/* startup the nbtd task */ static void nbtd_task_init(struct task_server *task) { struct nbtd_server *nbtsrv; NTSTATUS status; struct interface *ifaces; load_interface_list(task, task->lp_ctx, &ifaces); if (iface_list_count(ifaces) == 0) { task_server_terminate(task, "nbtd: no network interfaces configured", false); return; } task_server_set_title(task, "task[nbtd]"); nbtsrv = talloc(task, struct nbtd_server); if (nbtsrv == NULL) { task_server_terminate(task, "nbtd: out of memory", true); return; } nbtsrv->task = task; nbtsrv->interfaces = NULL; nbtsrv->bcast_interface = NULL; nbtsrv->wins_interface = NULL; /* start listening on the configured network interfaces */ status = nbtd_startup_interfaces(nbtsrv, task->lp_ctx, ifaces); if (!NT_STATUS_IS_OK(status)) { task_server_terminate(task, "nbtd failed to setup interfaces", true); return; } nbtsrv->sam_ctx = samdb_connect(nbtsrv, task->event_ctx, task->lp_ctx, system_session(task->lp_ctx), 0); if (nbtsrv->sam_ctx == NULL) { task_server_terminate(task, "nbtd failed to open samdb", true); return; } /* start the WINS server, if appropriate */ status = nbtd_winsserver_init(nbtsrv); if (!NT_STATUS_IS_OK(status)) { task_server_terminate(task, "nbtd failed to start WINS server", true); return; } nbtd_register_irpc(nbtsrv); /* start the process of registering our names on all interfaces */ nbtd_register_names(nbtsrv); irpc_add_name(task->msg_ctx, "nbt_server"); }
/* startup a copy of smbd as a child daemon */ static void s3fs_task_init(struct task_server *task) { const char *fileserver_conf; struct tevent_req *req; const char *smbd_path; const char *smbd_cmd[2] = { NULL, NULL }; task_server_set_title(task, "task[s3fs_parent]"); /* create a smb.conf for smbd to use */ fileserver_conf = generate_smb_conf(task); smbd_path = talloc_asprintf(task, "%s/smbd", dyn_SBINDIR); smbd_cmd[0] = smbd_path; /* start it as a child process */ req = samba_runcmd_send(task, task->event_ctx, timeval_zero(), 1, 0, smbd_cmd, "--configfile", fileserver_conf, "--foreground", debug_get_output_is_stdout()?"--log-stdout":NULL, NULL); if (req == NULL) { DEBUG(0, ("Failed to start smbd as child daemon\n")); goto failed; } tevent_req_set_callback(req, file_server_smbd_done, task); DEBUG(1,("Started file server smbd with config %s\n", fileserver_conf)); return; failed: task_server_terminate(task, "Failed to startup s3fs smb task", true); }
/* startup the web server task */ static void websrv_task_init(struct task_server *task) { NTSTATUS status; uint16_t port = lp_web_port(task->lp_ctx); const struct model_ops *model_ops; struct web_server_data *wdata; task_server_set_title(task, "task[websrv]"); /* run the web server as a single process */ model_ops = process_model_startup(task->event_ctx, "single"); if (!model_ops) goto failed; if (lp_interfaces(task->lp_ctx) && lp_bind_interfaces_only(task->lp_ctx)) { int num_interfaces; int i; struct interface *ifaces; load_interfaces(NULL, lp_interfaces(task->lp_ctx), &ifaces); num_interfaces = iface_count(ifaces); for(i = 0; i < num_interfaces; i++) { const char *address = iface_n_ip(ifaces, i); status = stream_setup_socket(task->event_ctx, task->lp_ctx, model_ops, &web_stream_ops, "ipv4", address, &port, lp_socket_options(task->lp_ctx), task); if (!NT_STATUS_IS_OK(status)) goto failed; } talloc_free(ifaces); } else { status = stream_setup_socket(task->event_ctx, task->lp_ctx, model_ops, &web_stream_ops, "ipv4", lp_socket_address(task->lp_ctx), &port, lp_socket_options(task->lp_ctx), task); if (!NT_STATUS_IS_OK(status)) goto failed; } /* startup the esp processor - unfortunately we can't do this per connection as that wouldn't allow for session variables */ wdata = talloc_zero(task, struct web_server_data); if (wdata == NULL)goto failed; task->private_data = wdata; wdata->tls_params = tls_initialise(wdata, task->lp_ctx); if (wdata->tls_params == NULL) goto failed; if (!wsgi_initialize(wdata)) goto failed; return; failed: task_server_terminate(task, "websrv_task_init: failed to startup web server task", true); }
