static struct idmap_domain *idmap_init_named_domain(TALLOC_CTX *mem_ctx,
const char *domname)
{
struct idmap_domain *result = NULL;
char *config_option;
const char *backend;
idmap_init();
config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
domname);
if (config_option == NULL) {
DEBUG(0, ("talloc failed\n"));
goto fail;
}
backend = lp_parm_const_string(-1, config_option, "backend", NULL);
if (backend == NULL) {
DEBUG(1, ("no backend defined for %s\n", config_option));
goto fail;
}
result = idmap_init_domain(mem_ctx, domname, backend, true);
if (result == NULL) {
goto fail;
}
TALLOC_FREE(config_option);
return result;
fail:
TALLOC_FREE(config_option);
TALLOC_FREE(result);
return NULL;
}
static struct idmap_domain *idmap_init_passdb_domain(TALLOC_CTX *mem_ctx)
{
idmap_init();
/*
* Always init the default domain, we can't go without one
*/
if (default_idmap_domain == NULL) {
default_idmap_domain = idmap_init_default_domain(NULL);
}
if (default_idmap_domain == NULL) {
return NULL;
}
if (passdb_idmap_domain != NULL) {
return passdb_idmap_domain;
}
passdb_idmap_domain = idmap_init_domain(NULL, get_global_sam_name(),
"passdb", false);
if (passdb_idmap_domain == NULL) {
DEBUG(1, ("Could not init passdb idmap domain\n"));
}
return passdb_idmap_domain;
}
/***********************************************************
Write entries from stdin to current local idmap
**********************************************************/
static int net_idmap_restore(int argc, const char **argv)
{
if (!idmap_init(lp_idmap_backend())) {
d_fprintf(stderr, "Could not init idmap\n");
return -1;
}
while (!feof(stdin)) {
fstring line, sid_string, fmt_string;
int len;
unid_t id;
int type = ID_EMPTY;
DOM_SID sid;
if (fgets(line, sizeof(line)-1, stdin) == NULL)
break;
len = strlen(line);
if ( (len > 0) && (line[len-1] == '\n') )
line[len-1] = '\0';
/* Yuck - this is broken for sizeof(gid_t) != sizeof(int) */
snprintf(fmt_string, sizeof(fmt_string), "GID %%d %%%us", FSTRING_LEN);
if (sscanf(line, fmt_string, &id.gid, sid_string) == 2) {
type = ID_GROUPID;
}
/* Yuck - this is broken for sizeof(uid_t) != sizeof(int) */
snprintf(fmt_string, sizeof(fmt_string), "UID %%d %%%us", FSTRING_LEN);
if (sscanf(line, fmt_string, &id.uid, sid_string) == 2) {
type = ID_USERID;
}
if (type == ID_EMPTY) {
d_printf("ignoring invalid line [%s]\n", line);
continue;
}
if (!string_to_sid(&sid, sid_string)) {
d_printf("ignoring invalid sid [%s]\n", sid_string);
continue;
}
if (!NT_STATUS_IS_OK(idmap_set_mapping(&sid, id, type))) {
d_fprintf(stderr, "Could not set mapping of %s %lu to sid %s\n",
(type == ID_GROUPID) ? "GID" : "UID",
(type == ID_GROUPID) ? (unsigned long)id.gid:
(unsigned long)id.uid,
sid_string_static(&sid));
continue;
}
}
idmap_close();
return NT_STATUS_IS_OK(net_idmap_fixup_hwm()) ? 0 : -1;
}
/* Generate a radius packet id. */
static krb5_error_code
id_generate(krb5_context ctx, krad_packet_iter_cb cb, void *data, uchar *id)
{
krb5_error_code retval;
const krad_packet *tmp;
idmap used;
uchar i;
retval = randomize(ctx, &i, sizeof(i));
if (retval != 0) {
if (cb != NULL)
(*cb)(data, TRUE);
return retval;
}
if (cb != NULL) {
idmap_init(&used);
for (tmp = (*cb)(data, FALSE); tmp != NULL; tmp = (*cb)(data, FALSE))
idmap_set(&used, tmp->pkt.data[1]);
retval = idmap_find(&used, &i);
if (retval != 0)
return retval;
}
*id = i;
return 0;
}
ktap_eventdef_info *ktapc_parse_events(const char *eventdef)
{
char *str = strdup(eventdef);
char *sys, *event, *filter, *next;
ktap_eventdef_info *evdef_info;
int ret;
idmap_init();
parse_next_eventdef:
next = get_next_eventdef(str);
if (get_sys_event_filter_str(str, &sys, &event, &filter))
goto error;
verbose_printf("parse_eventdef: sys[%s], event[%s], filter[%s]\n",
sys, event, filter);
if (!strcmp(sys, "probe"))
