예제 #1
0
static struct idmap_domain *idmap_init_named_domain(TALLOC_CTX *mem_ctx,
						    const char *domname)
{
	struct idmap_domain *result = NULL;
	char *config_option;
	const char *backend;

	idmap_init();

	config_option = talloc_asprintf(talloc_tos(), "idmap config %s",
					domname);
	if (config_option == NULL) {
		DEBUG(0, ("talloc failed\n"));
		goto fail;
	}

	backend = lp_parm_const_string(-1, config_option, "backend", NULL);
	if (backend == NULL) {
		DEBUG(1, ("no backend defined for %s\n", config_option));
		goto fail;
	}

	result = idmap_init_domain(mem_ctx, domname, backend, true);
	if (result == NULL) {
		goto fail;
	}

	TALLOC_FREE(config_option);
	return result;

fail:
	TALLOC_FREE(config_option);
	TALLOC_FREE(result);
	return NULL;
}
예제 #2
0
static struct idmap_domain *idmap_init_passdb_domain(TALLOC_CTX *mem_ctx)
{
	idmap_init();

	/*
	 * Always init the default domain, we can't go without one
	 */
	if (default_idmap_domain == NULL) {
		default_idmap_domain = idmap_init_default_domain(NULL);
	}
	if (default_idmap_domain == NULL) {
		return NULL;
	}

	if (passdb_idmap_domain != NULL) {
		return passdb_idmap_domain;
	}

	passdb_idmap_domain = idmap_init_domain(NULL, get_global_sam_name(),
						"passdb", false);
	if (passdb_idmap_domain == NULL) {
		DEBUG(1, ("Could not init passdb idmap domain\n"));
	}

	return passdb_idmap_domain;
}
예제 #3
0
/***********************************************************
 Write entries from stdin to current local idmap
 **********************************************************/
static int net_idmap_restore(int argc, const char **argv)
{
	if (!idmap_init(lp_idmap_backend())) {
		d_fprintf(stderr, "Could not init idmap\n");
		return -1;
	}

	while (!feof(stdin)) {
		fstring line, sid_string, fmt_string;
		int len;
		unid_t id;
		int type = ID_EMPTY;
		DOM_SID sid;

		if (fgets(line, sizeof(line)-1, stdin) == NULL)
			break;

		len = strlen(line);

		if ( (len > 0) && (line[len-1] == '\n') )
			line[len-1] = '\0';

		/* Yuck - this is broken for sizeof(gid_t) != sizeof(int) */
		snprintf(fmt_string, sizeof(fmt_string), "GID %%d %%%us", FSTRING_LEN);
		if (sscanf(line, fmt_string, &id.gid, sid_string) == 2) {
			type = ID_GROUPID;
		}

		/* Yuck - this is broken for sizeof(uid_t) != sizeof(int) */

		snprintf(fmt_string, sizeof(fmt_string), "UID %%d %%%us", FSTRING_LEN);
		if (sscanf(line, fmt_string, &id.uid, sid_string) == 2) {
			type = ID_USERID;
		}

		if (type == ID_EMPTY) {
			d_printf("ignoring invalid line [%s]\n", line);
			continue;
		}

		if (!string_to_sid(&sid, sid_string)) {
			d_printf("ignoring invalid sid [%s]\n", sid_string);
			continue;
		}

		if (!NT_STATUS_IS_OK(idmap_set_mapping(&sid, id, type))) {
			d_fprintf(stderr, "Could not set mapping of %s %lu to sid %s\n",
				 (type == ID_GROUPID) ? "GID" : "UID",
				 (type == ID_GROUPID) ? (unsigned long)id.gid:
				 (unsigned long)id.uid, 
				 sid_string_static(&sid));
			continue;
		}
				 
	}

	idmap_close();

	return NT_STATUS_IS_OK(net_idmap_fixup_hwm()) ? 0 : -1;
}
예제 #4
0
파일: packet.c 프로젝트: Akasurde/krb5
/* Generate a radius packet id. */
static krb5_error_code
id_generate(krb5_context ctx, krad_packet_iter_cb cb, void *data, uchar *id)
{
    krb5_error_code retval;
    const krad_packet *tmp;
    idmap used;
    uchar i;

    retval = randomize(ctx, &i, sizeof(i));
    if (retval != 0) {
        if (cb != NULL)
            (*cb)(data, TRUE);
        return retval;
    }

    if (cb != NULL) {
        idmap_init(&used);
        for (tmp = (*cb)(data, FALSE); tmp != NULL; tmp = (*cb)(data, FALSE))
            idmap_set(&used, tmp->pkt.data[1]);

        retval = idmap_find(&used, &i);
        if (retval != 0)
            return retval;
    }