/* open the smb server sockets */ static void samba3_smb_task_init(struct task_server *task) { NTSTATUS status; const struct model_ops *model_ops; model_ops = process_model_startup("standard"); if (model_ops == NULL) { goto failed; } task_server_set_title(task, "task[samba3_smb]"); if (lpcfg_interfaces(task->lp_ctx) && lpcfg_bind_interfaces_only(task->lp_ctx)) { int num_interfaces; int i; struct interface *ifaces; load_interface_list(task, task->lp_ctx, &ifaces); num_interfaces = iface_list_count(ifaces); /* We have been given an interfaces line, and been told to only bind to those interfaces. Create a socket per interface and bind to only these. */ for(i = 0; i < num_interfaces; i++) { const char *address = iface_list_n_ip(ifaces, i); status = samba3_add_socket(task, task->event_ctx, task->lp_ctx, model_ops, address); if (!NT_STATUS_IS_OK(status)) goto failed; } } else { const char **wcard; int i; wcard = iface_list_wildcard(task, task->lp_ctx); if (wcard == NULL) { DEBUG(0,("No wildcard addresses available\n")); goto failed; } for (i=0; wcard[i]; i++) { status = samba3_add_socket(task, task->event_ctx, task->lp_ctx, model_ops, wcard[i]); if (!NT_STATUS_IS_OK(status)) goto failed; } talloc_free(wcard); } return; failed: task_server_terminate(task, "Failed to startup samba3 smb task", true); }
/* startup a copy of smbd as a child daemon */ static void s3fs_task_init(struct task_server *task) { struct tevent_req *subreq; const char *smbd_path; const char *smbd_cmd[2] = { NULL, NULL }; task_server_set_title(task, "task[s3fs_parent]"); smbd_path = talloc_asprintf(task, "%s/smbd", dyn_SBINDIR); smbd_cmd[0] = smbd_path; /* the child should be able to call through nss_winbind */ (void)winbind_on(); /* start it as a child process */ subreq = samba_runcmd_send(task, task->event_ctx, timeval_zero(), 1, 0, smbd_cmd, "--option=server role check:inhibit=yes", "--foreground", debug_get_output_is_stdout()?"--log-stdout":NULL, NULL); /* the parent should not be able to call through nss_winbind */ if (!winbind_off()) { DEBUG(0,("Failed to re-disable recursive winbindd calls after forking smbd\n")); task_server_terminate(task, "Failed to re-disable recursive winbindd calls", true); return; } if (subreq == NULL) { DEBUG(0, ("Failed to start smbd as child daemon\n")); task_server_terminate(task, "Failed to startup s3fs smb task", true); return; } tevent_req_set_callback(subreq, file_server_smbd_done, task); DEBUG(5,("Started file server child smbd\n")); }
/* startup the cldapd task */ static void cldapd_task_init(struct task_server *task) { struct cldapd_server *cldapd; NTSTATUS status; struct interface *ifaces; load_interface_list(task, task->lp_ctx, &ifaces); if (iface_list_count(ifaces) == 0) { task_server_terminate(task, "cldapd: no network interfaces configured", false); return; } switch (lpcfg_server_role(task->lp_ctx)) { case ROLE_STANDALONE: task_server_terminate(task, "cldap_server: no CLDAP server required in standalone configuration", false); return; case ROLE_DOMAIN_MEMBER: task_server_terminate(task, "cldap_server: no CLDAP server required in member server configuration", false); return; case ROLE_ACTIVE_DIRECTORY_DC: /* Yes, we want an CLDAP server */ break; } task_server_set_title(task, "task[cldapd]"); cldapd = talloc(task, struct cldapd_server); if (cldapd == NULL) { task_server_terminate(task, "cldapd: out of memory", true); return; } cldapd->task = task; cldapd->samctx = samdb_connect(cldapd, task->event_ctx, task->lp_ctx, system_session(task->lp_ctx), NULL, 0); if (cldapd->samctx == NULL) { task_server_terminate(task, "cldapd failed to open samdb", true); return; } /* start listening on the configured network interfaces */ status = cldapd_startup_interfaces(cldapd, task->lp_ctx, ifaces); if (!NT_STATUS_IS_OK(status)) { task_server_terminate(task, "cldapd failed to setup interfaces", true); return; } irpc_add_name(task->msg_ctx, "cldap_server"); }
/* called if smbd exits */ static void file_server_smbd_done(struct tevent_req *subreq) { struct task_server *task = tevent_req_callback_data(subreq, struct task_server); int sys_errno; int ret; ret = samba_runcmd_recv(subreq, &sys_errno); if (ret != 0) { DEBUG(0,("file_server smbd daemon died with exit status %d\n", sys_errno)); } else { DEBUG(0,("file_server smbd daemon exited normally\n")); } task_server_terminate(task, "smbd child process exited", true); }
