/*
setup our listening sockets on the configured network interfaces
*/
static NTSTATUS cldapd_startup_interfaces(struct cldapd_server *cldapd, struct loadparm_context *lp_ctx,
struct interface *ifaces)
{
int i, num_interfaces;
TALLOC_CTX *tmp_ctx = talloc_new(cldapd);
NTSTATUS status;
num_interfaces = iface_list_count(ifaces);
/* if we are allowing incoming packets from any address, then
we need to bind to the wildcard address */
if (!lpcfg_bind_interfaces_only(lp_ctx)) {
const char **wcard = iface_list_wildcard(cldapd, lp_ctx);
NT_STATUS_HAVE_NO_MEMORY(wcard);
for (i=0; wcard[i]; i++) {
status = cldapd_add_socket(cldapd, lp_ctx, wcard[i]);
NT_STATUS_NOT_OK_RETURN(status);
}
talloc_free(wcard);
}
/* now we have to also listen on the specific interfaces,
so that replies always come from the right IP */
for (i=0; i<num_interfaces; i++) {
const char *address = talloc_strdup(tmp_ctx, iface_list_n_ip(ifaces, i));
status = cldapd_add_socket(cldapd, lp_ctx, address);
NT_STATUS_NOT_OK_RETURN(status);
}
talloc_free(tmp_ctx);
return NT_STATUS_OK;
}
/*
open the smb server sockets
*/
static void samba3_smb_task_init(struct task_server *task)
{
NTSTATUS status;
const struct model_ops *model_ops;
model_ops = process_model_startup("standard");
if (model_ops == NULL) {
goto failed;
}
task_server_set_title(task, "task[samba3_smb]");
if (lpcfg_interfaces(task->lp_ctx)
&& lpcfg_bind_interfaces_only(task->lp_ctx)) {
int num_interfaces;
int i;
struct interface *ifaces;
load_interface_list(task, task->lp_ctx, &ifaces);
num_interfaces = iface_list_count(ifaces);
/* We have been given an interfaces line, and been
told to only bind to those interfaces. Create a
socket per interface and bind to only these.
*/
for(i = 0; i < num_interfaces; i++) {
const char *address = iface_list_n_ip(ifaces, i);
status = samba3_add_socket(task,
task->event_ctx,
task->lp_ctx,
model_ops, address);
if (!NT_STATUS_IS_OK(status)) goto failed;
}
} else {
const char **wcard;
int i;
wcard = iface_list_wildcard(task, task->lp_ctx);
if (wcard == NULL) {
DEBUG(0,("No wildcard addresses available\n"));
goto failed;
}
for (i=0; wcard[i]; i++) {
status = samba3_add_socket(task,
task->event_ctx, task->lp_ctx,
model_ops,
wcard[i]);
if (!NT_STATUS_IS_OK(status)) goto failed;
}
talloc_free(wcard);
}
return;
failed:
task_server_terminate(task, "Failed to startup samba3 smb task", true);
}
/**
return the local IP address that best matches a destination IP, or
our first interface if none match
*/
const char *iface_list_best_ip(struct interface *ifaces, const char *dest)
{
struct interface *iface;
struct sockaddr_storage ss;
if (!interpret_string_addr(&ss, dest, AI_NUMERICHOST)) {
return iface_list_n_ip(ifaces, 0);
}
iface = iface_list_find(ifaces, (const struct sockaddr *)&ss, true);
if (iface) {
return iface->ip_s;
}
#ifdef HAVE_IPV6
if (ss.ss_family == AF_INET6) {
return iface_list_first_v6(ifaces);
}
#endif
return iface_list_first_v4(ifaces);
}
/*
setup our listening sockets on the configured network interfaces
*/
static NTSTATUS kdc_startup_interfaces(struct kdc_server *kdc,
struct loadparm_context *lp_ctx,
struct interface *ifaces,
const struct model_ops *model_ops)
{
int num_interfaces;
TALLOC_CTX *tmp_ctx = talloc_new(kdc);
NTSTATUS status;
int i;
uint16_t kdc_port = lpcfg_krb5_port(lp_ctx);
uint16_t kpasswd_port = lpcfg_kpasswd_port(lp_ctx);
bool done_wildcard = false;
num_interfaces = iface_list_count(ifaces);
/* if we are allowing incoming packets from any address, then
we need to bind to the wildcard address */
if (!lpcfg_bind_interfaces_only(lp_ctx)) {
int num_binds = 0;
char **wcard = iface_list_wildcard(kdc);
NT_STATUS_HAVE_NO_MEMORY(wcard);
for (i=0; wcard[i]; i++) {
if (kdc_port) {
status = kdc_add_socket(kdc, model_ops,