    *id = i;
    return 0;
}
예제 #5
0
ktap_eventdef_info *ktapc_parse_events(const char *eventdef)
{
	char *str = strdup(eventdef);
	char *sys, *event, *filter, *next;
	ktap_eventdef_info *evdef_info;
	int ret;

	idmap_init();

 parse_next_eventdef:
	next = get_next_eventdef(str);

	if (get_sys_event_filter_str(str, &sys, &event, &filter))
		goto error;

	verbose_printf("parse_eventdef: sys[%s], event[%s], filter[%s]\n",
		       sys, event, filter);

	if (!strcmp(sys, "probe"))
		ret = parse_events_add_probe(event);
	else if (!strcmp(sys, "sdt"))
		ret = parse_events_add_sdt(event);
	else
		ret = parse_events_add_tracepoint(sys, event);

	if (ret)
		goto error;

	/* don't trace ftrace:function when all tracepoints enabled */
	if (!strcmp(sys, "*"))
		idmap_clear(1);


	if (filter && *next != '\0') {
		fprintf(stderr, "Error: eventdef only can append one filter\n");
		goto error;
	}

	str = next;
	if (*next != '\0')
		goto parse_next_eventdef;

	evdef_info = malloc(sizeof(*evdef_info));
	if (!evdef_info)
		goto error;

	evdef_info->nr = id_nr;
	evdef_info->id_arr = get_id_array();
	evdef_info->filter = filter;

	idmap_free();
	return evdef_info;
 error:
	idmap_free();
	cleanup_event_resources();
	return NULL;
}
예제 #6
0
struct idmap_domain *idmap_find_domain(const char *domname)
{
	struct idmap_domain *result;
	int i;

	DEBUG(10, ("idmap_find_domain called for domain '%s'\n",
		   domname?domname:"NULL"));

	idmap_init();

	/*
	 * Always init the default domain, we can't go without one
	 */
	if (default_idmap_domain == NULL) {
		default_idmap_domain = idmap_init_default_domain(NULL);
	}
	if (default_idmap_domain == NULL) {
		return NULL;
	}

	if ((domname == NULL) || (domname[0] == '\0')) {
		return default_idmap_domain;
	}

	for (i=0; i<num_domains; i++) {
		if (strequal(idmap_domains[i]->name, domname)) {
			return idmap_domains[i];
		}
	}

	if (idmap_domains == NULL) {
		/*
		 * talloc context for all idmap domains
		 */
		idmap_domains = TALLOC_ARRAY(NULL, struct idmap_domain *, 1);
	}
예제 #7
0
/*
  startup the winbind task
*/
static void winbind_task_init(struct task_server *task)
{
	uint16_t port = 1;
	const struct model_ops *model_ops;
	NTSTATUS status;
	struct wbsrv_service *service;
	struct wbsrv_listen_socket *listen_socket;
	char *errstring;
	struct dom_sid *primary_sid;
	bool ok;

	task_server_set_title(task, "task[winbind]");

	/* within the winbind task we want to be a single process, so
	   ask for the single process model ops and pass these to the
	   stream_setup_socket() call. */
	model_ops = process_model_startup("single");
	if (!model_ops) {
		task_server_terminate(task,
				      "Can't find 'single' process model_ops", true);
		return;
	}

	/* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */
	ok = directory_create_or_exist_strict(lpcfg_winbindd_socket_directory(task->lp_ctx),
					      geteuid(), 0755);
	if (!ok) {
		task_server_terminate(task,
				      "Cannot create winbindd pipe directory", true);
		return;
	}

	/* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */
	ok = directory_create_or_exist_strict(lpcfg_winbindd_privileged_socket_directory(task->lp_ctx),
			geteuid(), 0750);
	if (!ok) {
		task_server_terminate(task,
				      "Cannot create winbindd privileged pipe directory", true);
		return;
	}

	service = talloc_zero(task, struct wbsrv_service);
	if (!service) goto nomem;
	service->task	= task;


