : if (child->domain->internal) {
978 4 : return true;
979 : }
980 :
981 : /*
982 : * Each winbindd child should only process requests for one
983 : * domain - make sure we only set it online / offline for that
984 : * domain.
985 : */
986 4 : DBG_DEBUG("sending message to pid %u for domain %s.\n",
987 : (unsigned int)child->pid, child->domain->name);
988 :
989 4 : messaging_send_buf(state->msg_ctx,
990 : pid_to_procid(child->pid),
991 : state->msg_type,
992 4 : (const uint8_t *)child->domain->name,
993 4 : strlen(child->domain->name)+1);
994 :
995 4 : return true;
996 : }
997 :
998 4 : void winbind_msg_offline(struct messaging_context *msg_ctx,
999 : void *private_data,
1000 : uint32_t msg_type,
1001 : struct server_id server_id,
1002 : DATA_BLOB *data)
1003 : {
1004 4 : struct winbind_msg_on_offline_state state = {
1005 : .msg_ctx = msg_ctx,
1006 : .msg_type = MSG_WINBIND_OFFLINE,
1007 : };
1008 0 : struct winbindd_domain *domain;
1009 :
1010 4 : DEBUG(10,("winbind_msg_offline: got offline message.\n"));
1011 :
1012 4 : if (!lp_winbind_offline_logon()) {
1013 0 : DEBUG(10,("winbind_msg_offline: rejecting offline message.\n"));
1014 0 : return;
1015 : }
1016 :
1017 : /* Set our global state as offline. */
1018 4 : if (!set_global_winbindd_state_offline()) {
1019 0 : DEBUG(10,("winbind_msg_offline: offline request failed.\n"));
1020 0 : return;
1021 : }
1022 :
1023 : /* Set all our domains as offline. */
1024 16 : for (domain = domain_list(); domain; domain = domain->next) {
1025 12 : if (domain->internal) {
1026 8 : continue;
1027 : }
1028 4 : DEBUG(5,("winbind_msg_offline: marking %s offline.\n", domain->name));
1029 4 : domain->online = false;
1030 : }
1031 :
1032 4 : forall_domain_children(winbind_msg_on_offline_fn, &state);
1033 : }
1034 :
1035 : /* Set our domains as online and forward the online message to our children. */
1036 :
1037 0 : void winbind_msg_online(struct messaging_context *msg_ctx,
1038 : void *private_data,
1039 : uint32_t msg_type,
1040 : struct server_id server_id,
1041 : DATA_BLOB *data)
1042 : {
1043 0 : struct winbind_msg_on_offline_state state = {
1044 : .msg_ctx = msg_ctx,
1045 : .msg_type = MSG_WINBIND_ONLINE,
1046 : };
1047 :
1048 0 : DEBUG(10,("winbind_msg_online: got online message.\n"));
1049 :
1050 0 : if (!lp_winbind_offline_logon()) {
1051 0 : DEBUG(10,("winbind_msg_online: rejecting online message.\n"));
1052 0 : return;
1053 : }
1054 :
1055 : /* Set our global state as online. */
1056 0 : set_global_winbindd_state_online();
1057 :
1058 0 : smb_nscd_flush_user_cache();
1059 0 : smb_nscd_flush_group_cache();
1060 :
1061 : /* Tell all our child domains to go online online. */
1062 0 : forall_domain_children(winbind_msg_on_offline_fn, &state);
1063 : }
1064 :
1065 0 : static const char *collect_onlinestatus(TALLOC_CTX *mem_ctx)
1066 : {
1067 0 : struct winbindd_domain *domain;
1068 0 : char *buf = NULL;
1069 :
1070 0 : if ((buf = talloc_asprintf(mem_ctx, "global:%s ",
1071 0 : get_global_winbindd_state_offline() ?
1072 : "Offline":"Online")) == NULL) {
1073 0 : return NULL;
1074 : }
1075 :
1076 0 : for (domain = domain_list(); domain; domain = domain->next) {
1077 0 : if ((buf = talloc_asprintf_append_buffer(buf, "%s:%s ",
1078 : domain->name,
1079 0 : domain->online ?