"kdc", wcard[i], kdc_port,
kdc_process, false);
if (NT_STATUS_IS_OK(status)) {
num_binds++;
}
}
if (kpasswd_port) {
status = kdc_add_socket(kdc, model_ops,
"kpasswd", wcard[i], kpasswd_port,
kpasswd_process, false);
if (NT_STATUS_IS_OK(status)) {
num_binds++;
}
}
}
talloc_free(wcard);
if (num_binds == 0) {
return NT_STATUS_INVALID_PARAMETER_MIX;
}
done_wildcard = true;
}
for (i=0; i<num_interfaces; i++) {
const char *address = talloc_strdup(tmp_ctx, iface_list_n_ip(ifaces, i));
if (kdc_port) {
status = kdc_add_socket(kdc, model_ops,
"kdc", address, kdc_port,
kdc_process, done_wildcard);
NT_STATUS_NOT_OK_RETURN(status);
}
if (kpasswd_port) {
status = kdc_add_socket(kdc, model_ops,
"kpasswd", address, kpasswd_port,
kpasswd_process, done_wildcard);
NT_STATUS_NOT_OK_RETURN(status);
}
}
talloc_free(tmp_ctx);
return NT_STATUS_OK;
}
/*
return the list of interface IPs we have configured
takes an loadparm context, returns a list of IPs in string form
Does not return addresses on 127.0.0.0/8
*/
static PyObject *py_interface_ips(PyObject *self, PyObject *args)
{
PyObject *pylist;
int count;
TALLOC_CTX *tmp_ctx;
PyObject *py_lp_ctx;
struct loadparm_context *lp_ctx;
struct interface *ifaces;
int i, ifcount;
int all_interfaces = 1;
if (!PyArg_ParseTuple(args, "O|i", &py_lp_ctx, &all_interfaces))
return NULL;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
PyErr_NoMemory();
return NULL;
}
lp_ctx = lpcfg_from_py_object(tmp_ctx, py_lp_ctx);
if (lp_ctx == NULL) {
talloc_free(tmp_ctx);
return NULL;
}
load_interface_list(tmp_ctx, lp_ctx, &ifaces);
count = iface_list_count(ifaces);
/* first count how many are not loopback addresses */
for (ifcount = i = 0; i<count; i++) {
const char *ip = iface_list_n_ip(ifaces, i);
if (all_interfaces) {
ifcount++;
continue;
}
if (iface_list_same_net(ip, "127.0.0.1", "255.0.0.0")) {
continue;
}
if (iface_list_same_net(ip, "169.254.0.0", "255.255.0.0")) {
continue;
}
if (iface_list_same_net(ip, "::1", "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff")) {
continue;
}
if (iface_list_same_net(ip, "fe80::", "ffff:ffff:ffff:ffff::")) {
continue;
}
ifcount++;
}
pylist = PyList_New(ifcount);
for (ifcount = i = 0; i<count; i++) {
const char *ip = iface_list_n_ip(ifaces, i);
if (all_interfaces) {
PyList_SetItem(pylist, ifcount, PyString_FromString(ip));
ifcount++;
continue;
}
if (iface_list_same_net(ip, "127.0.0.1", "255.0.0.0")) {
continue;
}
if (iface_list_same_net(ip, "169.254.0.0", "255.255.0.0")) {
continue;
}
if (iface_list_same_net(ip, "::1", "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff")) {
continue;
}
if (iface_list_same_net(ip, "fe80::", "ffff:ffff:ffff:ffff::")) {
continue;
}
PyList_SetItem(pylist, ifcount, PyString_FromString(ip));
ifcount++;
}
talloc_free(tmp_ctx);
return pylist;
}
/*
startup the wrepl port 42 server sockets
*/
NTSTATUS wreplsrv_setup_sockets(struct wreplsrv_service *service, struct loadparm_context *lp_ctx)
{
NTSTATUS status;
struct task_server *task = service->task;
const struct model_ops *model_ops;
const char *address;
uint16_t port = WINS_REPLICATION_PORT;
/* within the wrepl task we want to be a single process, so
ask for the single process model ops and pass these to the
stream_setup_socket() call. */
model_ops = process_model_startup("single");
if (!model_ops) {
DEBUG(0,("Can't find 'single' process model_ops"));
return NT_STATUS_INTERNAL_ERROR;
}
if (lpcfg_interfaces(lp_ctx) && lpcfg_bind_interfaces_only(lp_ctx)) {
int num_interfaces;
int i;
struct interface *ifaces;
load_interface_list(task, lp_ctx, &ifaces);
num_interfaces = iface_list_count(ifaces);
/* We have been given an interfaces line, and been
told to only bind to those interfaces. Create a
socket per interface and bind to only these.