	/* Find the primary SID, depending if we are a standalone
	 * server (what good is winbind in this case, but anyway...),
	 * or are in a domain as a member or a DC */
	switch (lpcfg_server_role(service->task->lp_ctx)) {
	case ROLE_STANDALONE:
		primary_sid = secrets_get_domain_sid(service,
						     service->task->lp_ctx,
						     lpcfg_netbios_name(service->task->lp_ctx),
						     &service->sec_channel_type,
						     &errstring);
		if (!primary_sid) {
			char *message = talloc_asprintf(task, 
							"Cannot start Winbind (standalone configuration): %s: "
							"Have you provisioned this server (%s) or changed it's name?", 
							errstring, lpcfg_netbios_name(service->task->lp_ctx));
			task_server_terminate(task, message, true);
			return;
		}
		break;
	case ROLE_DOMAIN_MEMBER:
		primary_sid = secrets_get_domain_sid(service,
						     service->task->lp_ctx,
						     lpcfg_workgroup(service->task->lp_ctx),
						     &service->sec_channel_type,
						     &errstring);
		if (!primary_sid) {
			char *message = talloc_asprintf(task, "Cannot start Winbind (domain member): %s: "
							"Have you joined the %s domain?", 
							errstring, lpcfg_workgroup(service->task->lp_ctx));
			task_server_terminate(task, message, true);
			return;
		}
		break;
	case ROLE_ACTIVE_DIRECTORY_DC:
		primary_sid = secrets_get_domain_sid(service,
						     service->task->lp_ctx,
						     lpcfg_workgroup(service->task->lp_ctx),
						     &service->sec_channel_type,
						     &errstring);
		if (!primary_sid) {
			char *message = talloc_asprintf(task, "Cannot start Winbind (domain controller): %s: "
							"Have you provisioned the %s domain?", 
							errstring, lpcfg_workgroup(service->task->lp_ctx));
			task_server_terminate(task, message, true);
			return;
		}
		break;
	case ROLE_DOMAIN_PDC:
	case ROLE_DOMAIN_BDC:
		task_server_terminate(task, "Cannot start 'samba' winbindd as a 'classic samba' DC: use winbindd instead", true);
		return;
	}
	service->primary_sid = primary_sid;

	service->idmap_ctx = idmap_init(service, task->event_ctx, task->lp_ctx);
	if (service->idmap_ctx == NULL) {
		task_server_terminate(task, "Failed to load idmap database", true);
		return;
	}

	service->priv_pipe_dir = lpcfg_winbindd_privileged_socket_directory(task->lp_ctx);
	service->pipe_dir = lpcfg_winbindd_socket_directory(task->lp_ctx);

	/* setup the unprivileged samba3 socket */
	listen_socket = talloc(service, struct wbsrv_listen_socket);
	if (!listen_socket) goto nomem;
	listen_socket->socket_path	= talloc_asprintf(listen_socket, "%s/%s", 
							  service->pipe_dir, 
							  WINBINDD_SOCKET_NAME);
	if (!listen_socket->socket_path) goto nomem;
	listen_socket->service		= service;
	listen_socket->privileged	= false;
	status = stream_setup_socket(task, task->event_ctx, task->lp_ctx, model_ops,
				     &wbsrv_ops, "unix",
				     listen_socket->socket_path, &port,
				     lpcfg_socket_options(task->lp_ctx),
				     listen_socket);
	if (!NT_STATUS_IS_OK(status)) goto listen_failed;

	/* setup the privileged samba3 socket */
	listen_socket = talloc(service, struct wbsrv_listen_socket);
	if (!listen_socket) goto nomem;
	listen_socket->socket_path 
		= talloc_asprintf(listen_socket, "%s/%s", 
				  service->priv_pipe_dir,
				  WINBINDD_SOCKET_NAME);
	if (!listen_socket->socket_path) goto nomem;
	listen_socket->service		= service;
	listen_socket->privileged	= true;
	status = stream_setup_socket(task, task->event_ctx, task->lp_ctx, model_ops,
				     &wbsrv_ops, "unix",
				     listen_socket->socket_path, &port,
				     lpcfg_socket_options(task->lp_ctx),
				     listen_socket);
	if (!NT_STATUS_IS_OK(status)) goto listen_failed;

	status = wbsrv_init_irpc(service);
	if (!NT_STATUS_IS_OK(status)) goto irpc_failed;

	return;

listen_failed:
	DEBUG(0,("stream_setup_socket(path=%s) failed - %s\n",
		 listen_socket->socket_path, nt_errstr(status)));
	task_server_terminate(task, nt_errstr(status), true);
	return;
irpc_failed:
	DEBUG(0,("wbsrv_init_irpc() failed - %s\n",
		 nt_errstr(status)));
	task_server_terminate(task, nt_errstr(status), true);
	return;
nomem:
	task_server_terminate(task, nt_errstr(NT_STATUS_NO_MEMORY), true);
	return;
}
예제 #8
0
int main(int argc, char **argv)
{
	pstring logfile;
	static BOOL interactive = False;
	static BOOL Fork = True;
	static BOOL log_stdout = False;
	struct poptOption long_options[] = {
		POPT_AUTOHELP
		{ "stdout", 'S', POPT_ARG_VAL, &log_stdout, True, "Log to stdout" },
		{ "foreground", 'F', POPT_ARG_VAL, &Fork, False, "Daemon in foreground mode" },
		{ "interactive", 'i', POPT_ARG_NONE, NULL, 'i', "Interactive mode" },
		{ "single-daemon", 'Y', POPT_ARG_VAL, &opt_dual_daemon, False, "Single daemon mode" },
		{ "no-caching", 'n', POPT_ARG_VAL, &opt_nocache, True, "Disable caching" },
		POPT_COMMON_SAMBA
		POPT_TABLEEND
	};
	poptContext pc;
	int opt;

