summaryrefslogtreecommitdiff
path: root/source3/winbindd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/winbindd')
-rw-r--r--source3/winbindd/winbindd.c24
-rw-r--r--source3/winbindd/winbindd_ads.c2
-rw-r--r--source3/winbindd/winbindd_cm.c233
-rw-r--r--source3/winbindd/winbindd_dual.c5
-rw-r--r--source3/winbindd/winbindd_misc.c4
-rw-r--r--source3/winbindd/winbindd_rpc.c4
6 files changed, 57 insertions, 215 deletions
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index ff9bbf1c24..64674b8ace 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -1023,6 +1023,8 @@ int main(int argc, char **argv, char **envp)
load_case_tables();
+ db_tdb2_setup_messaging(NULL, false);
+
/* Initialise for running in non-root mode */
sec_init();
@@ -1102,7 +1104,19 @@ int main(int argc, char **argv, char **envp)
DEBUG(0,("winbindd version %s started.\n", SAMBA_VERSION_STRING));
DEBUGADD(0,("%s\n", COPYRIGHT_STARTUP_MESSAGE));
- db_tdb2_setup_messaging(NULL, false);
+ if (!lp_load_initial_only(get_dyn_CONFIGFILE())) {
+ DEBUG(0, ("error opening config file\n"));
+ exit(1);
+ }
+
+ /* Initialise messaging system */
+
+ if (winbind_messaging_context() == NULL) {
+ DEBUG(0, ("unable to initialize messaging system\n"));
+ exit(1);
+ }
+
+ db_tdb2_setup_messaging(winbind_messaging_context(), true);
if (!reload_services_file()) {
DEBUG(0, ("error opening config file\n"));
@@ -1175,10 +1189,8 @@ int main(int argc, char **argv, char **envp)
TimeInit();
- /* Initialise messaging system */
-
- if (winbind_messaging_context() == NULL) {
- DEBUG(0, ("unable to initialize messaging system\n"));
+ if (!reinit_after_fork(winbind_messaging_context())) {
+ DEBUG(0,("reinit_after_fork() failed\n"));
exit(1);
}
@@ -1219,8 +1231,6 @@ int main(int argc, char **argv, char **envp)
MSG_WINBIND_DUMP_DOMAIN_LIST,
winbind_msg_dump_domain_list);
- db_tdb2_setup_messaging(winbind_messaging_context(), true);
-
netsamlogon_cache_init(); /* Non-critical */
/* clear the cached list of trusted domains */
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index ae8ad9dd1a..8be6a47998 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -1195,7 +1195,7 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
}
result = rpccli_netr_DsrEnumerateDomainTrusts(cli, mem_ctx,
- cli->cli->desthost,
+ cli->desthost,
flags,
&trusts,
NULL);
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 8e275b2269..73f74ca8ec 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -199,9 +199,8 @@ static bool fork_child_dc_connect(struct winbindd_domain *domain)
/* Leave messages blocked - we will never process one. */
- /* tdb needs special fork handling */
- if (tdb_reopen_all(1) == -1) {
- DEBUG(0,("tdb_reopen_all failed.\n"));
+ if (!reinit_after_fork(winbind_messaging_context())) {
+ DEBUG(0,("reinit_after_fork() failed\n"));
_exit(0);
}
@@ -599,7 +598,7 @@ static bool get_dc_name_via_netlogon(struct winbindd_domain *domain,
/* This call can take a long time - allow the server to time out.