*/
for(i = 0; i < num_interfaces; i++) {
if (!iface_list_n_is_v4(ifaces, i)) {
continue;
}
address = iface_list_n_ip(ifaces, i);
status = stream_setup_socket(task, task->event_ctx,
task->lp_ctx, model_ops,
&wreplsrv_stream_ops,
"ipv4", address, &port,
lpcfg_socket_options(task->lp_ctx),
service);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("stream_setup_socket(address=%s,port=%u) failed - %s\n",
address, port, nt_errstr(status)));
return status;
}
}
} else {
address = "0.0.0.0";
status = stream_setup_socket(task, task->event_ctx, task->lp_ctx,
model_ops, &wreplsrv_stream_ops,
"ipv4", address, &port, lpcfg_socket_options(task->lp_ctx),
service);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("stream_setup_socket(address=%s,port=%u) failed - %s\n",
address, port, nt_errstr(status)));
return status;
}
}
return NT_STATUS_OK;
}
struct dnsserver_serverinfo *dnsserver_init_serverinfo(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
struct ldb_context *samdb)
{
struct dnsserver_serverinfo *serverinfo;
struct dcerpc_server_info *dinfo;
struct ldb_dn *domain_dn, *forest_dn;
struct interface *ifaces;
int num_interfaces, i;
serverinfo = talloc_zero(mem_ctx, struct dnsserver_serverinfo);
if (serverinfo == NULL) {
return NULL;
}
dinfo = lpcfg_dcerpc_server_info(mem_ctx, lp_ctx);
if (dinfo) {
serverinfo->dwVersion = (dinfo->version_build & 0x0000FFFF) << 16 |
(dinfo->version_minor & 0x000000FF) << 8 |
(dinfo->version_major & 0x000000FF);
talloc_free(dinfo);
} else {
serverinfo->dwVersion = 0x0ECE0205; /* build, os_minor, os_major */;
}
serverinfo->fBootMethod = DNS_BOOT_METHOD_DIRECTORY;
serverinfo->fAdminConfigured = 0;
serverinfo->fAllowUpdate = 1;
serverinfo->fDsAvailable = 1;
serverinfo->pszServerName = talloc_asprintf(mem_ctx, "%s.%s",
lpcfg_netbios_name(lp_ctx),
lpcfg_dnsdomain(lp_ctx));
domain_dn = ldb_get_default_basedn(samdb);
forest_dn = ldb_get_root_basedn(samdb);
serverinfo->pszDsContainer = talloc_asprintf(mem_ctx,
"CN=MicrosoftDNS,DC=DomainDnsZones,%s",
ldb_dn_get_linearized(domain_dn));
serverinfo->dwDsForestVersion = dsdb_forest_functional_level(samdb);
serverinfo->dwDsDomainVersion = dsdb_functional_level(samdb);
serverinfo->dwDsDsaVersion = 4; /* need to do ldb search here */
serverinfo->pszDomainName = samdb_dn_to_dns_domain(mem_ctx, domain_dn);
serverinfo->pszForestName = samdb_dn_to_dns_domain(mem_ctx, forest_dn);
serverinfo->pszDomainDirectoryPartition = talloc_asprintf(mem_ctx,
"DC=DomainDnsZones,%s",
ldb_dn_get_linearized(domain_dn));
serverinfo->pszForestDirectoryPartition = talloc_asprintf(mem_ctx,
"DC=ForestDnsZones,%s",
ldb_dn_get_linearized(forest_dn));
load_interface_list(mem_ctx, lp_ctx, &ifaces);
num_interfaces = iface_list_count(ifaces);
serverinfo->aipServerAddrs = talloc_zero(mem_ctx, struct IP4_ARRAY);
if (serverinfo->aipServerAddrs) {
serverinfo->aipServerAddrs->AddrCount = num_interfaces;
if (num_interfaces > 0) {
serverinfo->aipServerAddrs->AddrArray = talloc_zero_array(mem_ctx,
unsigned int,
num_interfaces);
if (serverinfo->aipServerAddrs->AddrArray) {
for (i=0; i<num_interfaces; i++) {
serverinfo->aipServerAddrs->AddrArray[i] = inet_addr(iface_list_n_ip(ifaces, i));
}
} else {
serverinfo->aipServerAddrs->AddrCount = 0;
}
}
/*
startup the web server task
*/
static void websrv_task_init(struct task_server *task)
{
NTSTATUS status;
uint16_t port = lpcfg_web_port(task->lp_ctx);
const struct model_ops *model_ops;