ret = parse_events_add_probe(event);
else if (!strcmp(sys, "sdt"))
ret = parse_events_add_sdt(event);
else
ret = parse_events_add_tracepoint(sys, event);
if (ret)
goto error;
/* don't trace ftrace:function when all tracepoints enabled */
if (!strcmp(sys, "*"))
idmap_clear(1);
if (filter && *next != '\0') {
fprintf(stderr, "Error: eventdef only can append one filter\n");
goto error;
}
str = next;
if (*next != '\0')
goto parse_next_eventdef;
evdef_info = malloc(sizeof(*evdef_info));
if (!evdef_info)
goto error;
evdef_info->nr = id_nr;
evdef_info->id_arr = get_id_array();
evdef_info->filter = filter;
idmap_free();
return evdef_info;
error:
idmap_free();
cleanup_event_resources();
return NULL;
}
struct idmap_domain *idmap_find_domain(const char *domname)
{
struct idmap_domain *result;
int i;
DEBUG(10, ("idmap_find_domain called for domain '%s'\n",
domname?domname:"NULL"));
idmap_init();
/*
* Always init the default domain, we can't go without one
*/
if (default_idmap_domain == NULL) {
default_idmap_domain = idmap_init_default_domain(NULL);
}
if (default_idmap_domain == NULL) {
return NULL;
}
if ((domname == NULL) || (domname[0] == '\0')) {
return default_idmap_domain;
}
for (i=0; i<num_domains; i++) {
if (strequal(idmap_domains[i]->name, domname)) {
return idmap_domains[i];
}
}
if (idmap_domains == NULL) {
/*
* talloc context for all idmap domains
*/
idmap_domains = TALLOC_ARRAY(NULL, struct idmap_domain *, 1);
}
/*
startup the winbind task
*/
static void winbind_task_init(struct task_server *task)
{
uint16_t port = 1;
const struct model_ops *model_ops;
NTSTATUS status;
struct wbsrv_service *service;
struct wbsrv_listen_socket *listen_socket;
char *errstring;
struct dom_sid *primary_sid;
bool ok;
task_server_set_title(task, "task[winbind]");
/* within the winbind task we want to be a single process, so
ask for the single process model ops and pass these to the
stream_setup_socket() call. */
model_ops = process_model_startup("single");
if (!model_ops) {
task_server_terminate(task,
"Can't find 'single' process model_ops", true);
return;
}
/* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */
ok = directory_create_or_exist_strict(lpcfg_winbindd_socket_directory(task->lp_ctx),
geteuid(), 0755);
if (!ok) {
task_server_terminate(task,
"Cannot create winbindd pipe directory", true);
return;
}
/* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */
ok = directory_create_or_exist_strict(lpcfg_winbindd_privileged_socket_directory(task->lp_ctx),
geteuid(), 0750);
if (!ok) {
task_server_terminate(task,
"Cannot create winbindd privileged pipe directory", true);
return;
}
service = talloc_zero(task, struct wbsrv_service);
if (!service) goto nomem;
service->task = task;
/* Find the primary SID, depending if we are a standalone
* server (what good is winbind in this case, but anyway...),
* or are in a domain as a member or a DC */
switch (lpcfg_server_role(service->task->lp_ctx)) {
case ROLE_STANDALONE:
primary_sid = secrets_get_domain_sid(service,
service->task->lp_ctx,
lpcfg_netbios_name(service->task->lp_ctx),
&service->sec_channel_type,
&errstring);
if (!primary_sid) {
char *message = talloc_asprintf(task,
"Cannot start Winbind (standalone configuration): %s: "
"Have you provisioned this server (%s) or changed it's name?",
errstring, lpcfg_netbios_name(service->task->lp_ctx));
task_server_terminate(task, message, true);
return;
}
break;
case ROLE_DOMAIN_MEMBER:
primary_sid = secrets_get_domain_sid(service,
service->task->lp_ctx,
lpcfg_workgroup(service->task->lp_ctx),
&service->sec_channel_type,
&errstring);
if (!primary_sid) {
char *message = talloc_asprintf(task, "Cannot start Winbind (domain member): %s: "
"Have you joined the %s domain?",
errstring, lpcfg_workgroup(service->task->lp_ctx));