1080 : "Online":"Offline")) == NULL) {
1081 0 : return NULL;
1082 : }
1083 : }
1084 :
1085 0 : buf = talloc_asprintf_append_buffer(buf, "\n");
1086 :
1087 0 : DEBUG(5,("collect_onlinestatus: %s", buf));
1088 :
1089 0 : return buf;
1090 : }
1091 :
1092 0 : void winbind_msg_onlinestatus(struct messaging_context *msg_ctx,
1093 : void *private_data,
1094 : uint32_t msg_type,
1095 : struct server_id server_id,
1096 : DATA_BLOB *data)
1097 : {
1098 0 : TALLOC_CTX *mem_ctx;
1099 0 : const char *message;
1100 :
1101 0 : DEBUG(5,("winbind_msg_onlinestatus received.\n"));
1102 :
1103 0 : mem_ctx = talloc_init("winbind_msg_onlinestatus");
1104 0 : if (mem_ctx == NULL) {
1105 0 : return;
1106 : }
1107 :
1108 0 : message = collect_onlinestatus(mem_ctx);
1109 0 : if (message == NULL) {
1110 0 : talloc_destroy(mem_ctx);
1111 0 : return;
1112 : }
1113 :
1114 0 : messaging_send_buf(msg_ctx, server_id, MSG_WINBIND_ONLINESTATUS,
1115 0 : (const uint8_t *)message, strlen(message) + 1);
1116 :
1117 0 : talloc_destroy(mem_ctx);
1118 : }
1119 :
1120 0 : void winbind_msg_dump_domain_list(struct messaging_context *msg_ctx,
1121 : void *private_data,
1122 : uint32_t msg_type,
1123 : struct server_id server_id,
1124 : DATA_BLOB *data)
1125 : {
1126 0 : TALLOC_CTX *mem_ctx;
1127 0 : const char *message = NULL;
1128 0 : const char *domain = NULL;
1129 0 : char *s = NULL;
1130 0 : NTSTATUS status;
1131 0 : struct winbindd_domain *dom = NULL;
1132 :
1133 0 : DEBUG(5,("winbind_msg_dump_domain_list received.\n"));
1134 :
1135 0 : mem_ctx = talloc_init("winbind_msg_dump_domain_list");
1136 0 : if (!mem_ctx) {
1137 0 : return;
1138 : }
1139 :
1140 0 : if (data->length > 0) {
1141 0 : domain = (const char *)data->data;
1142 : }
1143 :
1144 0 : if (domain) {
1145 :
1146 0 : DEBUG(5,("winbind_msg_dump_domain_list for domain: %s\n",
1147 : domain));
1148 :
1149 0 : message = NDR_PRINT_STRUCT_STRING(mem_ctx, winbindd_domain,
1150 : find_domain_from_name_noinit(domain));
1151 0 : if (!message) {
1152 0 : talloc_destroy(mem_ctx);
1153 0 : return;
1154 : }
1155 :
1156 0 : messaging_send_buf(msg_ctx, server_id,
1157 : MSG_WINBIND_DUMP_DOMAIN_LIST,
1158 0 : (const uint8_t *)message, strlen(message) + 1);
1159 :
1160 0 : talloc_destroy(mem_ctx);
1161 :
1162 0 : return;
1163 : }
1164 :
1165 0 : DEBUG(5,("winbind_msg_dump_domain_list all domains\n"));
1166 :
1167 0 : for (dom = domain_list(); dom; dom=dom->next) {
1168 0 : message = NDR_PRINT_STRUCT_STRING(mem_ctx, winbindd_domain, dom);
1169 0 : if (!message) {
1170 0 : talloc_destroy(mem_ctx);
1171 0 : return;
1172 : }
1173 :
1174 0 : s = talloc_asprintf_append(s, "%s\n", message);
1175 0 : if (!s) {
1176 0 : talloc_destroy(mem_ctx);
1177 0 : return;
1178 : }
1179 : }
1180 :
1181 0 : status = messaging_send_buf(msg_ctx, server_id,
1182 : MSG_WINBIND_DUMP_DOMAIN_LIST,
1183 0 : (uint8_t *)s, strlen(s) + 1);
1184 0 : if (!NT_STATUS_IS_OK(status)) {
1185 0 : DEBUG(0,("failed to send message: %s\n",
1186 : nt_errstr(status)));
1187 : }
1188 :
1189 0 : talloc_destroy(mem_ctx);
1190 : }
1191 :
1192 0 : static void account_lockout_policy_handler(struct tevent_context *ctx,
1193 : struct tevent_timer *te,
1194 : struct timeval now,
1195 : void *private_data)
1196 : {
1197 0 : struct winbindd_child *child =
1198 : (struct winbindd_child *)private_data;
1199 0 : TALLOC_CTX *mem_ctx = NULL;
1200 0 : struct samr_DomInfo12 lockout_policy;
1201 0 : NTSTATUS result;
1202 :
1203 0 : DEBUG(10,("account_lockout_policy_handler called\n"));
1204 :
1205 0 : TALLOC_FREE(child->lockout_policy_event);
1206 :
1207 0 : if ( !winbindd_can_contact_domain( child->domain ) ) {
1208 0 : DEBUG(10,("account_lockout_policy_handler: Removing myself since I "
1209 : "do not have an incoming trust to domain %s\n",
1210 : child->domain->name));
1211 :
1212 0 : return;
1213 : }
1214 :
1215 0 : mem_ctx = talloc_init("account_lockout_policy_handler ctx");
1216 0 : if (!mem_ctx) {
1217 0 : result = NT_STATUS_NO_MEMORY;
1218 : } else {
1219 0 : result = wb_cache_lockout_policy(child->domain, mem_ctx,
1220 : &lockout_policy);
1221 : }
1222 0 : TALLOC_FREE(mem_ctx);
1223 :
1224 0 : if (!NT_STATUS_IS_OK(result)) {
1225 0 : DEBUG(10,("account_lockout_policy_handler: lockout_policy failed error %s\n",
1226 : nt_errstr(result)));
1227 : }
1228 :
1229 0 : child->lockout_policy_event = tevent_add_timer(global_event_context(), NULL,
1230 : timeval_current_ofs(3600, 0),
1231 : account_lockout_policy_handler,
1232 : child);
1233 : }
1234 :
1235 0 : static time_t get_machine_password_timeout(void)
1236 : {
1237 : /* until we have gpo support use lp setting */
1238 0 : return lp_machine_password_timeout();