struct web_server_data *wdata;
task_server_set_title(task, "task[websrv]");
/* run the web server as a single process */
model_ops = process_model_startup("single");
if (!model_ops) goto failed;
/* startup the Python processor - unfortunately we can't do this
per connection as that wouldn't allow for session variables */
wdata = talloc_zero(task, struct web_server_data);
if (wdata == NULL) goto failed;
wdata->task = task;
task->private_data = wdata;
if (lpcfg_interfaces(task->lp_ctx) && lpcfg_bind_interfaces_only(task->lp_ctx)) {
int num_interfaces;
int i;
struct interface *ifaces;
load_interface_list(NULL, task->lp_ctx, &ifaces);
num_interfaces = iface_list_count(ifaces);
for(i = 0; i < num_interfaces; i++) {
const char *address = iface_list_n_ip(ifaces, i);
status = stream_setup_socket(task,
task->event_ctx,
task->lp_ctx, model_ops,
&web_stream_ops,
"ip", address,
&port, lpcfg_socket_options(task->lp_ctx),
task);
if (!NT_STATUS_IS_OK(status)) goto failed;
}
talloc_free(ifaces);
} else {
char **wcard;
int i;
wcard = iface_list_wildcard(task);
if (wcard == NULL) {
DEBUG(0,("No wildcard addresses available\n"));
goto failed;
}
for (i=0; wcard[i]; i++) {
status = stream_setup_socket(task, task->event_ctx,
task->lp_ctx, model_ops,
&web_stream_ops,
"ip", wcard[i],
&port, lpcfg_socket_options(task->lp_ctx),
wdata);
if (!NT_STATUS_IS_OK(status)) goto failed;
}
talloc_free(wcard);
}
wdata->tls_params = tls_initialise(wdata, task->lp_ctx);
if (wdata->tls_params == NULL) goto failed;
if (!wsgi_initialize(wdata)) goto failed;
return;
failed:
task_server_terminate(task, "websrv_task_init: failed to startup web server task", true);
}
/*
setup our listening sockets on the configured network interfaces
*/
NTSTATUS nbtd_startup_interfaces(struct nbtd_server *nbtsrv, struct loadparm_context *lp_ctx,
struct interface *ifaces)
{
int num_interfaces = iface_list_count(ifaces);
int i;
TALLOC_CTX *tmp_ctx = talloc_new(nbtsrv);
NTSTATUS status;
/* if we are allowing incoming packets from any address, then
we also need to bind to the wildcard address */
if (!lpcfg_bind_interfaces_only(lp_ctx)) {
const char *primary_address;
primary_address = iface_list_first_v4(ifaces);
/* the primary address is the address we will return
for non-WINS queries not made on a specific
interface */
if (primary_address == NULL) {
primary_address = inet_ntoa(interpret_addr2(
lpcfg_netbios_name(lp_ctx)));
}
primary_address = talloc_strdup(tmp_ctx, primary_address);
NT_STATUS_HAVE_NO_MEMORY(primary_address);
status = nbtd_add_socket(nbtsrv,
lp_ctx,
"0.0.0.0",
primary_address,
talloc_strdup(tmp_ctx, "255.255.255.255"),
talloc_strdup(tmp_ctx, "0.0.0.0"));
NT_STATUS_NOT_OK_RETURN(status);
}
for (i=0; i<num_interfaces; i++) {
const char *bcast;
const char *address, *netmask;
if (!iface_list_n_is_v4(ifaces, i)) {
/* v4 only for NBT protocol */
continue;
}
bcast = iface_list_n_bcast(ifaces, i);
/* we can't assume every interface is broadcast capable */
if (bcast == NULL) continue;
address = talloc_strdup(tmp_ctx, iface_list_n_ip(ifaces, i));
bcast = talloc_strdup(tmp_ctx, bcast);
netmask = talloc_strdup(tmp_ctx, iface_list_n_netmask(ifaces, i));
status = nbtd_add_socket(nbtsrv, lp_ctx,
address, address, bcast, netmask);
NT_STATUS_NOT_OK_RETURN(status);
}
if (lpcfg_wins_server_list(lp_ctx)) {
status = nbtd_add_wins_socket(nbtsrv);
NT_STATUS_NOT_OK_RETURN(status);
}
talloc_free(tmp_ctx);
return NT_STATUS_OK;
}
