/*
startup the web server task
*/
static void websrv_task_init(struct task_server *task)
{
NTSTATUS status;
uint16_t port = lp_web_port(task->lp_ctx);
const struct model_ops *model_ops;
struct web_server_data *wdata;
task_server_set_title(task, "task[websrv]");
/* run the web server as a single process */
model_ops = process_model_startup(task->event_ctx, "single");
if (!model_ops) goto failed;
if (lp_interfaces(task->lp_ctx) && lp_bind_interfaces_only(task->lp_ctx)) {
int num_interfaces;
int i;
struct interface *ifaces;
load_interfaces(NULL, lp_interfaces(task->lp_ctx), &ifaces);
num_interfaces = iface_count(ifaces);
for(i = 0; i < num_interfaces; i++) {
const char *address = iface_n_ip(ifaces, i);
status = stream_setup_socket(task->event_ctx,
task->lp_ctx, model_ops,
&web_stream_ops,
"ipv4", address,
&port, lp_socket_options(task->lp_ctx),
task);
if (!NT_STATUS_IS_OK(status)) goto failed;
}
talloc_free(ifaces);
} else {
status = stream_setup_socket(task->event_ctx, task->lp_ctx,
model_ops, &web_stream_ops,
"ipv4", lp_socket_address(task->lp_ctx),
&port, lp_socket_options(task->lp_ctx), task);
if (!NT_STATUS_IS_OK(status)) goto failed;
}
/* startup the esp processor - unfortunately we can't do this
per connection as that wouldn't allow for session variables */
wdata = talloc_zero(task, struct web_server_data);
if (wdata == NULL)goto failed;
task->private_data = wdata;
wdata->tls_params = tls_initialise(wdata, task->lp_ctx);
if (wdata->tls_params == NULL) goto failed;
if (!wsgi_initialize(wdata)) goto failed;
return;
failed:
task_server_terminate(task, "websrv_task_init: failed to startup web server task", true);
}
/*
setup a listening socket on all the SMB ports for a particular address
*/
static NTSTATUS samba3_add_socket(struct task_server *task,
struct tevent_context *event_context,
struct loadparm_context *lp_ctx,
const struct model_ops *model_ops,
const char *address)
{
const char **ports = lpcfg_smb_ports(lp_ctx);
int i;
NTSTATUS status;
for (i=0;ports[i];i++) {
uint16_t port = atoi(ports[i]);
if (port == 0) continue;
status = stream_setup_socket(task, event_context, lp_ctx,
model_ops, &samba3_smb_stream_ops,
"ip", address, &port,
lpcfg_socket_options(lp_ctx),
NULL);
NT_STATUS_NOT_OK_RETURN(status);
}
return NT_STATUS_OK;
}
NTSTATUS tstream_setup_named_pipe(TALLOC_CTX *mem_ctx,
struct tevent_context *event_context,
struct loadparm_context *lp_ctx,
const struct model_ops *model_ops,
const struct stream_server_ops *stream_ops,
const char *pipe_name,
void *private_data,
void *process_context)
{
char *dirname;
struct named_pipe_socket *pipe_sock;
NTSTATUS status = NT_STATUS_NO_MEMORY;;
pipe_sock = talloc(mem_ctx, struct named_pipe_socket);
if (pipe_sock == NULL) {
goto fail;
}
/* remember the details about the pipe */
pipe_sock->pipe_name = strlower_talloc(pipe_sock, pipe_name);
if (pipe_sock->pipe_name == NULL) {
goto fail;
}
if (!directory_create_or_exist(lpcfg_ncalrpc_dir(lp_ctx), 0755)) {
status = map_nt_error_from_unix_common(errno);
DBG_ERR("Failed to create ncalrpc pipe directory '%s' - %s\n",
lpcfg_ncalrpc_dir(lp_ctx), nt_errstr(status));
goto fail;
}
dirname = talloc_asprintf(pipe_sock, "%s/np", lpcfg_ncalrpc_dir(lp_ctx));
if (dirname == NULL) {
goto fail;
}
if (!directory_create_or_exist_strict(dirname, geteuid(), 0700)) {
status = map_nt_error_from_unix_common(errno);
DBG_ERR("Failed to create stream pipe directory '%s' - %s\n",
dirname, nt_errstr(status));
goto fail;
}
if (strncmp(pipe_name, "\\pipe\\", 6) == 0) {
pipe_name += 6;