1239 : }
1240 :
1241 0 : static bool calculate_next_machine_pwd_change(const char *domain,
1242 : struct timeval *t)
1243 : {
1244 0 : time_t pass_last_set_time;
1245 0 : time_t timeout;
1246 0 : time_t next_change;
1247 0 : struct timeval tv;
1248 0 : char *pw;
1249 :
1250 0 : pw = secrets_fetch_machine_password(domain,
1251 : &pass_last_set_time,
1252 : NULL);
1253 :
1254 0 : if (pw == NULL) {
1255 0 : DEBUG(0,("cannot fetch own machine password ????\n"));
1256 0 : return false;
1257 : }
1258 :
1259 0 : SAFE_FREE(pw);
1260 :
1261 0 : timeout = get_machine_password_timeout();
1262 0 : if (timeout == 0) {
1263 0 : DEBUG(10,("machine password never expires\n"));
1264 0 : return false;
1265 : }
1266 :
1267 0 : tv.tv_sec = pass_last_set_time;
1268 0 : DEBUG(10, ("password last changed %s\n",
1269 : timeval_string(talloc_tos(), &tv, false)));
1270 0 : tv.tv_sec += timeout;
1271 0 : DEBUGADD(10, ("password valid until %s\n",
1272 : timeval_string(talloc_tos(), &tv, false)));
1273 :
1274 0 : if (time(NULL) < (pass_last_set_time + timeout)) {
1275 0 : next_change = pass_last_set_time + timeout;
1276 0 : DEBUG(10,("machine password still valid until: %s\n",
1277 : http_timestring(talloc_tos(), next_change)));
1278 0 : *t = timeval_set(next_change, 0);
1279 :
1280 0 : if (lp_clustering()) {
1281 0 : uint8_t randbuf;
1282 : /*
1283 : * When having a cluster, we have several
1284 : * winbinds racing for the password change. In
1285 : * the machine_password_change_handler()
1286 : * function we check if someone else was
1287 : * faster when the event triggers. We add a
1288 : * 255-second random delay here, so that we
1289 : * don't run to change the password at the
1290 : * exact same moment.
1291 : */
1292 0 : generate_random_buffer(&randbuf, sizeof(randbuf));
1293 0 : DEBUG(10, ("adding %d seconds randomness\n",
1294 : (int)randbuf));
1295 0 : t->tv_sec += randbuf;
1296 : }
1297 0 : return true;
1298 : }
1299 :
1300 0 : DEBUG(10,("machine password expired, needs immediate change\n"));
1301 :
1302 0 : *t = timeval_zero();
1303 :
1304 0 : return true;
1305 : }
1306 :
1307 0 : static void machine_password_change_handler(struct tevent_context *ctx,
1308 : struct tevent_timer *te,
1309 : struct timeval now,
1310 : void *private_data)
1311 : {
1312 0 : struct messaging_context *msg_ctx = global_messaging_context();
1313 0 : struct winbindd_child *child =
1314 : (struct winbindd_child *)private_data;
1315 0 : struct rpc_pipe_client *netlogon_pipe = NULL;
1316 0 : struct netlogon_creds_cli_context *netlogon_creds_ctx = NULL;
1317 0 : NTSTATUS result;
1318 0 : struct timeval next_change;
1319 :
1320 0 : DEBUG(10,("machine_password_change_handler called\n"));
1321 :
1322 0 : TALLOC_FREE(child->machine_password_change_event);
1323 :
1324 0 : if (!calculate_next_machine_pwd_change(child->domain->name,
1325 : &next_change)) {
1326 0 : DEBUG(10, ("calculate_next_machine_pwd_change failed\n"));
1327 0 : return;
1328 : }
1329 :
1330 0 : DEBUG(10, ("calculate_next_machine_pwd_change returned %s\n",
1331 : timeval_string(talloc_tos(), &next_change, false)));
1332 :
1333 0 : if (!timeval_expired(&next_change)) {
1334 0 : DEBUG(10, ("Someone else has already changed the pw\n"));
1335 0 : goto done;
1336 : }
1337 :
1338 0 : if (!winbindd_can_contact_domain(child->domain)) {
1339 0 : DEBUG(10,("machine_password_change_handler: Removing myself since I "
1340 : "do not have an incoming trust to domain %s\n",
1341 : child->domain->name));
1342 0 : return;
1343 : }
1344 :
1345 0 : result = cm_connect_netlogon_secure(child->domain,
1346 : &netlogon_pipe,
1347 : &netlogon_creds_ctx);
1348 0 : if (!NT_STATUS_IS_OK(result)) {
1349 0 : DEBUG(10,("machine_password_change_handler: "
1350 : "failed to connect netlogon pipe: %s\n",
1351 : nt_errstr(result)));
1352 0 : return;
1353 : }
1354 :
1355 0 : result = trust_pw_change(netlogon_creds_ctx,
1356 : msg_ctx,
1357 0 : netlogon_pipe->binding_handle,
1358 0 : child->domain->name,
1359 0 : child->domain->dcname,
1360 : false); /* force */
1361 :
1362 0 : DEBUG(10, ("machine_password_change_handler: "
1363 : "trust_pw_change returned %s\n",
1364 : nt_errstr(result)));
1365 :
1366 0 : if (NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) {
1367 0 : DEBUG(3,("machine_password_change_handler: password set returned "
1368 : "ACCESS_DENIED. Maybe the trust account "
1369 : "password was changed and we didn't know it. "
1370 : "Killing connections to domain %s\n",
1371 : child->domain->name));
1372 0 : invalidate_cm_connection(child->domain);
1373 : }
1374 :
1375 0 : if (!calculate_next_machine_pwd_change(child->domain->name,