static void wreplsrv_periodic_handler_te(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *ptr) { struct wreplsrv_service *service = talloc_get_type(ptr, struct wreplsrv_service); NTSTATUS status; service->periodic.te = NULL; status = wreplsrv_periodic_schedule(service, service->config.periodic_interval); if (!NT_STATUS_IS_OK(status)) { task_server_terminate(service->task, nt_errstr(status), false); return; } status = wreplsrv_periodic_run(service); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("wresrv_periodic_run() failed: %s\n", nt_errstr(status))); } }
/* startup the kdc task */ static void kdc_task_init(struct task_server *task) { struct kdc_server *kdc; krb5_kdc_configuration *kdc_config = NULL; NTSTATUS status; krb5_error_code ret; struct interface *ifaces; int ldb_ret; switch (lpcfg_server_role(task->lp_ctx)) { case ROLE_STANDALONE: task_server_terminate(task, "kdc: no KDC required in standalone configuration", false); return; case ROLE_DOMAIN_MEMBER: task_server_terminate(task, "kdc: no KDC required in member server configuration", false); return; case ROLE_DOMAIN_PDC: case ROLE_DOMAIN_BDC: task_server_terminate(task, "Cannot start KDC as a 'classic Samba' DC", true); return; case ROLE_ACTIVE_DIRECTORY_DC: /* Yes, we want a KDC */ break; } load_interface_list(task, task->lp_ctx, &ifaces); if (iface_list_count(ifaces) == 0) { task_server_terminate(task, "kdc: no network interfaces configured", false); return; } task_server_set_title(task, "task[kdc]"); kdc = talloc_zero(task, struct kdc_server); if (kdc == NULL) { task_server_terminate(task, "kdc: out of memory", true); return; } kdc->task = task; /* get a samdb connection */ kdc->samdb = samdb_connect(kdc, kdc->task->event_ctx, kdc->task->lp_ctx, system_session(kdc->task->lp_ctx), NULL, 0); if (!kdc->samdb) { DEBUG(1,("kdc_task_init: unable to connect to samdb\n")); task_server_terminate(task, "kdc: krb5_init_context samdb connect failed", true); return; } ldb_ret = samdb_rodc(kdc->samdb, &kdc->am_rodc); if (ldb_ret != LDB_SUCCESS) { DEBUG(1, ("kdc_task_init: Cannot determine if we are an RODC: %s\n", ldb_errstring(kdc->samdb))); task_server_terminate(task, "kdc: krb5_init_context samdb RODC connect failed", true); return; } kdc->proxy_timeout = lpcfg_parm_int(kdc->task->lp_ctx, NULL, "kdc", "proxy timeout", 5); initialize_krb5_error_table(); ret = smb_krb5_init_context(kdc, task->lp_ctx, &kdc->smb_krb5_context); if (ret) { DEBUG(1,("kdc_task_init: krb5_init_context failed (%s)\n", error_message(ret))); task_server_terminate(task, "kdc: krb5_init_context failed", true); return; } krb5_add_et_list(kdc->smb_krb5_context->krb5_context, initialize_hdb_error_table_r); ret = krb5_kdc_get_config(kdc->smb_krb5_context->krb5_context, &kdc_config); if(ret) { task_server_terminate(task, "kdc: failed to get KDC configuration", true); return; } kdc_config->logf = (krb5_log_facility *)kdc->smb_krb5_context->pvt_log_data; kdc_config->db = talloc(kdc, struct HDB *); if (!kdc_config->db) { task_server_terminate(task, "kdc: out of memory", true); return; } kdc_config->num_db = 1; /* * This restores the behavior before * commit 255e3e18e00f717d99f3bc57c8a8895ff624f3c3 * s4:heimdal: import lorikeet-heimdal-201107150856 * (commit 48936803fae4a2fb362c79365d31f420c917b85b) * * as_use_strongest_session_key,preauth_use_strongest_session_key * and tgs_use_strongest_session_key are input to the * _kdc_find_etype() function. The old bahavior is in * the use_strongest_session_key=FALSE code path. * (The only remaining difference in _kdc_find_etype() * is the is_preauth parameter.) * * The old behavior in the _kdc_get_preferred_key() * function is use_strongest_server_key=TRUE. */ kdc_config->as_use_strongest_session_key = false; kdc_config->preauth_use_strongest_session_key = false; kdc_config->tgs_use_strongest_session_key = false; kdc_config->use_strongest_server_key = true; kdc_config->autodetect_referrals = false; /* Register hdb-samba4 hooks for use as a keytab */ kdc->base_ctx = talloc_zero(kdc, struct samba_kdc_base_context); if (!kdc->base_ctx) { task_server_terminate(task, "kdc: out of memory", true); return; } kdc->base_ctx->ev_ctx = task->event_ctx; kdc->base_ctx->lp_ctx = task->lp_ctx; kdc->base_ctx->msg_ctx = task->msg_ctx; status = hdb_samba4_create_kdc(kdc->base_ctx, kdc->smb_krb5_context->krb5_context, &kdc_config->db[0]); if (!NT_STATUS_IS_OK(status)) { task_server_terminate(task, "kdc: hdb_samba4_create_kdc (setup KDC database) failed", true); return; } ret = krb5_plugin_register(kdc->smb_krb5_context->krb5_context, PLUGIN_TYPE_DATA, "hdb", &hdb_samba4_interface); if(ret) { task_server_terminate(task, "kdc: failed to register hdb plugin", true); return; } ret = krb5_kt_register(kdc->smb_krb5_context->krb5_context, &hdb_kt_ops); if(ret) { task_server_terminate(task, "kdc: failed to register keytab plugin", true); return; } kdc->keytab_name = talloc_asprintf(kdc, "HDB:samba4&%p", kdc->base_ctx); if (kdc->keytab_name == NULL) { task_server_terminate(task, "kdc: Failed to set keytab name", true); return; } /* Register WinDC hooks */ ret = krb5_plugin_register(kdc->smb_krb5_context->krb5_context, PLUGIN_TYPE_DATA, "windc", &windc_plugin_table); if(ret) { task_server_terminate(task, "kdc: failed to register windc plugin", true); return; } ret = krb5_kdc_windc_init(kdc->smb_krb5_context->krb5_context); if(ret) { task_server_terminate(task, "kdc: failed to init windc plugin", true); return; } ret = krb5_kdc_pkinit_config(kdc->smb_krb5_context->krb5_context, kdc_config); if(ret) { task_server_terminate(task, "kdc: failed to init kdc pkinit subsystem", true); return; } kdc->private_data = kdc_config; /* start listening on the configured network interfaces */ status = kdc_startup_interfaces(kdc, task->lp_ctx, ifaces, task->model_ops); if (!NT_STATUS_IS_OK(status)) { task_server_terminate(task, "kdc failed to setup interfaces", true); return; } status = IRPC_REGISTER(task->msg_ctx, irpc, KDC_CHECK_GENERIC_KERBEROS, kdc_check_generic_kerberos, kdc); if (!NT_STATUS_IS_OK(status)) { task_server_terminate(task, "kdc failed to setup monitoring", true); return; } irpc_add_name(task->msg_ctx, "kdc_server"); }
/* startup the dsdb replicator service task */ static void dreplsrv_task_init(struct task_server *task) { WERROR status; struct dreplsrv_service *service; uint32_t periodic_startup_interval; switch (lp_server_role(task->lp_ctx)) { case ROLE_STANDALONE: task_server_terminate(task, "dreplsrv: no DSDB replication required in standalone configuration"); return; case ROLE_DOMAIN_MEMBER: task_server_terminate(task, "dreplsrv: no DSDB replication required in domain member configuration"); return; case ROLE_DOMAIN_CONTROLLER: /* Yes, we want DSDB replication */ break; } task_server_set_title(task, "task[dreplsrv]"); service = talloc_zero(task, struct dreplsrv_service); if (!service) { task_server_terminate(task, "dreplsrv_task_init: out of memory"); return; } service->task = task; service->startup_time = timeval_current(); task->private_data = service; status = dreplsrv_init_creds(service); if (!W_ERROR_IS_OK(status)) { task_server_terminate(task, talloc_asprintf(task, "dreplsrv: Failed to obtain server credentials: %s\n", win_errstr(status))); return; } status = dreplsrv_connect_samdb(service, task->lp_ctx); if (!W_ERROR_IS_OK(status)) { task_server_terminate(task, talloc_asprintf(task, "dreplsrv: Failed to connect to local samdb: %s\n", win_errstr(status))); return; } status = dreplsrv_load_partitions(service); if (!W_ERROR_IS_OK(status)) { task_server_terminate(task, talloc_asprintf(task, "dreplsrv: Failed to load partitions: %s\n", win_errstr(status))); return; } periodic_startup_interval = lp_parm_int(task->lp_ctx, NULL, "dreplsrv", "periodic_startup_interval", 15); /* in seconds */ service->periodic.interval = lp_parm_int(task->lp_ctx, NULL, "dreplsrv", "periodic_interval", 300); /* in seconds */ status = dreplsrv_periodic_schedule(service, periodic_startup_interval); if (!W_ERROR_IS_OK(status)) { task_server_terminate(task, talloc_asprintf(task, "dreplsrv: Failed to periodic schedule: %s\n", win_errstr(status))); return; } irpc_add_name(task->msg_ctx, "dreplsrv"); }