}
pipe_sock->pipe_path = talloc_asprintf(pipe_sock, "%s/%s", dirname,
pipe_name);
if (pipe_sock->pipe_path == NULL) {
goto fail;
}
talloc_free(dirname);
pipe_sock->ops = stream_ops;
pipe_sock->private_data = private_data;
status = stream_setup_socket(pipe_sock,
event_context,
lp_ctx,
model_ops,
&named_pipe_stream_ops,
"unix",
pipe_sock->pipe_path,
NULL,
NULL,
pipe_sock,
process_context);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
return NT_STATUS_OK;
fail:
talloc_free(pipe_sock);
return status;
}
/*
startup the winbind task
*/
static void winbind_task_init(struct task_server *task)
{
uint16_t port = 1;
const struct model_ops *model_ops;
NTSTATUS status;
struct wbsrv_service *service;
struct wbsrv_listen_socket *listen_socket;
char *errstring;
struct dom_sid *primary_sid;
bool ok;
task_server_set_title(task, "task[winbind]");
/* within the winbind task we want to be a single process, so
ask for the single process model ops and pass these to the
stream_setup_socket() call. */
model_ops = process_model_startup("single");
if (!model_ops) {
task_server_terminate(task,
"Can't find 'single' process model_ops", true);
return;
}
/* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */
ok = directory_create_or_exist_strict(lpcfg_winbindd_socket_directory(task->lp_ctx),
geteuid(), 0755);
if (!ok) {
task_server_terminate(task,
"Cannot create winbindd pipe directory", true);
return;
}
/* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */
ok = directory_create_or_exist_strict(lpcfg_winbindd_privileged_socket_directory(task->lp_ctx),
geteuid(), 0750);
if (!ok) {
task_server_terminate(task,
"Cannot create winbindd privileged pipe directory", true);
return;
}
service = talloc_zero(task, struct wbsrv_service);
if (!service) goto nomem;
service->task = task;
/* Find the primary SID, depending if we are a standalone
* server (what good is winbind in this case, but anyway...),
* or are in a domain as a member or a DC */
switch (lpcfg_server_role(service->task->lp_ctx)) {
case ROLE_STANDALONE:
primary_sid = secrets_get_domain_sid(service,
service->task->lp_ctx,
lpcfg_netbios_name(service->task->lp_ctx),
&service->sec_channel_type,
&errstring);
if (!primary_sid) {
char *message = talloc_asprintf(task,
"Cannot start Winbind (standalone configuration): %s: "
"Have you provisioned this server (%s) or changed it's name?",
errstring, lpcfg_netbios_name(service->task->lp_ctx));
task_server_terminate(task, message, true);
return;
}
break;
case ROLE_DOMAIN_MEMBER:
primary_sid = secrets_get_domain_sid(service,
service->task->lp_ctx,
lpcfg_workgroup(service->task->lp_ctx),
&service->sec_channel_type,
&errstring);
if (!primary_sid) {
char *message = talloc_asprintf(task, "Cannot start Winbind (domain member): %s: "
"Have you joined the %s domain?",
errstring, lpcfg_workgroup(service->task->lp_ctx));
task_server_terminate(task, message, true);
return;
}
break;
case ROLE_ACTIVE_DIRECTORY_DC:
primary_sid = secrets_get_domain_sid(service,
service->task->lp_ctx,
lpcfg_workgroup(service->task->lp_ctx),
&service->sec_channel_type,
&errstring);
if (!primary_sid) {
char *message = talloc_asprintf(task, "Cannot start Winbind (domain controller): %s: "
"Have you provisioned the %s domain?",
errstring, lpcfg_workgroup(service->task->lp_ctx));
task_server_terminate(task, message, true);
return;
}
break;
case ROLE_DOMAIN_PDC:
case ROLE_DOMAIN_BDC:
task_server_terminate(task, "Cannot start 'samba' winbindd as a 'classic samba' DC: use winbindd instead", true);
return;