	/* glibc (?) likes to print "User defined signal 1" and exit if a
	   SIGUSR[12] is received before a handler is installed */

 	CatchSignal(SIGUSR1, SIG_IGN);
 	CatchSignal(SIGUSR2, SIG_IGN);

	fault_setup((void (*)(void *))fault_quit );

	/* Initialise for running in non-root mode */

	sec_init();

	set_remote_machine_name("winbindd", False);

	/* Set environment variable so we don't recursively call ourselves.
	   This may also be useful interactively. */

	setenv(WINBINDD_DONT_ENV, "1", 1);

	/* Initialise samba/rpc client stuff */

	pc = poptGetContext("winbindd", argc, (const char **)argv, long_options,
						POPT_CONTEXT_KEEP_FIRST);

	while ((opt = poptGetNextOpt(pc)) != -1) {
		switch (opt) {
			/* Don't become a daemon */
		case 'i':
			interactive = True;
			log_stdout = True;
			Fork = False;
			break;
		}
	}


	if (log_stdout && Fork) {
		printf("Can't log to stdout (-S) unless daemon is in foreground +(-F) or interactive (-i)\n");
		poptPrintUsage(pc, stderr, 0);
		exit(1);
	}

	pstr_sprintf(logfile, "%s/log.winbindd", dyn_LOGFILEBASE);
	lp_set_logfile(logfile);
	setup_logging("winbindd", log_stdout);
	reopen_logs();

	DEBUG(1, ("winbindd version %s started.\n", SAMBA_VERSION_STRING) );
	DEBUGADD( 1, ( "Copyright The Samba Team 2000-2004\n" ) );

	if (!reload_services_file()) {
		DEBUG(0, ("error opening config file\n"));
		exit(1);
	}

	/* Setup names. */

	if (!init_names())
		exit(1);

  	load_interfaces();

	if (!secrets_init()) {

		DEBUG(0,("Could not initialize domain trust account secrets. Giving up\n"));
		return False;
	}

	/* Enable netbios namecache */

	namecache_enable();

	/* Check winbindd parameters are valid */

	ZERO_STRUCT(server_state);

	/* Winbind daemon initialisation */

	if ( (!winbindd_param_init()) || (!winbindd_upgrade_idmap()) ||
	     (!idmap_init(lp_idmap_backend())) ) {
		DEBUG(1, ("Could not init idmap -- netlogon proxy only\n"));
		idmap_proxyonly();
	}

	generate_wellknown_sids();

	/* Unblock all signals we are interested in as they may have been
	   blocked by the parent process. */

	BlockSignals(False, SIGINT);
	BlockSignals(False, SIGQUIT);
	BlockSignals(False, SIGTERM);
	BlockSignals(False, SIGUSR1);
	BlockSignals(False, SIGUSR2);
	BlockSignals(False, SIGHUP);
	BlockSignals(False, SIGCHLD);

	/* Setup signal handlers */
	
	CatchSignal(SIGINT, termination_handler);      /* Exit on these sigs */
	CatchSignal(SIGQUIT, termination_handler);
	CatchSignal(SIGTERM, termination_handler);
	CatchSignal(SIGCHLD, sigchld_handler);

	CatchSignal(SIGPIPE, SIG_IGN);                 /* Ignore sigpipe */

	CatchSignal(SIGUSR2, sigusr2_handler);         /* Debugging sigs */
	CatchSignal(SIGHUP, sighup_handler);

	if (!interactive)
		become_daemon(Fork);

	pidfile_create("winbindd");

#if HAVE_SETPGID
	/*
	 * If we're interactive we want to set our own process group for
	 * signal management.
	 */
	if (interactive)
		setpgid( (pid_t)0, (pid_t)0);
#endif

	if (opt_dual_daemon) {
		do_dual_daemon();
	}

	/* Initialise messaging system */

	if (!message_init()) {
		DEBUG(0, ("unable to initialise messaging system\n"));
		exit(1);
	}
	