1376 : &next_change)) {
1377 0 : DEBUG(10, ("calculate_next_machine_pwd_change failed\n"));
1378 0 : return;
1379 : }
1380 :
1381 0 : DEBUG(10, ("calculate_next_machine_pwd_change returned %s\n",
1382 : timeval_string(talloc_tos(), &next_change, false)));
1383 :
1384 0 : if (!NT_STATUS_IS_OK(result)) {
1385 0 : struct timeval tmp;
1386 : /*
1387 : * In case of failure, give the DC a minute to recover
1388 : */
1389 0 : tmp = timeval_current_ofs(60, 0);
1390 0 : next_change = timeval_max(&next_change, &tmp);
1391 : }
1392 :
1393 0 : done:
1394 0 : child->machine_password_change_event = tevent_add_timer(global_event_context(), NULL,
1395 : next_change,
1396 : machine_password_change_handler,
1397 : child);
1398 : }
1399 :
1400 : /* Deal with a request to go offline. */
1401 :
1402 0 : static void child_msg_offline(struct messaging_context *msg,
1403 : void *private_data,
1404 : uint32_t msg_type,
1405 : struct server_id server_id,
1406 : DATA_BLOB *data)
1407 : {
1408 0 : struct winbindd_domain *domain;
1409 0 : struct winbindd_domain *primary_domain = NULL;
1410 0 : const char *domainname = (const char *)data->data;
1411 :
1412 0 : if (data->data == NULL || data->length == 0) {
1413 0 : return;
1414 : }
1415 :
1416 0 : DEBUG(5,("child_msg_offline received for domain %s.\n", domainname));
1417 :
1418 0 : if (!lp_winbind_offline_logon()) {
1419 0 : DEBUG(10,("child_msg_offline: rejecting offline message.\n"));
1420 0 : return;
1421 : }
1422 :
1423 0 : primary_domain = find_our_domain();
1424 :
1425 : /* Mark the requested domain offline. */
1426 :
1427 0 : for (domain = domain_list(); domain; domain = domain->next) {
1428 0 : if (domain->internal) {
1429 0 : continue;
1430 : }
1431 0 : if (strequal(domain->name, domainname)) {
1432 0 : DEBUG(5,("child_msg_offline: marking %s offline.\n", domain->name));
1433 0 : set_domain_offline(domain);
1434 : /* we are in the trusted domain, set the primary domain
1435 : * offline too */
1436 0 : if (domain != primary_domain) {
1437 0 : set_domain_offline(primary_domain);
1438 : }
1439 : }
1440 : }
1441 : }
1442 :
1443 : /* Deal with a request to go online. */
1444 :
1445 0 : static void child_msg_online(struct messaging_context *msg,
1446 : void *private_data,
1447 : uint32_t msg_type,
1448 : struct server_id server_id,
1449 : DATA_BLOB *data)
1450 : {
1451 0 : struct winbindd_domain *domain;
1452 0 : struct winbindd_domain *primary_domain = NULL;
1453 0 : const char *domainname = (const char *)data->data;
1454 :
1455 0 : if (data->data == NULL || data->length == 0) {
1456 0 : return;
1457 : }
1458 :
1459 0 : DEBUG(5,("child_msg_online received for domain %s.\n", domainname));
1460 :
1461 0 : if (!lp_winbind_offline_logon()) {
1462 0 : DEBUG(10,("child_msg_online: rejecting online message.\n"));
1463 0 : return;
1464 : }
1465 :
1466 0 : primary_domain = find_our_domain();
1467 :
1468 : /* Set our global state as online. */
1469 0 : set_global_winbindd_state_online();
1470 :
1471 : /* Try and mark everything online - delete any negative cache entries
1472 : to force a reconnect now. */
1473 :
1474 0 : for (domain = domain_list(); domain; domain = domain->next) {
1475 0 : if (domain->internal) {
1476 0 : continue;
1477 : }
1478 0 : if (strequal(domain->name, domainname)) {
1479 0 : DEBUG(5,("child_msg_online: requesting %s to go online.\n", domain->name));
1480 0 : winbindd_flush_negative_conn_cache(domain);
1481 0 : set_domain_online_request(domain);
1482 :
1483 : /* we can be in trusted domain, which will contact primary domain
1484 : * we have to bring primary domain online in trusted domain process
1485 : * see, winbindd_dual_pam_auth() --> winbindd_dual_pam_auth_samlogon()
1486 : * --> contact_domain = find_our_domain()
1487 : * */
1488 0 : if (domain != primary_domain) {
1489 0 : winbindd_flush_negative_conn_cache(primary_domain);
1490 0 : set_domain_online_request(primary_domain);
1491 : }
1492 : }
1493 : }
1494 : }
1495 :
1496 : struct winbindd_reinit_after_fork_state {
1497 : const struct winbindd_child *myself;
1498 : };
1499 :
1500 0 : static bool winbindd_reinit_after_fork_fn(struct winbindd_child *child,
1501 : void *private_data)
1502 : {
1503 0 : struct winbindd_reinit_after_fork_state *state = private_data;
1504 :
1505 0 : if (child == state->myself) {
1506 0 : return true;
1507 : }
1508 :
1509 : /* Destroy all possible events in child list. */
1510 0 : TALLOC_FREE(child->lockout_policy_event);
1511 0 : TALLOC_FREE(child->machine_password_change_event);
1512 :
1513 : /*
1514 : * Children should never be able to send each other messages,
1515 : * all messages must go through the parent.