task_server_terminate(task, message, true);
return;
}
break;
case ROLE_ACTIVE_DIRECTORY_DC:
primary_sid = secrets_get_domain_sid(service,
service->task->lp_ctx,
lpcfg_workgroup(service->task->lp_ctx),
&service->sec_channel_type,
&errstring);
if (!primary_sid) {
char *message = talloc_asprintf(task, "Cannot start Winbind (domain controller): %s: "
"Have you provisioned the %s domain?",
errstring, lpcfg_workgroup(service->task->lp_ctx));
task_server_terminate(task, message, true);
return;
}
break;
case ROLE_DOMAIN_PDC:
case ROLE_DOMAIN_BDC:
task_server_terminate(task, "Cannot start 'samba' winbindd as a 'classic samba' DC: use winbindd instead", true);
return;
}
service->primary_sid = primary_sid;
service->idmap_ctx = idmap_init(service, task->event_ctx, task->lp_ctx);
if (service->idmap_ctx == NULL) {
task_server_terminate(task, "Failed to load idmap database", true);
return;
}
service->priv_pipe_dir = lpcfg_winbindd_privileged_socket_directory(task->lp_ctx);
service->pipe_dir = lpcfg_winbindd_socket_directory(task->lp_ctx);
/* setup the unprivileged samba3 socket */
listen_socket = talloc(service, struct wbsrv_listen_socket);
if (!listen_socket) goto nomem;
listen_socket->socket_path = talloc_asprintf(listen_socket, "%s/%s",
service->pipe_dir,
WINBINDD_SOCKET_NAME);
if (!listen_socket->socket_path) goto nomem;
listen_socket->service = service;
listen_socket->privileged = false;
status = stream_setup_socket(task, task->event_ctx, task->lp_ctx, model_ops,
&wbsrv_ops, "unix",
listen_socket->socket_path, &port,
lpcfg_socket_options(task->lp_ctx),
listen_socket);
if (!NT_STATUS_IS_OK(status)) goto listen_failed;
/* setup the privileged samba3 socket */
listen_socket = talloc(service, struct wbsrv_listen_socket);
if (!listen_socket) goto nomem;
listen_socket->socket_path
= talloc_asprintf(listen_socket, "%s/%s",
service->priv_pipe_dir,
WINBINDD_SOCKET_NAME);
if (!listen_socket->socket_path) goto nomem;
listen_socket->service = service;
listen_socket->privileged = true;
status = stream_setup_socket(task, task->event_ctx, task->lp_ctx, model_ops,
&wbsrv_ops, "unix",
listen_socket->socket_path, &port,
lpcfg_socket_options(task->lp_ctx),
listen_socket);
if (!NT_STATUS_IS_OK(status)) goto listen_failed;
status = wbsrv_init_irpc(service);
if (!NT_STATUS_IS_OK(status)) goto irpc_failed;
return;
listen_failed:
DEBUG(0,("stream_setup_socket(path=%s) failed - %s\n",
listen_socket->socket_path, nt_errstr(status)));
task_server_terminate(task, nt_errstr(status), true);
return;
irpc_failed:
DEBUG(0,("wbsrv_init_irpc() failed - %s\n",
nt_errstr(status)));
task_server_terminate(task, nt_errstr(status), true);
return;
nomem:
task_server_terminate(task, nt_errstr(NT_STATUS_NO_MEMORY), true);
return;
}
int main(int argc, char **argv)
{
pstring logfile;
static BOOL interactive = False;
static BOOL Fork = True;
static BOOL log_stdout = False;
struct poptOption long_options[] = {
POPT_AUTOHELP
{ "stdout", 'S', POPT_ARG_VAL, &log_stdout, True, "Log to stdout" },
{ "foreground", 'F', POPT_ARG_VAL, &Fork, False, "Daemon in foreground mode" },
{ "interactive", 'i', POPT_ARG_NONE, NULL, 'i', "Interactive mode" },
{ "single-daemon", 'Y', POPT_ARG_VAL, &opt_dual_daemon, False, "Single daemon mode" },
{ "no-caching", 'n', POPT_ARG_VAL, &opt_nocache, True, "Disable caching" },
POPT_COMMON_SAMBA
POPT_TABLEEND
};
poptContext pc;
int opt;
/* glibc (?) likes to print "User defined signal 1" and exit if a
SIGUSR[12] is received before a handler is installed */
CatchSignal(SIGUSR1, SIG_IGN);
CatchSignal(SIGUSR2, SIG_IGN);
fault_setup((void (*)(void *))fault_quit );
/* Initialise for running in non-root mode */
sec_init();
set_remote_machine_name("winbindd", False);
/* Set environment variable so we don't recursively call ourselves.
