/* startup the web server task */ static void websrv_task_init(struct task_server *task) { NTSTATUS status; uint16_t port = lp_web_port(task->lp_ctx); const struct model_ops *model_ops; struct web_server_data *wdata; task_server_set_title(task, "task[websrv]"); /* run the web server as a single process */ model_ops = process_model_startup(task->event_ctx, "single"); if (!model_ops) goto failed; if (lp_interfaces(task->lp_ctx) && lp_bind_interfaces_only(task->lp_ctx)) { int num_interfaces; int i; struct interface *ifaces; load_interfaces(NULL, lp_interfaces(task->lp_ctx), &ifaces); num_interfaces = iface_count(ifaces); for(i = 0; i < num_interfaces; i++) { const char *address = iface_n_ip(ifaces, i); status = stream_setup_socket(task->event_ctx, task->lp_ctx, model_ops, &web_stream_ops, "ipv4", address, &port, lp_socket_options(task->lp_ctx), task); if (!NT_STATUS_IS_OK(status)) goto failed; } talloc_free(ifaces); } else { status = stream_setup_socket(task->event_ctx, task->lp_ctx, model_ops, &web_stream_ops, "ipv4", lp_socket_address(task->lp_ctx), &port, lp_socket_options(task->lp_ctx), task); if (!NT_STATUS_IS_OK(status)) goto failed; } /* startup the esp processor - unfortunately we can't do this per connection as that wouldn't allow for session variables */ wdata = talloc_zero(task, struct web_server_data); if (wdata == NULL)goto failed; task->private_data = wdata; wdata->tls_params = tls_initialise(wdata, task->lp_ctx); if (wdata->tls_params == NULL) goto failed; if (!wsgi_initialize(wdata)) goto failed; return; failed: task_server_terminate(task, "websrv_task_init: failed to startup web server task", true); }
/* setup a listening socket on all the SMB ports for a particular address */ static NTSTATUS samba3_add_socket(struct task_server *task, struct tevent_context *event_context, struct loadparm_context *lp_ctx, const struct model_ops *model_ops, const char *address) { const char **ports = lpcfg_smb_ports(lp_ctx); int i; NTSTATUS status; for (i=0;ports[i];i++) { uint16_t port = atoi(ports[i]); if (port == 0) continue; status = stream_setup_socket(task, event_context, lp_ctx, model_ops, &samba3_smb_stream_ops, "ip", address, &port, lpcfg_socket_options(lp_ctx), NULL); NT_STATUS_NOT_OK_RETURN(status); } return NT_STATUS_OK; }
NTSTATUS tstream_setup_named_pipe(TALLOC_CTX *mem_ctx, struct tevent_context *event_context, struct loadparm_context *lp_ctx, const struct model_ops *model_ops, const struct stream_server_ops *stream_ops, const char *pipe_name, void *private_data, void *process_context) { char *dirname; struct named_pipe_socket *pipe_sock; NTSTATUS status = NT_STATUS_NO_MEMORY;; pipe_sock = talloc(mem_ctx, struct named_pipe_socket); if (pipe_sock == NULL) { goto fail; } /* remember the details about the pipe */ pipe_sock->pipe_name = strlower_talloc(pipe_sock, pipe_name); if (pipe_sock->pipe_name == NULL) { goto fail; } if (!directory_create_or_exist(lpcfg_ncalrpc_dir(lp_ctx), 0755)) { status = map_nt_error_from_unix_common(errno); DBG_ERR("Failed to create ncalrpc pipe directory '%s' - %s\n", lpcfg_ncalrpc_dir(lp_ctx), nt_errstr(status)); goto fail; } dirname = talloc_asprintf(pipe_sock, "%s/np", lpcfg_ncalrpc_dir(lp_ctx)); if (dirname == NULL) { goto fail; } if (!directory_create_or_exist_strict(dirname, geteuid(), 0700)) { status = map_nt_error_from_unix_common(errno); DBG_ERR("Failed to create stream pipe directory '%s' - %s\n", dirname, nt_errstr(status)); goto fail; } if (strncmp(pipe_name, "\\pipe\\", 6) == 0) { pipe_name += 6; } pipe_sock->pipe_path = talloc_asprintf(pipe_sock, "%s/%s", dirname, pipe_name); if (pipe_sock->pipe_path == NULL) { goto fail; } talloc_free(dirname); pipe_sock->ops = stream_ops; pipe_sock->private_data = private_data; status = stream_setup_socket(pipe_sock, event_context, lp_ctx, model_ops, &named_pipe_stream_ops, "unix", pipe_sock->pipe_path, NULL, NULL, pipe_sock, process_context); if (!NT_STATUS_IS_OK(status)) { goto fail; } return NT_STATUS_OK; fail: talloc_free(pipe_sock); return status; }