1516 : */
1517 0 : child->pid = (pid_t)0;
1518 :
1519 : /*
1520 : * Close service sockets to all other children
1521 : */
1522 0 : if (child->sock != -1) {
1523 0 : close(child->sock);
1524 0 : child->sock = -1;
1525 : }
1526 :
1527 0 : return true;
1528 : }
1529 :
1530 0 : NTSTATUS winbindd_reinit_after_fork(const struct winbindd_child *myself,
1531 : const char *logfilename)
1532 : {
1533 0 : struct winbindd_reinit_after_fork_state state = { .myself = myself };
1534 0 : struct winbindd_domain *domain;
1535 0 : NTSTATUS status;
1536 :
1537 0 : status = reinit_after_fork(
1538 : global_messaging_context(),
1539 : global_event_context(),
1540 : true);
1541 0 : if (!NT_STATUS_IS_OK(status)) {
1542 0 : DEBUG(0,("reinit_after_fork() failed\n"));
1543 0 : return status;
1544 : }
1545 0 : initialize_password_db(true, global_event_context());
1546 :
1547 0 : close_conns_after_fork();
1548 :
1549 0 : if (logfilename != NULL) {
1550 0 : lp_set_logfile(logfilename);
1551 0 : reopen_logs();
1552 : }
1553 :
1554 0 : if (!winbindd_setup_sig_term_handler(false)) {
1555 0 : return NT_STATUS_NO_MEMORY;
1556 : }
1557 :
1558 0 : if (!winbindd_setup_sig_hup_handler(logfilename)) {
1559 0 : return NT_STATUS_NO_MEMORY;
1560 : }
1561 :
1562 : /* Stop zombies in children */
1563 0 : CatchChild();
1564 :
1565 : /* Don't handle the same messages as our parent. */
1566 0 : messaging_deregister(global_messaging_context(),
1567 : MSG_SMB_CONF_UPDATED, NULL);
1568 0 : messaging_deregister(global_messaging_context(),
1569 : MSG_SHUTDOWN, NULL);
1570 0 : messaging_deregister(global_messaging_context(),
1571 : MSG_WINBIND_OFFLINE, NULL);
1572 0 : messaging_deregister(global_messaging_context(),
1573 : MSG_WINBIND_ONLINE, NULL);
1574 0 : messaging_deregister(global_messaging_context(),
1575 : MSG_WINBIND_ONLINESTATUS, NULL);
1576 0 : messaging_deregister(global_messaging_context(),
1577 : MSG_WINBIND_DUMP_DOMAIN_LIST, NULL);
1578 0 : messaging_deregister(global_messaging_context(),
1579 : MSG_DEBUG, NULL);
1580 :
1581 0 : messaging_deregister(global_messaging_context(),
1582 : MSG_WINBIND_DOMAIN_OFFLINE, NULL);
1583 0 : messaging_deregister(global_messaging_context(),
1584 : MSG_WINBIND_DOMAIN_ONLINE, NULL);
1585 :
1586 : /* We have destroyed all events in the winbindd_event_context
1587 : * in reinit_after_fork(), so clean out all possible pending
1588 : * event pointers. */
1589 :
1590 : /* Deal with check_online_events. */
1591 :
1592 0 : for (domain = domain_list(); domain; domain = domain->next) {
1593 0 : TALLOC_FREE(domain->check_online_event);
1594 : }
1595 :
1596 : /* Ensure we're not handling a credential cache event inherited
1597 : * from our parent. */
1598 :
1599 0 : ccache_remove_all_after_fork();
1600 :
1601 0 : forall_children(winbindd_reinit_after_fork_fn, &state);
1602 :
1603 0 : return NT_STATUS_OK;
1604 : }
1605 :
1606 : /*
1607 : * In a child there will be only one domain, reference that here.
1608 : */
1609 : static struct winbindd_domain *child_domain;
1610 :
1611 57 : struct winbindd_domain *wb_child_domain(void)
1612 : {
1613 57 : return child_domain;
1614 : }
1615 :
1616 : struct child_handler_state {
1617 : struct winbindd_child *child;
1618 : struct winbindd_cli_state cli;
1619 : };
1620 :
1621 0 : static void child_handler(struct tevent_context *ev, struct tevent_fd *fde,
1622 : uint16_t flags, void *private_data)
1623 : {
1624 0 : struct child_handler_state *state =
1625 : (struct child_handler_state *)private_data;
1626 0 : NTSTATUS status;
1627 0 : uint64_t parent_traceid;
1628 :
1629 : /* fetch a request from the main daemon */
1630 0 : status = child_read_request(state->cli.sock, state->cli.request);
1631 :
1632 0 : if (!NT_STATUS_IS_OK(status)) {
1633 : /* we lost contact with our parent */
1634 0 : _exit(0);
1635 : }
1636 :
1637 : /* read traceid from request */
1638 0 : parent_traceid = state->cli.request->traceid;
1639 0 : debug_traceid_set(parent_traceid);
1640 :
1641 0 : DEBUG(4,("child daemon request %d\n",
1642 : (int)state->cli.request->cmd));
1643 :
1644 0 : ZERO_STRUCTP(state->cli.response);
1645 0 : state->cli.request->null_term = '\0';
1646 0 : state->cli.mem_ctx = talloc_tos();
1647 0 : child_process_request(state->child, &state->cli);
1648 :
1649 0 : DEBUG(4, ("Finished processing child request %d\n",