This may also be useful interactively. */
setenv(WINBINDD_DONT_ENV, "1", 1);
/* Initialise samba/rpc client stuff */
pc = poptGetContext("winbindd", argc, (const char **)argv, long_options,
POPT_CONTEXT_KEEP_FIRST);
while ((opt = poptGetNextOpt(pc)) != -1) {
switch (opt) {
/* Don't become a daemon */
case 'i':
interactive = True;
log_stdout = True;
Fork = False;
break;
}
}
if (log_stdout && Fork) {
printf("Can't log to stdout (-S) unless daemon is in foreground +(-F) or interactive (-i)\n");
poptPrintUsage(pc, stderr, 0);
exit(1);
}
pstr_sprintf(logfile, "%s/log.winbindd", dyn_LOGFILEBASE);
lp_set_logfile(logfile);
setup_logging("winbindd", log_stdout);
reopen_logs();
DEBUG(1, ("winbindd version %s started.\n", SAMBA_VERSION_STRING) );
DEBUGADD( 1, ( "Copyright The Samba Team 2000-2004\n" ) );
if (!reload_services_file()) {
DEBUG(0, ("error opening config file\n"));
exit(1);
}
/* Setup names. */
if (!init_names())
exit(1);
load_interfaces();
if (!secrets_init()) {
DEBUG(0,("Could not initialize domain trust account secrets. Giving up\n"));
return False;
}
/* Enable netbios namecache */
namecache_enable();
/* Check winbindd parameters are valid */
ZERO_STRUCT(server_state);
/* Winbind daemon initialisation */
if ( (!winbindd_param_init()) || (!winbindd_upgrade_idmap()) ||
(!idmap_init(lp_idmap_backend())) ) {
DEBUG(1, ("Could not init idmap -- netlogon proxy only\n"));
idmap_proxyonly();
}
generate_wellknown_sids();
/* Unblock all signals we are interested in as they may have been
blocked by the parent process. */
BlockSignals(False, SIGINT);
BlockSignals(False, SIGQUIT);
BlockSignals(False, SIGTERM);
BlockSignals(False, SIGUSR1);
BlockSignals(False, SIGUSR2);
BlockSignals(False, SIGHUP);
BlockSignals(False, SIGCHLD);
/* Setup signal handlers */
CatchSignal(SIGINT, termination_handler); /* Exit on these sigs */
CatchSignal(SIGQUIT, termination_handler);
CatchSignal(SIGTERM, termination_handler);
CatchSignal(SIGCHLD, sigchld_handler);
CatchSignal(SIGPIPE, SIG_IGN); /* Ignore sigpipe */
CatchSignal(SIGUSR2, sigusr2_handler); /* Debugging sigs */
CatchSignal(SIGHUP, sighup_handler);
if (!interactive)
become_daemon(Fork);
pidfile_create("winbindd");
#if HAVE_SETPGID
/*
* If we're interactive we want to set our own process group for
* signal management.