/* startup the winbind task */ static void winbind_task_init(struct task_server *task) { uint16_t port = 1; const struct model_ops *model_ops; NTSTATUS status; struct wbsrv_service *service; struct wbsrv_listen_socket *listen_socket; char *errstring; struct dom_sid *primary_sid; bool ok; task_server_set_title(task, "task[winbind]"); /* within the winbind task we want to be a single process, so ask for the single process model ops and pass these to the stream_setup_socket() call. */ model_ops = process_model_startup("single"); if (!model_ops) { task_server_terminate(task, "Can't find 'single' process model_ops", true); return; } /* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */ ok = directory_create_or_exist_strict(lpcfg_winbindd_socket_directory(task->lp_ctx), geteuid(), 0755); if (!ok) { task_server_terminate(task, "Cannot create winbindd pipe directory", true); return; } /* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */ ok = directory_create_or_exist_strict(lpcfg_winbindd_privileged_socket_directory(task->lp_ctx), geteuid(), 0750); if (!ok) { task_server_terminate(task, "Cannot create winbindd privileged pipe directory", true); return; } service = talloc_zero(task, struct wbsrv_service); if (!service) goto nomem; service->task = task; /* Find the primary SID, depending if we are a standalone * server (what good is winbind in this case, but anyway...), * or are in a domain as a member or a DC */ switch (lpcfg_server_role(service->task->lp_ctx)) { case ROLE_STANDALONE: primary_sid = secrets_get_domain_sid(service, service->task->lp_ctx, lpcfg_netbios_name(service->task->lp_ctx), &service->sec_channel_type, &errstring); if (!primary_sid) { char *message = talloc_asprintf(task, "Cannot start Winbind (standalone configuration): %s: " "Have you provisioned this server (%s) or changed it's name?", errstring, lpcfg_netbios_name(service->task->lp_ctx)); task_server_terminate(task, message, true); return; } break; case ROLE_DOMAIN_MEMBER: primary_sid = secrets_get_domain_sid(service, service->task->lp_ctx, lpcfg_workgroup(service->task->lp_ctx), &service->sec_channel_type, &errstring); if (!primary_sid) { char *message = talloc_asprintf(task, "Cannot start Winbind (domain member): %s: " "Have you joined the %s domain?", errstring, lpcfg_workgroup(service->task->lp_ctx)); task_server_terminate(task, message, true); return; } break; case ROLE_ACTIVE_DIRECTORY_DC: primary_sid = secrets_get_domain_sid(service, service->task->lp_ctx, lpcfg_workgroup(service->task->lp_ctx), &service->sec_channel_type, &errstring); if (!primary_sid) { char *message = talloc_asprintf(task, "Cannot start Winbind (domain controller): %s: " "Have you provisioned the %s domain?", errstring, lpcfg_workgroup(service->task->lp_ctx)); task_server_terminate(task, message, true); return; } break; case ROLE_DOMAIN_PDC: case ROLE_DOMAIN_BDC: task_server_terminate(task, "Cannot start 'samba' winbindd as a 'classic samba' DC: use winbindd instead", true); return; } service->primary_sid = primary_sid; service->idmap_ctx = idmap_init(service, task->event_ctx, task->lp_ctx); if (service->idmap_ctx == NULL) { task_server_terminate(task, "Failed to load idmap database", true); return; } service->priv_pipe_dir = lpcfg_winbindd_privileged_socket_directory(task->lp_ctx); service->pipe_dir = lpcfg_winbindd_socket_directory(task->lp_ctx); /* setup the unprivileged samba3 socket */ listen_socket = talloc(service, struct wbsrv_listen_socket); if (!listen_socket) goto nomem; listen_socket->socket_path = talloc_asprintf(listen_socket, "%s/%s", service->pipe_dir, WINBINDD_SOCKET_NAME); if (!listen_socket->socket_path) goto nomem; listen_socket->service = service; listen_socket->privileged = false; status = stream_setup_socket(task, task->event_ctx, task->lp_ctx, model_ops, &wbsrv_ops, "unix", listen_socket->socket_path, &port, lpcfg_socket_options(task->lp_ctx), listen_socket); if (!NT_STATUS_IS_OK(status)) goto listen_failed; /* setup the privileged samba3 socket */ listen_socket = talloc(service, struct wbsrv_listen_socket); if (!listen_socket) goto nomem; listen_socket->socket_path = talloc_asprintf(listen_socket, "%s/%s", service->priv_pipe_dir, WINBINDD_SOCKET_NAME); if (!listen_socket->socket_path) goto nomem; listen_socket->service = service; listen_socket->privileged = true; status = stream_setup_socket(task, task->event_ctx, task->lp_ctx, model_ops, &wbsrv_ops, "unix", listen_socket->socket_path, &port, lpcfg_socket_options(task->lp_ctx), listen_socket); if (!NT_STATUS_IS_OK(status)) goto listen_failed; status = wbsrv_init_irpc(service); if (!NT_STATUS_IS_OK(status)) goto irpc_failed; return; listen_failed: DEBUG(0,("stream_setup_socket(path=%s) failed - %s\n", listen_socket->socket_path, nt_errstr(status))); task_server_terminate(task, nt_errstr(status), true); return; irpc_failed: DEBUG(0,("wbsrv_init_irpc() failed - %s\n", nt_errstr(status))); task_server_terminate(task, nt_errstr(status), true); return; nomem: task_server_terminate(task, nt_errstr(NT_STATUS_NO_MEMORY), true); return; }