1650 : (int)state->cli.request->cmd));
1651 :
1652 0 : SAFE_FREE(state->cli.request->extra_data.data);
1653 :
1654 0 : status = child_write_response(state->cli.sock, state->cli.response);
1655 0 : if (!NT_STATUS_IS_OK(status)) {
1656 0 : exit(1);
1657 : }
1658 0 : }
1659 :
1660 132 : static bool fork_domain_child(struct winbindd_child *child)
1661 : {
1662 0 : int fdpair[2];
1663 0 : struct child_handler_state state;
1664 0 : struct winbindd_request request;
1665 0 : struct winbindd_response response;
1666 132 : struct winbindd_domain *primary_domain = NULL;
1667 0 : NTSTATUS status;
1668 0 : ssize_t nwritten;
1669 0 : struct tevent_fd *fde;
1670 :
1671 132 : if (child->domain) {
1672 91 : DEBUG(10, ("fork_domain_child called for domain '%s'\n",
1673 : child->domain->name));
1674 : } else {
1675 41 : DEBUG(10, ("fork_domain_child called without domain.\n"));
1676 : }
1677 :
1678 132 : if (socketpair(AF_UNIX, SOCK_STREAM, 0, fdpair) != 0) {
1679 0 : DEBUG(0, ("Could not open child pipe: %s\n",
1680 : strerror(errno)));
1681 0 : return False;
1682 : }
1683 :
1684 132 : ZERO_STRUCT(state);
1685 132 : state.child = child;
1686 132 : state.cli.pid = getpid();
1687 132 : state.cli.request = &request;
1688 132 : state.cli.response = &response;
1689 :
1690 132 : child->pid = fork();
1691 :
1692 132 : if (child->pid == -1) {
1693 0 : DEBUG(0, ("Could not fork: %s\n", strerror(errno)));
1694 0 : close(fdpair[0]);
1695 0 : close(fdpair[1]);
1696 0 : return False;
1697 : }
1698 :
1699 132 : if (child->pid != 0) {
1700 : /* Parent */
1701 0 : ssize_t nread;
1702 0 : int rc;
1703 :
1704 132 : close(fdpair[0]);
1705 :
1706 132 : nread = sys_read(fdpair[1], &status, sizeof(status));
1707 132 : if (nread != sizeof(status)) {
1708 0 : DEBUG(1, ("fork_domain_child: Could not read child status: "
1709 : "nread=%d, error=%s\n", (int)nread,
1710 : strerror(errno)));
1711 0 : close(fdpair[1]);
1712 0 : return false;
1713 : }
1714 132 : if (!NT_STATUS_IS_OK(status)) {
1715 0 : DEBUG(1, ("fork_domain_child: Child status is %s\n",
1716 : nt_errstr(status)));
1717 0 : close(fdpair[1]);
1718 0 : return false;
1719 : }
1720 :
1721 132 : child->monitor_fde = tevent_add_fd(global_event_context(),
1722 : global_event_context(),
1723 : fdpair[1],
1724 : TEVENT_FD_READ,
1725 : child_socket_readable,
1726 : child);
1727 132 : if (child->monitor_fde == NULL) {
1728 0 : DBG_WARNING("tevent_add_fd failed\n");
1729 0 : close(fdpair[1]);
1730 0 : return false;
1731 : }
1732 :
1733 132 : rc = set_blocking(fdpair[1], false);
1734 132 : if (rc < 0) {
1735 0 : close(fdpair[1]);
1736 0 : return false;
1737 : }
1738 :
1739 132 : child->sock = fdpair[1];
1740 :
1741 132 : return true;
1742 : }
1743 :
1744 : /* Child */
1745 0 : child_domain = child->domain;
1746 :
1747 0 : DEBUG(10, ("Child process %d\n", (int)getpid()));
1748 :
1749 0 : state.cli.sock = fdpair[0];
1750 0 : close(fdpair[1]);
1751 :
1752 : /* Reset traceid and deactivate call_depth tracking */
1753 0 : if (lp_winbind_debug_traceid()) {
1754 0 : debug_traceid_set(1);
1755 0 : tevent_thread_call_depth_set_callback(NULL, NULL);
1756 : }
1757 :
1758 0 : status = winbindd_reinit_after_fork(child, child->logfilename);
1759 :
1760 : /* setup callbacks again, one of them is removed in reinit_after_fork */
1761 0 : if (lp_winbind_debug_traceid()) {
1762 0 : winbind_debug_traceid_setup(global_event_context());
1763 : }
1764 :
1765 0 : nwritten = sys_write(state.cli.sock, &status, sizeof(status));
1766 0 : if (nwritten != sizeof(status)) {
1767 0 : DEBUG(1, ("fork_domain_child: Could not write status: "
1768 : "nwritten=%d, error=%s\n", (int)nwritten,
1769 : strerror(errno)));
1770 0 : _exit(0);
1771 : }
1772 0 : if (!NT_STATUS_IS_OK(status)) {
1773 0 : DEBUG(1, ("winbindd_reinit_after_fork failed: %s\n",
1774 : nt_errstr(status)));
1775 0 : _exit(0);
1776 : }
1777 :
1778 0 : if (child_domain != NULL) {
1779 0 : process_set_title("wb[%s]", "domain child [%s]", child_domain->name);
1780 0 : } else if (is_idmap_child(child)) {
1781 0 : process_set_title("wb-idmap", "idmap child");
1782 : }
1783 :
1784 : /* Handle online/offline messages. */
1785 0 : messaging_register(global_messaging_context(), NULL,
1786 : MSG_WINBIND_OFFLINE, child_msg_offline);
1787 0 : messaging_register(global_messaging_context(), NULL,