35 seconds should do it. */
- orig_timeout = cli_set_timeout(netlogon_pipe->cli, 35000);
+ orig_timeout = rpccli_set_timeout(netlogon_pipe, 35000);
if (our_domain->active_directory) {
struct netr_DsRGetDCNameInfo *domain_info = NULL;
@@ -639,7 +638,7 @@ static bool get_dc_name_via_netlogon(struct winbindd_domain *domain,
}
/* And restore our original timeout. */
- cli_set_timeout(netlogon_pipe->cli, orig_timeout);
+ rpccli_set_timeout(netlogon_pipe, orig_timeout);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(10,("rpccli_netr_GetAnyDCName failed: %s\n",
@@ -1021,167 +1020,6 @@ static bool add_sockaddr_to_array(TALLOC_CTX *mem_ctx,
return True;
}
-static void mailslot_name(struct in_addr dc_ip, fstring name)
-{
- fstr_sprintf(name, "\\MAILSLOT\\NET\\GETDC%X", dc_ip.s_addr);
-}
-
-static bool send_getdc_request(struct sockaddr_storage *dc_ss,
- const char *domain_name,
- const DOM_SID *sid)
-{
- char outbuf[1024];
- struct in_addr dc_ip;
- char *p;
- fstring my_acct_name;
- fstring my_mailslot;
- size_t sid_size;
-
- if (dc_ss->ss_family != AF_INET) {
- return false;
- }
-
- dc_ip = ((struct sockaddr_in *)dc_ss)->sin_addr;
- mailslot_name(dc_ip, my_mailslot);
-
- memset(outbuf, '\0', sizeof(outbuf));
-
- p = outbuf;
-
- SCVAL(p, 0, SAMLOGON);
- p++;
-
- SCVAL(p, 0, 0); /* Count pointer ... */
- p++;
-
- SIVAL(p, 0, 0); /* The sender's token ... */
- p += 2;
-
- p += dos_PutUniCode(p, global_myname(),
- sizeof(outbuf) - PTR_DIFF(p, outbuf), True);
- fstr_sprintf(my_acct_name, "%s$", global_myname());
- p += dos_PutUniCode(p, my_acct_name,
- sizeof(outbuf) - PTR_DIFF(p, outbuf), True);
-
- if (strlen(my_mailslot)+1 > sizeof(outbuf) - PTR_DIFF(p, outbuf)) {
- return false;
- }
-
- memcpy(p, my_mailslot, strlen(my_mailslot)+1);
- p += strlen(my_mailslot)+1;
-
- if (sizeof(outbuf) - PTR_DIFF(p, outbuf) < 8) {
- return false;
- }
-
- SIVAL(p, 0, 0x80);
- p+=4;
-
- sid_size = ndr_size_dom_sid(sid, 0);
-
- SIVAL(p, 0, sid_size);
- p+=4;
-
- p = ALIGN4(p, outbuf);
- if (PTR_DIFF(p, outbuf) > sizeof(outbuf)) {
- return false;
- }
-
- if (sid_size + 8 > sizeof(outbuf) - PTR_DIFF(p, outbuf)) {
- return false;
- }
- sid_linearize(p, sizeof(outbuf) - PTR_DIFF(p, outbuf), sid);
-
- p += sid_size;
-
- SIVAL(p, 0, 1);
- SSVAL(p, 4, 0xffff);
- SSVAL(p, 6, 0xffff);
- p+=8;
-
- return cli_send_mailslot(winbind_messaging_context(),
- False, "\\MAILSLOT\\NET\\NTLOGON", 0,
- outbuf, PTR_DIFF(p, outbuf),
- global_myname(), 0, domain_name, 0x1c,
- dc_ss);
-}
-
-static bool receive_getdc_response(struct sockaddr_storage *dc_ss,
- const char *domain_name,
- fstring dc_name)
-{
- struct packet_struct *packet;
- fstring my_mailslot;
- char *buf, *p;
- fstring dcname, user, domain;
- int len;
- struct in_addr dc_ip;
-
- if (dc_ss->ss_family != AF_INET) {
- return false;
- }
- dc_ip = ((struct sockaddr_in *)dc_ss)->sin_addr;
- mailslot_name(dc_ip, my_mailslot);
-
- packet = receive_unexpected(DGRAM_PACKET, 0, my_mailslot);
-
- if (packet == NULL) {
- DEBUG(5, ("Did not receive packet for %s\n", my_mailslot));
- return False;
- }
-
- DEBUG(5, ("Received packet for %s\n", my_mailslot));
-
- buf = packet->packet.dgram.data;
- len = packet->packet.dgram.datasize;
-
- if (len < 70) {
- /* 70 is a completely arbitrary value to make sure
- the SVAL below does not read uninitialized memory */
- DEBUG(3, ("GetDC got short response\n"));
- return False;
- }
-
- /* This should be (buf-4)+SVAL(buf-4, smb_vwv12)... */