}
service->primary_sid = primary_sid;
service->idmap_ctx = idmap_init(service, task->event_ctx, task->lp_ctx);
if (service->idmap_ctx == NULL) {
task_server_terminate(task, "Failed to load idmap database", true);
return;
}
service->priv_pipe_dir = lpcfg_winbindd_privileged_socket_directory(task->lp_ctx);
service->pipe_dir = lpcfg_winbindd_socket_directory(task->lp_ctx);
/* setup the unprivileged samba3 socket */
listen_socket = talloc(service, struct wbsrv_listen_socket);
if (!listen_socket) goto nomem;
listen_socket->socket_path = talloc_asprintf(listen_socket, "%s/%s",
service->pipe_dir,
WINBINDD_SOCKET_NAME);
if (!listen_socket->socket_path) goto nomem;
listen_socket->service = service;
listen_socket->privileged = false;
status = stream_setup_socket(task, task->event_ctx, task->lp_ctx, model_ops,
&wbsrv_ops, "unix",
listen_socket->socket_path, &port,
lpcfg_socket_options(task->lp_ctx),
listen_socket);
if (!NT_STATUS_IS_OK(status)) goto listen_failed;
/* setup the privileged samba3 socket */
listen_socket = talloc(service, struct wbsrv_listen_socket);
if (!listen_socket) goto nomem;
listen_socket->socket_path
= talloc_asprintf(listen_socket, "%s/%s",
service->priv_pipe_dir,
WINBINDD_SOCKET_NAME);
if (!listen_socket->socket_path) goto nomem;
listen_socket->service = service;
listen_socket->privileged = true;
status = stream_setup_socket(task, task->event_ctx, task->lp_ctx, model_ops,
&wbsrv_ops, "unix",
listen_socket->socket_path, &port,
lpcfg_socket_options(task->lp_ctx),
listen_socket);
if (!NT_STATUS_IS_OK(status)) goto listen_failed;
status = wbsrv_init_irpc(service);
if (!NT_STATUS_IS_OK(status)) goto irpc_failed;
return;
listen_failed:
DEBUG(0,("stream_setup_socket(path=%s) failed - %s\n",
listen_socket->socket_path, nt_errstr(status)));
task_server_terminate(task, nt_errstr(status), true);
return;
irpc_failed:
DEBUG(0,("wbsrv_init_irpc() failed - %s\n",
nt_errstr(status)));
task_server_terminate(task, nt_errstr(status), true);
return;
nomem:
task_server_terminate(task, nt_errstr(NT_STATUS_NO_MEMORY), true);
return;
}
/*
open the ldap server sockets
*/
static void ldapsrv_task_init(struct task_server *task)
{
char *ldapi_path;
#ifdef WITH_LDAPI_PRIV_SOCKET
char *priv_dir;
#endif
struct ldapsrv_service *ldap_service;
NTSTATUS status;
const struct model_ops *model_ops;
switch (lp_server_role(task->lp_ctx)) {
case ROLE_STANDALONE:
task_server_terminate(task, "ldap_server: no LDAP server required in standalone configuration",
false);
return;
case ROLE_DOMAIN_MEMBER:
task_server_terminate(task, "ldap_server: no LDAP server required in member server configuration",
false);
return;
case ROLE_DOMAIN_CONTROLLER:
/* Yes, we want an LDAP server */
break;
}
task_server_set_title(task, "task[ldapsrv]");
/* run the ldap server as a single process */
model_ops = process_model_startup(task->event_ctx, "single");
if (!model_ops) goto failed;
ldap_service = talloc_zero(task, struct ldapsrv_service);
if (ldap_service == NULL) goto failed;
ldap_service->task = task;
ldap_service->tls_params = tls_initialise(ldap_service, task->lp_ctx);
if (ldap_service->tls_params == NULL) goto failed;
if (lp_interfaces(task->lp_ctx) && lp_bind_interfaces_only(task->lp_ctx)) {
struct interface *ifaces;
int num_interfaces;
int i;
load_interfaces(task, lp_interfaces(task->lp_ctx), &ifaces);
num_interfaces = iface_count(ifaces);
/* We have been given an interfaces line, and been
told to only bind to those interfaces. Create a
socket per interface and bind to only these.