/* startup the winbind task */ static void winbind_task_init(struct task_server *task) { uint16_t port = 1; const struct model_ops *model_ops; NTSTATUS status; struct wbsrv_service *service; struct wbsrv_listen_socket *listen_socket; char *errstring; struct dom_sid *primary_sid; bool ok; task_server_set_title(task, "task[winbind]"); /* within the winbind task we want to be a single process, so ask for the single process model ops and pass these to the stream_setup_socket() call. */ model_ops = process_model_startup("single"); if (!model_ops) { task_server_terminate(task, "Can't find 'single' process model_ops", true); return; } /* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */ ok = directory_create_or_exist_strict(lpcfg_winbindd_socket_directory(task->lp_ctx), geteuid(), 0755); if (!ok) { task_server_terminate(task, "Cannot create winbindd pipe directory", true); return; } /* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */ ok = directory_create_or_exist_strict(lpcfg_winbindd_privileged_socket_directory(task->lp_ctx), geteuid(), 0750); if (!ok) { task_server_terminate(task, "Cannot create winbindd privileged pipe directory", true); return; } service = talloc_zero(task, struct wbsrv_service); if (!service) goto nomem; service->task = task; /* Find the primary SID, depending if we are a standalone * server (what good is winbind in this case, but anyway...), * or are in a domain as a member or a DC */ switch (lpcfg_server_role(service->task->lp_ctx)) { case ROLE_STANDALONE: primary_sid = secrets_get_domain_sid(service, service->task->lp_ctx, lpcfg_netbios_name(service->task->lp_ctx), &service->sec_channel_type, &errstring); if (!primary_sid) { char *message = talloc_asprintf(task, "Cannot start Winbind (standalone configuration): %s: " "Have you provisioned this server (%s) or changed it's name?", errstring, lpcfg_netbios_name(service->task->lp_ctx)); task_server_terminate(task, message, true); return; } break; case ROLE_DOMAIN_MEMBER: primary_sid = secrets_get_domain_sid(service, service->task->lp_ctx, lpcfg_workgroup(service->task->lp_ctx), &service->sec_channel_type, &errstring); if (!primary_sid) { char *message = talloc_asprintf(task, "Cannot start Winbind (domain member): %s: " "Have you joined the %s domain?", errstring, lpcfg_workgroup(service->task->lp_ctx)); task_server_terminate(task, message, true); return; } break; case ROLE_ACTIVE_DIRECTORY_DC: primary_sid = secrets_get_domain_sid(service, service->task->lp_ctx, lpcfg_workgroup(service->task->lp_ctx), &service->sec_channel_type, &errstring); if (!primary_sid) { char *message = talloc_asprintf(task, "Cannot start Winbind (domain controller): %s: " "Have you provisioned the %s domain?", errstring, lpcfg_workgroup(service->task->lp_ctx)); task_server_terminate(task, message, true); return; } break; case ROLE_DOMAIN_PDC: case ROLE_DOMAIN_BDC: task_server_terminate(task, "Cannot start 'samba' winbindd as a 'classic samba' DC: use winbindd instead", true); return; } service->primary_sid = primary_sid; service->idmap_ctx = idmap_init(service, task->event_ctx, task->lp_ctx); if (service->idmap_ctx == NULL) { task_server_terminate(task, "Failed to load idmap database", true); return; } service->priv_pipe_dir = lpcfg_winbindd_privileged_socket_directory(task->lp_ctx); service->pipe_dir = lpcfg_winbindd_socket_directory(task->lp_ctx); /* setup the unprivileged samba3 socket */ listen_socket = talloc(service, struct wbsrv_listen_socket); if (!listen_socket) goto nomem; listen_socket->socket_path = talloc_asprintf(listen_socket, "%s/%s", service->pipe_dir, WINBINDD_SOCKET_NAME); if (!listen_socket->socket_path) goto nomem; listen_socket->service = service; listen_socket->privileged = false; status = stream_setup_socket(task, task->event_ctx, task->lp_ctx, model_ops, &wbsrv_ops, "unix", listen_socket->socket_path, &port, lpcfg_socket_options(task->lp_ctx), listen_socket); if (!NT_STATUS_IS_OK(status)) goto listen_failed; /* setup the privileged samba3 socket */ listen_socket = talloc(service, struct wbsrv_listen_socket); if (!listen_socket) goto nomem; listen_socket->socket_path = talloc_asprintf(listen_socket, "%s/%s", service->priv_pipe_dir, WINBINDD_SOCKET_NAME); if (!listen_socket->socket_path) goto nomem; listen_socket->service = service; listen_socket->privileged = true; status = stream_setup_socket(task, task->event_ctx, task->lp_ctx, model_ops, &wbsrv_ops, "unix", listen_socket->socket_path, &port, lpcfg_socket_options(task->lp_ctx), listen_socket); if (!NT_STATUS_IS_OK(status)) goto listen_failed; status = wbsrv_init_irpc(service); if (!NT_STATUS_IS_OK(status)) goto irpc_failed; return; listen_failed: DEBUG(0,("stream_setup_socket(path=%s) failed - %s\n", listen_socket->socket_path, nt_errstr(status))); task_server_terminate(task, nt_errstr(status), true); return; irpc_failed: DEBUG(0,("wbsrv_init_irpc() failed - %s\n", nt_errstr(status))); task_server_terminate(task, nt_errstr(status), true); return; nomem: task_server_terminate(task, nt_errstr(NT_STATUS_NO_MEMORY), true); return; }
/* open the ldap server sockets */ static void ldapsrv_task_init(struct task_server *task) { char *ldapi_path; #ifdef WITH_LDAPI_PRIV_SOCKET char *priv_dir; #endif struct ldapsrv_service *ldap_service; NTSTATUS status; const struct model_ops *model_ops; switch (lp_server_role(task->lp_ctx)) { case ROLE_STANDALONE: task_server_terminate(task, "ldap_server: no LDAP server required in standalone configuration", false); return; case ROLE_DOMAIN_MEMBER: task_server_terminate(task, "ldap_server: no LDAP server required in member server configuration", false); return; case ROLE_DOMAIN_CONTROLLER: /* Yes, we want an LDAP server */ break; } task_server_set_title(task, "task[ldapsrv]"); /* run the ldap server as a single process */ model_ops = process_model_startup(task->event_ctx, "single"); if (!model_ops) goto failed; ldap_service = talloc_zero(task, struct ldapsrv_service); if (ldap_service == NULL) goto failed; ldap_service->task = task; ldap_service->tls_params = tls_initialise(ldap_service, task->lp_ctx); if (ldap_service->tls_params == NULL) goto failed; if (lp_interfaces(task->lp_ctx) && lp_bind_interfaces_only(task->lp_ctx)) { struct interface *ifaces; int num_interfaces; int i; load_interfaces(task, lp_interfaces(task->lp_ctx), &ifaces); num_interfaces = iface_count(ifaces); /* We have been given an interfaces line, and been told to only bind to those interfaces. Create a socket per interface and bind to only these. */ for(i = 0; i < num_interfaces; i++) { const char *address = iface_n_ip(ifaces, i); status = add_socket(task->event_ctx, task->lp_ctx, model_ops, address, ldap_service); if (!NT_STATUS_IS_OK(status)) goto failed; } } else { status = add_socket(task->event_ctx, task->lp_ctx, model_ops, lp_socket_address(task->lp_ctx), ldap_service); if (!NT_STATUS_IS_OK(status)) goto failed; } ldapi_path = private_path(ldap_service, task->lp_ctx, "ldapi"); if (!ldapi_path) { goto failed; } status = stream_setup_socket(task->event_ctx, task->lp_ctx, model_ops, &ldap_stream_nonpriv_ops, "unix", ldapi_path, NULL, lp_socket_options(task->lp_ctx), ldap_service); talloc_free(ldapi_path); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("ldapsrv failed to bind to %s - %s\n", ldapi_path, nt_errstr(status))); } #ifdef WITH_LDAPI_PRIV_SOCKET priv_dir = private_path(ldap_service, task->lp_ctx, "ldap_priv"); if (priv_dir == NULL) { goto failed; } /* * Make sure the directory for the privileged ldapi socket exists, and * is of the correct permissions */ if (!directory_create_or_exist(priv_dir, geteuid(), 0750)) { task_server_terminate(task, "Cannot create ldap " "privileged ldapi directory", true); return; } ldapi_path = talloc_asprintf(ldap_service, "%s/ldapi", priv_dir); talloc_free(priv_dir); if (ldapi_path == NULL) { goto failed; } status = stream_setup_socket(task->event_ctx, task->lp_ctx, model_ops, &ldap_stream_priv_ops, "unix", ldapi_path, NULL, lp_socket_options(task->lp_ctx), ldap_service); talloc_free(ldapi_path); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("ldapsrv failed to bind to %s - %s\n", ldapi_path, nt_errstr(status))); } #endif return; failed: task_server_terminate(task, "Failed to startup ldap server task", true); }
/* add a socket address to the list of events, one event per port */ static NTSTATUS add_socket(struct tevent_context *event_context, struct loadparm_context *lp_ctx, const struct model_ops *model_ops, const char *address, struct ldapsrv_service *ldap_service) { uint16_t port = 389; NTSTATUS status; struct ldb_context *ldb; status = stream_setup_socket(event_context, lp_ctx, model_ops, &ldap_stream_nonpriv_ops, "ipv4", address, &port, lp_socket_options(lp_ctx), ldap_service); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n", address, port, nt_errstr(status))); } if (tls_support(ldap_service->tls_params)) { /* add ldaps server */ port = 636; status = stream_setup_socket(event_context, lp_ctx, model_ops, &ldap_stream_nonpriv_ops, "ipv4", address, &port, lp_socket_options(lp_ctx), ldap_service); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n", address, port, nt_errstr(status))); } } /* Load LDAP database, but only to read our settings */ ldb = samdb_connect(ldap_service, ldap_service->task->event_ctx, lp_ctx, system_session(ldap_service, lp_ctx)); if (!ldb) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } if (samdb_is_gc(ldb)) { port = 3268; status = stream_setup_socket(event_context, lp_ctx, model_ops, &ldap_stream_nonpriv_ops, "ipv4", address, &port, lp_socket_options(lp_ctx), ldap_service); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n", address, port, nt_errstr(status))); } } /* And once we are bound, free the tempoary ldb, it will * connect again on each incoming LDAP connection */ talloc_free(ldb); return status; }
/* startup the wrepl port 42 server sockets */ NTSTATUS wreplsrv_setup_sockets(struct wreplsrv_service *service, struct loadparm_context *lp_ctx) { NTSTATUS status; struct task_server *task = service->task; const struct model_ops *model_ops; const char *address; uint16_t port = WINS_REPLICATION_PORT; /* within the wrepl task we want to be a single process, so ask for the single process model ops and pass these to the stream_setup_socket() call. */ model_ops = process_model_startup("single"); if (!model_ops) { DEBUG(0,("Can't find 'single' process model_ops")); return NT_STATUS_INTERNAL_ERROR; } if (lpcfg_interfaces(lp_ctx) && lpcfg_bind_interfaces_only(lp_ctx)) { int num_interfaces; int i; struct interface *ifaces; load_interface_list(task, lp_ctx, &ifaces); num_interfaces = iface_list_count(ifaces); /* We have been given an interfaces line, and been told to only bind to those interfaces. Create a socket per interface and bind to only these. */ for(i = 0; i < num_interfaces; i++) { if (!iface_list_n_is_v4(ifaces, i)) { continue; } address = iface_list_n_ip(ifaces, i); status = stream_setup_socket(task, task->event_ctx, task->lp_ctx, model_ops, &wreplsrv_stream_ops, "ipv4", address, &port, lpcfg_socket_options(task->lp_ctx), service); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("stream_setup_socket(address=%s,port=%u) failed - %s\n", address, port, nt_errstr(status))); return status; } } } else { address = "0.0.0.0"; status = stream_setup_socket(task, task->event_ctx, task->lp_ctx, model_ops, &wreplsrv_stream_ops, "ipv4", address, &port, lpcfg_socket_options(task->lp_ctx), service); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("stream_setup_socket(address=%s,port=%u) failed - %s\n", address, port, nt_errstr(status))); return status; } } return NT_STATUS_OK; }