1788 : MSG_WINBIND_ONLINE, child_msg_online);
1789 0 : messaging_register(global_messaging_context(), NULL,
1790 : MSG_DEBUG, debug_message);
1791 0 : messaging_register(global_messaging_context(), NULL,
1792 : MSG_WINBIND_IP_DROPPED,
1793 : winbind_msg_ip_dropped);
1794 0 : messaging_register(global_messaging_context(), NULL,
1795 : MSG_WINBIND_DISCONNECT_DC,
1796 : winbind_msg_disconnect_dc);
1797 0 : messaging_register(
1798 : global_messaging_context(),
1799 0 : child->logfilename,
1800 : MSG_SMB_CONF_UPDATED,
1801 : winbindd_msg_reload_services_child);
1802 :
1803 0 : primary_domain = find_our_domain();
1804 :
1805 0 : if (primary_domain == NULL) {
1806 0 : smb_panic("no primary domain found");
1807 : }
1808 :
1809 : /* It doesn't matter if we allow cache login,
1810 : * try to bring domain online after fork. */
1811 0 : if ( child->domain ) {
1812 0 : child->domain->startup = True;
1813 0 : child->domain->startup_time = time_mono(NULL);
1814 : /* we can be in primary domain or in trusted domain
1815 : * If we are in trusted domain, set the primary domain
1816 : * in start-up mode */
1817 0 : if (!(child->domain->internal)) {
1818 0 : set_domain_online_request(child->domain);
1819 0 : if (!(child->domain->primary)) {
1820 0 : primary_domain->startup = True;
1821 0 : primary_domain->startup_time = time_mono(NULL);
1822 0 : set_domain_online_request(primary_domain);
1823 : }
1824 : }
1825 : }
1826 :
1827 : /* We might be in the idmap child...*/
1828 0 : if (child->domain && !(child->domain->internal) &&
1829 0 : lp_winbind_offline_logon()) {
1830 :
1831 0 : set_domain_online_request(child->domain);
1832 :
1833 0 : if (primary_domain && (primary_domain != child->domain)) {
1834 : /* We need to talk to the primary
1835 : * domain as well as the trusted
1836 : * domain inside a trusted domain
1837 : * child.
1838 : * See the code in :
1839 : * set_dc_type_and_flags_trustinfo()
1840 : * for details.
1841 : */
1842 0 : set_domain_online_request(primary_domain);
1843 : }
1844 :
1845 0 : child->lockout_policy_event = tevent_add_timer(
1846 : global_event_context(), NULL, timeval_zero(),
1847 : account_lockout_policy_handler,
1848 : child);
1849 : }
1850 :
1851 0 : if (child->domain && child->domain->primary &&
1852 0 : !USE_KERBEROS_KEYTAB &&
1853 0 : lp_server_role() == ROLE_DOMAIN_MEMBER) {
1854 :
1855 0 : struct timeval next_change;
1856 :
1857 0 : if (calculate_next_machine_pwd_change(child->domain->name,
1858 : &next_change)) {
1859 0 : child->machine_password_change_event = tevent_add_timer(
1860 : global_event_context(), NULL, next_change,
1861 : machine_password_change_handler,
1862 : child);
1863 : }
1864 : }
1865 :
1866 0 : fde = tevent_add_fd(global_event_context(), NULL, state.cli.sock,
1867 : TEVENT_FD_READ, child_handler, &state);
1868 0 : if (fde == NULL) {
1869 0 : DEBUG(1, ("tevent_add_fd failed\n"));
1870 0 : _exit(1);
1871 : }
1872 :
1873 0 : while (1) {
1874 :
1875 0 : int ret;
1876 0 : TALLOC_CTX *frame = talloc_stackframe();
1877 :
1878 0 : ret = tevent_loop_once(global_event_context());
1879 0 : if (ret != 0) {
1880 0 : DEBUG(1, ("tevent_loop_once failed: %s\n",
1881 : strerror(errno)));
1882 0 : _exit(1);
1883 : }
1884 :
1885 0 : if (child->domain && child->domain->startup &&
1886 0 : (time_mono(NULL) > child->domain->startup_time + 30)) {
1887 : /* No longer in "startup" mode. */
1888 0 : DEBUG(10,("fork_domain_child: domain %s no longer in 'startup' mode.\n",
1889 : child->domain->name ));
1890 0 : child->domain->startup = False;
1891 : }
1892 :
1893 0 : TALLOC_FREE(frame);
1894 : }
1895 : }
1896 :
1897 0 : void winbind_msg_ip_dropped_parent(struct messaging_context *msg_ctx,
1898 : void *private_data,
1899 : uint32_t msg_type,
1900 : struct server_id server_id,
1901 : DATA_BLOB *data)
1902 : {
1903 0 : struct winbind_msg_relay_state state = {
1904 : .msg_ctx = msg_ctx,
1905 : .msg_type = msg_type,
1906 : .data = data,
1907 : };
1908 :
1909 0 : winbind_msg_ip_dropped(msg_ctx, private_data, msg_type,
1910 : server_id, data);
1911 :
1912 0 : forall_children(winbind_msg_relay_fn, &state);
1913 0 : }
1914 :
1915 41 : void winbindd_terminate(bool is_parent)
1916 : {
1917 41 : if (is_parent) {
1918 : /* When parent goes away we should
1919 : * remove the socket file. Not so
1920 : * when children terminate.