	/* React on 'smbcontrol winbindd reload-config' in the same way
	   as to SIGHUP signal */
	message_register(MSG_SMB_CONF_UPDATED, msg_reload_services);
	message_register(MSG_SHUTDOWN, msg_shutdown);
	
	poptFreeContext(pc);

	netsamlogon_cache_init(); /* Non-critical */
	
	init_domain_list();

	/* Loop waiting for requests */

	process_loop();

	trustdom_cache_shutdown();

	return 0;
}
예제 #9
0
/*
  startup the winbind task
*/
static void winbind_task_init(struct task_server *task)
{
	uint16_t port = 1;
	const struct model_ops *model_ops;
	NTSTATUS status;
	struct wbsrv_service *service;
	struct wbsrv_listen_socket *listen_socket;

	task_server_set_title(task, "task[winbind]");

	/* within the winbind task we want to be a single process, so
	   ask for the single process model ops and pass these to the
	   stream_setup_socket() call. */
	model_ops = process_model_startup(task->event_ctx, "single");
	if (!model_ops) {
		task_server_terminate(task,
				      "Can't find 'single' process model_ops", true);
		return;
	}

	/* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */
	if (!directory_create_or_exist(lp_winbindd_socket_directory(task->lp_ctx), geteuid(), 0755)) {
		task_server_terminate(task,
				      "Cannot create winbindd pipe directory", true);
		return;
	}

	/* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */
	if (!directory_create_or_exist(lp_winbindd_privileged_socket_directory(task->lp_ctx), geteuid(), 0750)) {
		task_server_terminate(task,
				      "Cannot create winbindd privileged pipe directory", true);
		return;
	}

	service = talloc_zero(task, struct wbsrv_service);
	if (!service) goto nomem;
	service->task	= task;

	status = wbsrv_setup_domains(service);
	if (!NT_STATUS_IS_OK(status)) {
		task_server_terminate(task, nt_errstr(status), true);
		return;
	}

	service->idmap_ctx = idmap_init(service, task->event_ctx, task->lp_ctx);
	if (service->idmap_ctx == NULL) {
		task_server_terminate(task, "Failed to load idmap database", true);
		return;
	}

	/* setup the unprivileged samba3 socket */
	listen_socket = talloc(service, struct wbsrv_listen_socket);
	if (!listen_socket) goto nomem;
	listen_socket->socket_path	= talloc_asprintf(listen_socket, "%s/%s", 
							  lp_winbindd_socket_directory(task->lp_ctx), 
							  WINBINDD_SAMBA3_SOCKET);
	if (!listen_socket->socket_path) goto nomem;
	listen_socket->service		= service;
	listen_socket->privileged	= false;
	status = stream_setup_socket(task->event_ctx, task->lp_ctx, model_ops,
				     &wbsrv_ops, "unix",
				     listen_socket->socket_path, &port,
				     lp_socket_options(task->lp_ctx), 
				     listen_socket);
	if (!NT_STATUS_IS_OK(status)) goto listen_failed;

	/* setup the privileged samba3 socket */
	listen_socket = talloc(service, struct wbsrv_listen_socket);
	if (!listen_socket) goto nomem;
	listen_socket->socket_path 
		= service->priv_socket_path 
		= talloc_asprintf(listen_socket, "%s/%s", 
							  lp_winbindd_privileged_socket_directory(task->lp_ctx), 
							  WINBINDD_SAMBA3_SOCKET);
	if (!listen_socket->socket_path) goto nomem;
	if (!listen_socket->socket_path) goto nomem;
	listen_socket->service		= service;
	listen_socket->privileged	= true;
	status = stream_setup_socket(task->event_ctx, task->lp_ctx, model_ops,
				     &wbsrv_ops, "unix",
				     listen_socket->socket_path, &port,
				     lp_socket_options(task->lp_ctx), 
				     listen_socket);
	if (!NT_STATUS_IS_OK(status)) goto listen_failed;

	status = wbsrv_init_irpc(service);
	if (!NT_STATUS_IS_OK(status)) goto irpc_failed;

	return;

listen_failed:
	DEBUG(0,("stream_setup_socket(path=%s) failed - %s\n",
		 listen_socket->socket_path, nt_errstr(status)));
	task_server_terminate(task, nt_errstr(status), true);
	return;
irpc_failed:
	DEBUG(0,("wbsrv_init_irpc() failed - %s\n",
		 nt_errstr(status)));
	task_server_terminate(task, nt_errstr(status), true);
	return;
nomem:
	task_server_terminate(task, nt_errstr(NT_STATUS_NO_MEMORY), true);
	return;
}