/* startup the winbind task */ static void winbind_task_init(struct task_server *task) { uint16_t port = 1; const struct model_ops *model_ops; NTSTATUS status; struct wbsrv_service *service; struct wbsrv_listen_socket *listen_socket; task_server_set_title(task, "task[winbind]"); /* within the winbind task we want to be a single process, so ask for the single process model ops and pass these to the stream_setup_socket() call. */ model_ops = process_model_startup(task->event_ctx, "single"); if (!model_ops) { task_server_terminate(task, "Can't find 'single' process model_ops", true); return; } /* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */ if (!directory_create_or_exist(lp_winbindd_socket_directory(task->lp_ctx), geteuid(), 0755)) { task_server_terminate(task, "Cannot create winbindd pipe directory", true); return; } /* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */ if (!directory_create_or_exist(lp_winbindd_privileged_socket_directory(task->lp_ctx), geteuid(), 0750)) { task_server_terminate(task, "Cannot create winbindd privileged pipe directory", true); return; } service = talloc_zero(task, struct wbsrv_service); if (!service) goto nomem; service->task = task; status = wbsrv_setup_domains(service); if (!NT_STATUS_IS_OK(status)) { task_server_terminate(task, nt_errstr(status), true); return; } service->idmap_ctx = idmap_init(service, task->event_ctx, task->lp_ctx); if (service->idmap_ctx == NULL) { task_server_terminate(task, "Failed to load idmap database", true); return; } /* setup the unprivileged samba3 socket */ listen_socket = talloc(service, struct wbsrv_listen_socket); if (!listen_socket) goto nomem; listen_socket->socket_path = talloc_asprintf(listen_socket, "%s/%s", lp_winbindd_socket_directory(task->lp_ctx), WINBINDD_SAMBA3_SOCKET); if (!listen_socket->socket_path) goto nomem; listen_socket->service = service; listen_socket->privileged = false; status = stream_setup_socket(task->event_ctx, task->lp_ctx, model_ops, &wbsrv_ops, "unix", listen_socket->socket_path, &port, lp_socket_options(task->lp_ctx), listen_socket); if (!NT_STATUS_IS_OK(status)) goto listen_failed; /* setup the privileged samba3 socket */ listen_socket = talloc(service, struct wbsrv_listen_socket); if (!listen_socket) goto nomem; listen_socket->socket_path = service->priv_socket_path = talloc_asprintf(listen_socket, "%s/%s", lp_winbindd_privileged_socket_directory(task->lp_ctx), WINBINDD_SAMBA3_SOCKET); if (!listen_socket->socket_path) goto nomem; if (!listen_socket->socket_path) goto nomem; listen_socket->service = service; listen_socket->privileged = true; status = stream_setup_socket(task->event_ctx, task->lp_ctx, model_ops, &wbsrv_ops, "unix", listen_socket->socket_path, &port, lp_socket_options(task->lp_ctx), listen_socket); if (!NT_STATUS_IS_OK(status)) goto listen_failed; status = wbsrv_init_irpc(service); if (!NT_STATUS_IS_OK(status)) goto irpc_failed; return; listen_failed: DEBUG(0,("stream_setup_socket(path=%s) failed - %s\n", listen_socket->socket_path, nt_errstr(status))); task_server_terminate(task, nt_errstr(status), true); return; irpc_failed: DEBUG(0,("wbsrv_init_irpc() failed - %s\n", nt_errstr(status))); task_server_terminate(task, nt_errstr(status), true); return; nomem: task_server_terminate(task, nt_errstr(NT_STATUS_NO_MEMORY), true); return; }