/* open the ldap server sockets */ static void ldapsrv_task_init(struct task_server *task) { char *ldapi_path; #ifdef WITH_LDAPI_PRIV_SOCKET char *priv_dir; #endif struct ldapsrv_service *ldap_service; NTSTATUS status; const struct model_ops *model_ops; switch (lp_server_role(task->lp_ctx)) { case ROLE_STANDALONE: task_server_terminate(task, "ldap_server: no LDAP server required in standalone configuration", false); return; case ROLE_DOMAIN_MEMBER: task_server_terminate(task, "ldap_server: no LDAP server required in member server configuration", false); return; case ROLE_DOMAIN_CONTROLLER: /* Yes, we want an LDAP server */ break; } task_server_set_title(task, "task[ldapsrv]"); /* run the ldap server as a single process */ model_ops = process_model_startup(task->event_ctx, "single"); if (!model_ops) goto failed; ldap_service = talloc_zero(task, struct ldapsrv_service); if (ldap_service == NULL) goto failed; ldap_service->task = task; ldap_service->tls_params = tls_initialise(ldap_service, task->lp_ctx); if (ldap_service->tls_params == NULL) goto failed; if (lp_interfaces(task->lp_ctx) && lp_bind_interfaces_only(task->lp_ctx)) { struct interface *ifaces; int num_interfaces; int i; load_interfaces(task, lp_interfaces(task->lp_ctx), &ifaces); num_interfaces = iface_count(ifaces); /* We have been given an interfaces line, and been told to only bind to those interfaces. Create a socket per interface and bind to only these. */ for(i = 0; i < num_interfaces; i++) { const char *address = iface_n_ip(ifaces, i); status = add_socket(task->event_ctx, task->lp_ctx, model_ops, address, ldap_service); if (!NT_STATUS_IS_OK(status)) goto failed; } } else { status = add_socket(task->event_ctx, task->lp_ctx, model_ops, lp_socket_address(task->lp_ctx), ldap_service); if (!NT_STATUS_IS_OK(status)) goto failed; } ldapi_path = private_path(ldap_service, task->lp_ctx, "ldapi"); if (!ldapi_path) { goto failed; } status = stream_setup_socket(task->event_ctx, task->lp_ctx, model_ops, &ldap_stream_nonpriv_ops, "unix", ldapi_path, NULL, lp_socket_options(task->lp_ctx), ldap_service); talloc_free(ldapi_path); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("ldapsrv failed to bind to %s - %s\n", ldapi_path, nt_errstr(status))); } #ifdef WITH_LDAPI_PRIV_SOCKET priv_dir = private_path(ldap_service, task->lp_ctx, "ldap_priv"); if (priv_dir == NULL) { goto failed; } /* * Make sure the directory for the privileged ldapi socket exists, and * is of the correct permissions */ if (!directory_create_or_exist(priv_dir, geteuid(), 0750)) { task_server_terminate(task, "Cannot create ldap " "privileged ldapi directory", true); return; } ldapi_path = talloc_asprintf(ldap_service, "%s/ldapi", priv_dir); talloc_free(priv_dir); if (ldapi_path == NULL) { goto failed; } status = stream_setup_socket(task->event_ctx, task->lp_ctx, model_ops, &ldap_stream_priv_ops, "unix", ldapi_path, NULL, lp_socket_options(task->lp_ctx), ldap_service); talloc_free(ldapi_path); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("ldapsrv failed to bind to %s - %s\n", ldapi_path, nt_errstr(status))); } #endif return; failed: task_server_terminate(task, "Failed to startup ldap server task", true); }