*/
if (interactive)
setpgid( (pid_t)0, (pid_t)0);
#endif
if (opt_dual_daemon) {
do_dual_daemon();
}
/* Initialise messaging system */
if (!message_init()) {
DEBUG(0, ("unable to initialise messaging system\n"));
exit(1);
}
/* React on 'smbcontrol winbindd reload-config' in the same way
as to SIGHUP signal */
message_register(MSG_SMB_CONF_UPDATED, msg_reload_services);
message_register(MSG_SHUTDOWN, msg_shutdown);
poptFreeContext(pc);
netsamlogon_cache_init(); /* Non-critical */
init_domain_list();
/* Loop waiting for requests */
process_loop();
trustdom_cache_shutdown();
return 0;
}
/*
startup the winbind task
*/
static void winbind_task_init(struct task_server *task)
{
uint16_t port = 1;
const struct model_ops *model_ops;
NTSTATUS status;
struct wbsrv_service *service;
struct wbsrv_listen_socket *listen_socket;
task_server_set_title(task, "task[winbind]");
/* within the winbind task we want to be a single process, so
ask for the single process model ops and pass these to the
stream_setup_socket() call. */
model_ops = process_model_startup(task->event_ctx, "single");
if (!model_ops) {
task_server_terminate(task,
"Can't find 'single' process model_ops", true);
return;
}
/* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */
if (!directory_create_or_exist(lp_winbindd_socket_directory(task->lp_ctx), geteuid(), 0755)) {
task_server_terminate(task,
"Cannot create winbindd pipe directory", true);
return;
}
/* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */
if (!directory_create_or_exist(lp_winbindd_privileged_socket_directory(task->lp_ctx), geteuid(), 0750)) {
task_server_terminate(task,
"Cannot create winbindd privileged pipe directory", true);
return;
}
service = talloc_zero(task, struct wbsrv_service);
if (!service) goto nomem;
service->task = task;
status = wbsrv_setup_domains(service);
if (!NT_STATUS_IS_OK(status)) {
task_server_terminate(task, nt_errstr(status), true);
return;
}
service->idmap_ctx = idmap_init(service, task->event_ctx, task->lp_ctx);
if (service->idmap_ctx == NULL) {
task_server_terminate(task, "Failed to load idmap database", true);
return;
}
/* setup the unprivileged samba3 socket */
listen_socket = talloc(service, struct wbsrv_listen_socket);
if (!listen_socket) goto nomem;
listen_socket->socket_path = talloc_asprintf(listen_socket, "%s/%s",
lp_winbindd_socket_directory(task->lp_ctx),
WINBINDD_SAMBA3_SOCKET);
if (!listen_socket->socket_path) goto nomem;
listen_socket->service = service;
listen_socket->privileged = false;
status = stream_setup_socket(task->event_ctx, task->lp_ctx, model_ops,
&wbsrv_ops, "unix",
listen_socket->socket_path, &port,
lp_socket_options(task->lp_ctx),
listen_socket);
if (!NT_STATUS_IS_OK(status)) goto listen_failed;
/* setup the privileged samba3 socket */
listen_socket = talloc(service, struct wbsrv_listen_socket);
if (!listen_socket) goto nomem;
listen_socket->socket_path
= service->priv_socket_path
= talloc_asprintf(listen_socket, "%s/%s",
lp_winbindd_privileged_socket_directory(task->lp_ctx),
WINBINDD_SAMBA3_SOCKET);
if (!listen_socket->socket_path) goto nomem;
if (!listen_socket->socket_path) goto nomem;
listen_socket->service = service;
listen_socket->privileged = true;
status = stream_setup_socket(task->event_ctx, task->lp_ctx, model_ops,
&wbsrv_ops, "unix",
listen_socket->socket_path, &port,
lp_socket_options(task->lp_ctx),
listen_socket);
if (!NT_STATUS_IS_OK(status)) goto listen_failed;
status = wbsrv_init_irpc(service);
if (!NT_STATUS_IS_OK(status)) goto irpc_failed;
return;
listen_failed:
DEBUG(0,("stream_setup_socket(path=%s) failed - %s\n",
listen_socket->socket_path, nt_errstr(status)));
task_server_terminate(task, nt_errstr(status), true);
return;
irpc_failed:
DEBUG(0,("wbsrv_init_irpc() failed - %s\n",
nt_errstr(status)));
task_server_terminate(task, nt_errstr(status), true);
return;
nomem:
task_server_terminate(task, nt_errstr(NT_STATUS_NO_MEMORY), true);
return;
}