*/
for(i = 0; i < num_interfaces; i++) {
const char *address = iface_n_ip(ifaces, i);
status = add_socket(task->event_ctx, task->lp_ctx, model_ops, address, ldap_service);
if (!NT_STATUS_IS_OK(status)) goto failed;
}
} else {
status = add_socket(task->event_ctx, task->lp_ctx, model_ops,
lp_socket_address(task->lp_ctx), ldap_service);
if (!NT_STATUS_IS_OK(status)) goto failed;
}
ldapi_path = private_path(ldap_service, task->lp_ctx, "ldapi");
if (!ldapi_path) {
goto failed;
}
status = stream_setup_socket(task->event_ctx, task->lp_ctx,
model_ops, &ldap_stream_nonpriv_ops,
"unix", ldapi_path, NULL,
lp_socket_options(task->lp_ctx),
ldap_service);
talloc_free(ldapi_path);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("ldapsrv failed to bind to %s - %s\n",
ldapi_path, nt_errstr(status)));
}
#ifdef WITH_LDAPI_PRIV_SOCKET
priv_dir = private_path(ldap_service, task->lp_ctx, "ldap_priv");
if (priv_dir == NULL) {
goto failed;
}
/*
* Make sure the directory for the privileged ldapi socket exists, and
* is of the correct permissions
*/
if (!directory_create_or_exist(priv_dir, geteuid(), 0750)) {
task_server_terminate(task, "Cannot create ldap "
"privileged ldapi directory", true);
return;
}
ldapi_path = talloc_asprintf(ldap_service, "%s/ldapi", priv_dir);
talloc_free(priv_dir);
if (ldapi_path == NULL) {
goto failed;
}
status = stream_setup_socket(task->event_ctx, task->lp_ctx,
model_ops, &ldap_stream_priv_ops,
"unix", ldapi_path, NULL,
lp_socket_options(task->lp_ctx),
ldap_service);
talloc_free(ldapi_path);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("ldapsrv failed to bind to %s - %s\n",
ldapi_path, nt_errstr(status)));
}
#endif
return;
failed:
task_server_terminate(task, "Failed to startup ldap server task", true);
}
/*
add a socket address to the list of events, one event per port
*/
static NTSTATUS add_socket(struct tevent_context *event_context,
struct loadparm_context *lp_ctx,
const struct model_ops *model_ops,
const char *address, struct ldapsrv_service *ldap_service)
{
uint16_t port = 389;
NTSTATUS status;
struct ldb_context *ldb;
status = stream_setup_socket(event_context, lp_ctx,
model_ops, &ldap_stream_nonpriv_ops,
"ipv4", address, &port,
lp_socket_options(lp_ctx),
ldap_service);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n",
address, port, nt_errstr(status)));
}
if (tls_support(ldap_service->tls_params)) {
/* add ldaps server */
port = 636;
status = stream_setup_socket(event_context, lp_ctx,
model_ops,
&ldap_stream_nonpriv_ops,
"ipv4", address, &port,
lp_socket_options(lp_ctx),
ldap_service);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n",
address, port, nt_errstr(status)));
}
}
/* Load LDAP database, but only to read our settings */
ldb = samdb_connect(ldap_service, ldap_service->task->event_ctx,
lp_ctx, system_session(ldap_service, lp_ctx));
if (!ldb) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
if (samdb_is_gc(ldb)) {
port = 3268;
status = stream_setup_socket(event_context, lp_ctx,
model_ops,
&ldap_stream_nonpriv_ops,
"ipv4", address, &port,
lp_socket_options(lp_ctx),
ldap_service);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n",
address, port, nt_errstr(status)));
}
}
/* And once we are bound, free the tempoary ldb, it will
* connect again on each incoming LDAP connection */
talloc_free(ldb);
return status;
}
/*
startup the wrepl port 42 server sockets
*/
NTSTATUS wreplsrv_setup_sockets(struct wreplsrv_service *service, struct loadparm_context *lp_ctx)
{
NTSTATUS status;
struct task_server *task = service->task;
const struct model_ops *model_ops;
const char *address;
uint16_t port = WINS_REPLICATION_PORT;
/* within the wrepl task we want to be a single process, so
ask for the single process model ops and pass these to the
stream_setup_socket() call. */
model_ops = process_model_startup("single");
if (!model_ops) {
DEBUG(0,("Can't find 'single' process model_ops"));
return NT_STATUS_INTERNAL_ERROR;
}
if (lpcfg_interfaces(lp_ctx) && lpcfg_bind_interfaces_only(lp_ctx)) {
int num_interfaces;
int i;
struct interface *ifaces;
load_interface_list(task, lp_ctx, &ifaces);
num_interfaces = iface_list_count(ifaces);
/* We have been given an interfaces line, and been
told to only bind to those interfaces. Create a
socket per interface and bind to only these.