1921 : */
1922 41 : char *path = NULL;
1923 :
1924 41 : if (asprintf(&path, "%s/%s",
1925 : lp_winbindd_socket_directory(), WINBINDD_SOCKET_NAME) > 0) {
1926 41 : unlink(path);
1927 41 : SAFE_FREE(path);
1928 : }
1929 : }
1930 :
1931 41 : idmap_close();
1932 :
1933 41 : netlogon_creds_cli_close_global_db();
1934 :
1935 : #if 0
1936 : if (interactive) {
1937 : TALLOC_CTX *mem_ctx = talloc_init("end_description");
1938 : char *description = talloc_describe_all(mem_ctx);
1939 :
1940 : DEBUG(3, ("tallocs left:\n%s\n", description));
1941 : talloc_destroy(mem_ctx);
1942 : }
1943 : #endif
1944 :
1945 41 : if (is_parent) {
1946 41 : pidfile_unlink(lp_pid_directory(), "winbindd");
1947 : }
1948 :
1949 41 : exit(0);
1950 : }
1951 :
1952 0 : static void winbindd_sig_term_handler(struct tevent_context *ev,
1953 : struct tevent_signal *se,
1954 : int signum,
1955 : int count,
1956 : void *siginfo,
1957 : void *private_data)
1958 : {
1959 0 : bool *p = talloc_get_type_abort(private_data, bool);
1960 0 : bool is_parent = *p;
1961 :
1962 0 : TALLOC_FREE(p);
1963 :
1964 0 : DEBUG(0,("Got sig[%d] terminate (is_parent=%d)\n",
1965 : signum, is_parent));
1966 0 : winbindd_terminate(is_parent);
1967 0 : }
1968 :
1969 41 : bool winbindd_setup_sig_term_handler(bool parent)
1970 : {
1971 0 : struct tevent_signal *se;
1972 0 : bool *is_parent;
1973 :
1974 41 : is_parent = talloc(global_event_context(), bool);
1975 41 : if (!is_parent) {
1976 0 : return false;
1977 : }
1978 :
1979 41 : *is_parent = parent;
1980 :
1981 41 : se = tevent_add_signal(global_event_context(),
1982 : is_parent,
1983 : SIGTERM, 0,
1984 : winbindd_sig_term_handler,
1985 : is_parent);
1986 41 : if (!se) {
1987 0 : DEBUG(0,("failed to setup SIGTERM handler\n"));
1988 0 : talloc_free(is_parent);
1989 0 : return false;
1990 : }
1991 :
1992 41 : se = tevent_add_signal(global_event_context(),
1993 : is_parent,
1994 : SIGINT, 0,
1995 : winbindd_sig_term_handler,
1996 : is_parent);
1997 41 : if (!se) {
1998 0 : DEBUG(0,("failed to setup SIGINT handler\n"));
1999 0 : talloc_free(is_parent);
2000 0 : return false;
2001 : }
2002 :
2003 41 : se = tevent_add_signal(global_event_context(),
2004 : is_parent,
2005 : SIGQUIT, 0,
2006 : winbindd_sig_term_handler,
2007 : is_parent);
2008 41 : if (!se) {
2009 0 : DEBUG(0,("failed to setup SIGINT handler\n"));
2010 0 : talloc_free(is_parent);
2011 0 : return false;
2012 : }
2013 :
2014 41 : return true;
2015 : }
2016 :
2017 0 : static void flush_caches_noinit(void)
2018 : {
2019 : /*
2020 : * We need to invalidate cached user list entries on a SIGHUP
2021 : * otherwise cached access denied errors due to restrict anonymous
2022 : * hang around until the sequence number changes.
2023 : * NB
2024 : * Skip uninitialized domains when flush cache.
2025 : * If domain is not initialized, it means it is never
2026 : * used or never become online. look, wcache_invalidate_cache()
2027 : * -> get_cache() -> init_dc_connection(). It causes a lot of traffic
2028 : * for unused domains and large traffic for primary domain's DC if there
2029 : * are many domains..
2030 : */
2031 :
2032 0 : if (!wcache_invalidate_cache_noinit()) {
2033 0 : DEBUG(0, ("invalidating the cache failed; revalidate the cache\n"));
2034 0 : if (!winbindd_cache_validate_and_initialize()) {
2035 0 : exit(1);
2036 : }
2037 : }
2038 0 : }
2039 :
2040 0 : static void winbindd_sig_hup_handler(struct tevent_context *ev,
2041 : struct tevent_signal *se,
2042 : int signum,
2043 : int count,
2044 : void *siginfo,
2045 : void *private_data)
2046 : {
2047 0 : const char *file = (const char *)private_data;
2048 :
2049 0 : DEBUG(1,("Reloading services after SIGHUP\n"));
2050 0 : flush_caches_noinit();
2051 0 : winbindd_reload_services_file(file);
2052 0 : }
2053 :
2054 41 : bool winbindd_setup_sig_hup_handler(const char *lfile)
2055 : {
2056 0 : struct tevent_signal *se;
2057 41 : char *file = NULL;
2058 :
2059 41 : if (lfile) {
2060 0 : file = talloc_strdup(global_event_context(),
2061 : lfile);
2062 0 : if (!file) {
2063 0 : return false;
2064 : }
2065 : }
2066 :
2067 41 : se = tevent_add_signal(global_event_context(),
2068 : global_event_context(),
2069 : SIGHUP, 0,
2070 : winbindd_sig_hup_handler,
2071 : file);
2072 41 : if (!se) {
2073 0 : return false;
2074 : }
2075 :
2076 41 : return true;
2077 : }
|