/* startup the winbind task */ static void winbind_task_init(struct task_server *task) { uint16_t port = 1; const struct model_ops *model_ops; NTSTATUS status; struct wbsrv_service *service; struct wbsrv_listen_socket *listen_socket; task_server_set_title(task, "task[winbind]"); /* within the winbind task we want to be a single process, so ask for the single process model ops and pass these to the stream_setup_socket() call. */ model_ops = process_model_startup(task->event_ctx, "single"); if (!model_ops) { task_server_terminate(task, "Can't find 'single' process model_ops", true); return; } /* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */ if (!directory_create_or_exist(lp_winbindd_socket_directory(task->lp_ctx), geteuid(), 0755)) { task_server_terminate(task, "Cannot create winbindd pipe directory", true); return; } /* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */ if (!directory_create_or_exist(lp_winbindd_privileged_socket_directory(task->lp_ctx), geteuid(), 0750)) { task_server_terminate(task, "Cannot create winbindd privileged pipe directory", true); return; } service = talloc_zero(task, struct wbsrv_service); if (!service) goto nomem; service->task = task; status = wbsrv_setup_domains(service); if (!NT_STATUS_IS_OK(status)) { task_server_terminate(task, nt_errstr(status), true); return; } service->idmap_ctx = idmap_init(service, task->event_ctx, task->lp_ctx); if (service->idmap_ctx == NULL) { task_server_terminate(task, "Failed to load idmap database", true); return; } /* setup the unprivileged samba3 socket */ listen_socket = talloc(service, struct wbsrv_listen_socket); if (!listen_socket) goto nomem; listen_socket->socket_path = talloc_asprintf(listen_socket, "%s/%s", lp_winbindd_socket_directory(task->lp_ctx), WINBINDD_SAMBA3_SOCKET); if (!listen_socket->socket_path) goto nomem; listen_socket->service = service; listen_socket->privileged = false; status = stream_setup_socket(task->event_ctx, task->lp_ctx, model_ops, &wbsrv_ops, "unix", listen_socket->socket_path, &port, lp_socket_options(task->lp_ctx), listen_socket); if (!NT_STATUS_IS_OK(status)) goto listen_failed; /* setup the privileged samba3 socket */ listen_socket = talloc(service, struct wbsrv_listen_socket); if (!listen_socket) goto nomem; listen_socket->socket_path = service->priv_socket_path = talloc_asprintf(listen_socket, "%s/%s", lp_winbindd_privileged_socket_directory(task->lp_ctx), WINBINDD_SAMBA3_SOCKET); if (!listen_socket->socket_path) goto nomem; if (!listen_socket->socket_path) goto nomem; listen_socket->service = service; listen_socket->privileged = true; status = stream_setup_socket(task->event_ctx, task->lp_ctx, model_ops, &wbsrv_ops, "unix", listen_socket->socket_path, &port, lp_socket_options(task->lp_ctx), listen_socket); if (!NT_STATUS_IS_OK(status)) goto listen_failed; status = wbsrv_init_irpc(service); if (!NT_STATUS_IS_OK(status)) goto irpc_failed; return; listen_failed: DEBUG(0,("stream_setup_socket(path=%s) failed - %s\n", listen_socket->socket_path, nt_errstr(status))); task_server_terminate(task, nt_errstr(status), true); return; irpc_failed: DEBUG(0,("wbsrv_init_irpc() failed - %s\n", nt_errstr(status))); task_server_terminate(task, nt_errstr(status), true); return; nomem: task_server_terminate(task, nt_errstr(NT_STATUS_NO_MEMORY), true); return; }
/* startup the dsdb replicator service task */ static void dreplsrv_task_init(struct task_server *task) { WERROR status; struct dreplsrv_service *service; uint32_t periodic_startup_interval; switch (lpcfg_server_role(task->lp_ctx)) { case ROLE_STANDALONE: task_server_terminate(task, "dreplsrv: no DSDB replication required in standalone configuration", false); return; case ROLE_DOMAIN_MEMBER: task_server_terminate(task, "dreplsrv: no DSDB replication required in domain member configuration", false); return; case ROLE_ACTIVE_DIRECTORY_DC: /* Yes, we want DSDB replication */ break; } task_server_set_title(task, "task[dreplsrv]"); service = talloc_zero(task, struct dreplsrv_service); if (!service) { task_server_terminate(task, "dreplsrv_task_init: out of memory", true); return; } service->task = task; service->startup_time = timeval_current(); task->private_data = service; status = dreplsrv_init_creds(service); if (!W_ERROR_IS_OK(status)) { task_server_terminate(task, talloc_asprintf(task, "dreplsrv: Failed to obtain server credentials: %s\n", win_errstr(status)), true); return; } status = dreplsrv_connect_samdb(service, task->lp_ctx); if (!W_ERROR_IS_OK(status)) { task_server_terminate(task, talloc_asprintf(task, "dreplsrv: Failed to connect to local samdb: %s\n", win_errstr(status)), true); return; } status = dreplsrv_load_partitions(service); if (!W_ERROR_IS_OK(status)) { task_server_terminate(task, talloc_asprintf(task, "dreplsrv: Failed to load partitions: %s\n", win_errstr(status)), true); return; } periodic_startup_interval = lpcfg_parm_int(task->lp_ctx, NULL, "dreplsrv", "periodic_startup_interval", 15); /* in seconds */ service->periodic.interval = lpcfg_parm_int(task->lp_ctx, NULL, "dreplsrv", "periodic_interval", 300); /* in seconds */ status = dreplsrv_periodic_schedule(service, periodic_startup_interval); if (!W_ERROR_IS_OK(status)) { task_server_terminate(task, talloc_asprintf(task, "dreplsrv: Failed to periodic schedule: %s\n", win_errstr(status)), true); return; } service->pending.im = tevent_create_immediate(service); if (service->pending.im == NULL) { task_server_terminate(task, "dreplsrv: Failed to create immediate " "task for future DsReplicaSync\n", true); return; } /* if we are a RODC then we do not send DSReplicaSync*/ if (!service->am_rodc) { service->notify.interval = lpcfg_parm_int(task->lp_ctx, NULL, "dreplsrv", "notify_interval", 5); /* in seconds */ status = dreplsrv_notify_schedule(service, service->notify.interval); if (!W_ERROR_IS_OK(status)) { task_server_terminate(task, talloc_asprintf(task, "dreplsrv: Failed to setup notify schedule: %s\n", win_errstr(status)), true); return; } } irpc_add_name(task->msg_ctx, "dreplsrv"); IRPC_REGISTER(task->msg_ctx, irpc, DREPLSRV_REFRESH, dreplsrv_refresh, service); IRPC_REGISTER(task->msg_ctx, drsuapi, DRSUAPI_DSREPLICASYNC, drepl_replica_sync, service); IRPC_REGISTER(task->msg_ctx, drsuapi, DRSUAPI_DSREPLICAADD, dreplsrv_replica_add, service); IRPC_REGISTER(task->msg_ctx, drsuapi, DRSUAPI_DSREPLICADEL, dreplsrv_replica_del, service); IRPC_REGISTER(task->msg_ctx, drsuapi, DRSUAPI_DSREPLICAMOD, dreplsrv_replica_mod, service); IRPC_REGISTER(task->msg_ctx, irpc, DREPL_TAKEFSMOROLE, drepl_take_FSMO_role, service); IRPC_REGISTER(task->msg_ctx, irpc, DREPL_TRIGGER_REPL_SECRET, drepl_trigger_repl_secret, service); imessaging_register(task->msg_ctx, service, MSG_DREPL_ALLOCATE_RID, dreplsrv_allocate_rid); }
/* startup the kcc service task */ static void kccsrv_task_init(struct task_server *task) { WERROR status; struct kccsrv_service *service; uint32_t periodic_startup_interval; switch (lpcfg_server_role(task->lp_ctx)) { case ROLE_STANDALONE: task_server_terminate(task, "kccsrv: no KCC required in standalone configuration", false); return; case ROLE_DOMAIN_MEMBER: task_server_terminate(task, "kccsrv: no KCC required in domain member configuration", false); return; case ROLE_DOMAIN_CONTROLLER: /* Yes, we want a KCC */ break; } task_server_set_title(task, "task[kccsrv]"); service = talloc_zero(task, struct kccsrv_service); if (!service) { task_server_terminate(task, "kccsrv_task_init: out of memory", true); return; } service->task = task; service->startup_time = timeval_current(); task->private_data = service; status = kccsrv_init_creds(service); if (!W_ERROR_IS_OK(status)) { task_server_terminate(task, talloc_asprintf(task, "kccsrv: Failed to obtain server credentials: %s\n", win_errstr(status)), true); return; } status = kccsrv_connect_samdb(service, task->lp_ctx); if (!W_ERROR_IS_OK(status)) { task_server_terminate(task, talloc_asprintf(task, "kccsrv: Failed to connect to local samdb: %s\n", win_errstr(status)), true); return; } status = kccsrv_load_partitions(service); if (!W_ERROR_IS_OK(status)) { task_server_terminate(task, talloc_asprintf(task, "kccsrv: Failed to load partitions: %s\n", win_errstr(status)), true); return; } periodic_startup_interval = lpcfg_parm_int(task->lp_ctx, NULL, "kccsrv", "periodic_startup_interval", 15); /* in seconds */ service->periodic.interval = lpcfg_parm_int(task->lp_ctx, NULL, "kccsrv", "periodic_interval", 300); /* in seconds */ /* (kccsrv:samba_kcc=true) will run newer samba_kcc replication * topology generation code. */ service->samba_kcc_code = lpcfg_parm_bool(task->lp_ctx, NULL, "kccsrv", "samba_kcc", false); status = kccsrv_periodic_schedule(service, periodic_startup_interval); if (!W_ERROR_IS_OK(status)) { task_server_terminate(task, talloc_asprintf(task, "kccsrv: Failed to periodic schedule: %s\n", win_errstr(status)), true); return; } irpc_add_name(task->msg_ctx, "kccsrv"); IRPC_REGISTER(task->msg_ctx, drsuapi, DRSUAPI_DSEXECUTEKCC, kccsrv_execute_kcc, service); IRPC_REGISTER(task->msg_ctx, drsuapi, DRSUAPI_DSREPLICAGETINFO, kccsrv_replica_get_info, service); }