*/
for(i = 0; i < num_interfaces; i++) {
if (!iface_list_n_is_v4(ifaces, i)) {
continue;
}
address = iface_list_n_ip(ifaces, i);
status = stream_setup_socket(task, task->event_ctx,
task->lp_ctx, model_ops,
&wreplsrv_stream_ops,
"ipv4", address, &port,
lpcfg_socket_options(task->lp_ctx),
service);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("stream_setup_socket(address=%s,port=%u) failed - %s\n",
address, port, nt_errstr(status)));
return status;
}
}
} else {
address = "0.0.0.0";
status = stream_setup_socket(task, task->event_ctx, task->lp_ctx,
model_ops, &wreplsrv_stream_ops,
"ipv4", address, &port, lpcfg_socket_options(task->lp_ctx),
service);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("stream_setup_socket(address=%s,port=%u) failed - %s\n",
address, port, nt_errstr(status)));
return status;
}
}
return NT_STATUS_OK;
}
/*
startup the winbind task
*/
static void winbind_task_init(struct task_server *task)
{
uint16_t port = 1;
const struct model_ops *model_ops;
NTSTATUS status;
struct wbsrv_service *service;
struct wbsrv_listen_socket *listen_socket;
task_server_set_title(task, "task[winbind]");
/* within the winbind task we want to be a single process, so
ask for the single process model ops and pass these to the
stream_setup_socket() call. */
model_ops = process_model_startup(task->event_ctx, "single");
if (!model_ops) {
task_server_terminate(task,
"Can't find 'single' process model_ops", true);
return;
}
/* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */
if (!directory_create_or_exist(lp_winbindd_socket_directory(task->lp_ctx), geteuid(), 0755)) {
task_server_terminate(task,
"Cannot create winbindd pipe directory", true);
return;
}
/* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */
if (!directory_create_or_exist(lp_winbindd_privileged_socket_directory(task->lp_ctx), geteuid(), 0750)) {
task_server_terminate(task,
"Cannot create winbindd privileged pipe directory", true);
return;
}
service = talloc_zero(task, struct wbsrv_service);
if (!service) goto nomem;
service->task = task;
status = wbsrv_setup_domains(service);
if (!NT_STATUS_IS_OK(status)) {
task_server_terminate(task, nt_errstr(status), true);
return;
}
service->idmap_ctx = idmap_init(service, task->event_ctx, task->lp_ctx);
if (service->idmap_ctx == NULL) {
task_server_terminate(task, "Failed to load idmap database", true);
return;
}
/* setup the unprivileged samba3 socket */
listen_socket = talloc(service, struct wbsrv_listen_socket);
if (!listen_socket) goto nomem;
listen_socket->socket_path = talloc_asprintf(listen_socket, "%s/%s",
lp_winbindd_socket_directory(task->lp_ctx),
WINBINDD_SAMBA3_SOCKET);
if (!listen_socket->socket_path) goto nomem;
listen_socket->service = service;
listen_socket->privileged = false;
status = stream_setup_socket(task->event_ctx, task->lp_ctx, model_ops,
&wbsrv_ops, "unix",
listen_socket->socket_path, &port,
lp_socket_options(task->lp_ctx),
listen_socket);
if (!NT_STATUS_IS_OK(status)) goto listen_failed;
/* setup the privileged samba3 socket */
listen_socket = talloc(service, struct wbsrv_listen_socket);
if (!listen_socket) goto nomem;
listen_socket->socket_path
= service->priv_socket_path
= talloc_asprintf(listen_socket, "%s/%s",
lp_winbindd_privileged_socket_directory(task->lp_ctx),
WINBINDD_SAMBA3_SOCKET);
if (!listen_socket->socket_path) goto nomem;
if (!listen_socket->socket_path) goto nomem;
listen_socket->service = service;
listen_socket->privileged = true;
status = stream_setup_socket(task->event_ctx, task->lp_ctx, model_ops,
&wbsrv_ops, "unix",
listen_socket->socket_path, &port,
lp_socket_options(task->lp_ctx),
listen_socket);
if (!NT_STATUS_IS_OK(status)) goto listen_failed;
status = wbsrv_init_irpc(service);
if (!NT_STATUS_IS_OK(status)) goto irpc_failed;
return;
listen_failed:
DEBUG(0,("stream_setup_socket(path=%s) failed - %s\n",
listen_socket->socket_path, nt_errstr(status)));
task_server_terminate(task, nt_errstr(status), true);
return;
irpc_failed:
DEBUG(0,("wbsrv_init_irpc() failed - %s\n",
nt_errstr(status)));
task_server_terminate(task, nt_errstr(status), true);
return;
nomem:
task_server_terminate(task, nt_errstr(NT_STATUS_NO_MEMORY), true);
return;
}