- p = buf+SVAL(buf, smb_vwv10);
-
- switch (CVAL(p, 0)) {
- case SAMLOGON_R:
- case SAMLOGON_UNK_R:
- p+=2;
- pull_ucs2(buf, dcname, p, sizeof(dcname), PTR_DIFF(buf+len, p),
- STR_TERMINATE|STR_NOALIGN);
- p = skip_unibuf(p, PTR_DIFF(buf+len, p));
- pull_ucs2(buf, user, p, sizeof(user), PTR_DIFF(buf+len, p),
- STR_TERMINATE|STR_NOALIGN);
- p = skip_unibuf(p, PTR_DIFF(buf+len, p));
- pull_ucs2(buf, domain, p, sizeof(domain), PTR_DIFF(buf+len, p),
- STR_TERMINATE|STR_NOALIGN);
- p = skip_unibuf(p, PTR_DIFF(buf+len, p));
-
- if (!strequal(domain, domain_name)) {
- DEBUG(3, ("GetDC: Expected domain %s, got %s\n",
- domain_name, domain));
- return False;
- }
- break;
-
- default:
- DEBUG(8, ("GetDC got invalid response type %d\n", CVAL(p, 0)));
- return False;
- }
- p = dcname;
- if (*p == '\\') p += 1;
- if (*p == '\\') p += 1;
-
- fstrcpy(dc_name, p);
-
- DEBUG(10, ("GetDC gave name %s for domain %s\n",
- dc_name, domain));
-
- return True;
-}
-
/*******************************************************************
convert an ip to a name
*******************************************************************/
@@ -1253,7 +1091,8 @@ static bool dcip_to_name(const struct winbindd_domain *domain,
/* try GETDC requests next */
- if (send_getdc_request(pss, domain->name, &domain->sid)) {
+ if (send_getdc_request(winbind_messaging_context(),
+ pss, domain->name, &domain->sid)) {
int i;
smb_msleep(100);
for (i=0; i<5; i++) {
@@ -1593,33 +1432,27 @@ void invalidate_cm_connection(struct winbindd_cm_conn *conn)
}
if (conn->samr_pipe != NULL) {
- if (!cli_rpc_pipe_close(conn->samr_pipe)) {
- /* Ok, it must be dead. Drop timeout to 0.5 sec. */
- if (conn->cli) {
- cli_set_timeout(conn->cli, 500);
- }
+ TALLOC_FREE(conn->samr_pipe);
+ /* Ok, it must be dead. Drop timeout to 0.5 sec. */
+ if (conn->cli) {
+ cli_set_timeout(conn->cli, 500);
}
- conn->samr_pipe = NULL;
}
if (conn->lsa_pipe != NULL) {
- if (!cli_rpc_pipe_close(conn->lsa_pipe)) {
- /* Ok, it must be dead. Drop timeout to 0.5 sec. */
- if (conn->cli) {
- cli_set_timeout(conn->cli, 500);
- }
+ TALLOC_FREE(conn->lsa_pipe);
+ /* Ok, it must be dead. Drop timeout to 0.5 sec. */
+ if (conn->cli) {
+ cli_set_timeout(conn->cli, 500);
}
- conn->lsa_pipe = NULL;
}
if (conn->netlogon_pipe != NULL) {
- if (!cli_rpc_pipe_close(conn->netlogon_pipe)) {
- /* Ok, it must be dead. Drop timeout to 0.5 sec. */
- if (conn->cli) {
- cli_set_timeout(conn->cli, 500);
- }
+ TALLOC_FREE(conn->netlogon_pipe);
+ /* Ok, it must be dead. Drop timeout to 0.5 sec. */
+ if (conn->cli) {
+ cli_set_timeout(conn->cli, 500);
}
- conn->netlogon_pipe = NULL;
}
if (conn->cli) {
@@ -1770,7 +1603,7 @@ static bool set_dc_type_and_flags_trustinfo( struct winbindd_domain *domain )
}
result = rpccli_netr_DsrEnumerateDomainTrusts(cli, mem_ctx,
- cli->cli->desthost,
+ cli->desthost,
flags,
&trusts,
NULL);
@@ -1872,7 +1705,7 @@ static void set_dc_type_and_flags_connect( struct winbindd_domain *domain )
DS_ROLE_BASIC_INFORMATION,
&info,
&werr);
- cli_rpc_pipe_close(cli);
+ TALLOC_FREE(cli);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(5, ("set_dc_type_and_flags_connect: rpccli_ds_getprimarydominfo "
@@ -1906,7 +1739,7 @@ no_dssetup:
DEBUG(5, ("set_dc_type_and_flags_connect: Could not bind to "
"PI_LSARPC on domain %s: (%s)\n",
domain->name, nt_errstr(result)));
- cli_rpc_pipe_close(cli);
+ TALLOC_FREE(cli);
TALLOC_FREE(mem_ctx);
return;
}
@@ -1986,7 +1819,7 @@ done:
DEBUG(5,("set_dc_type_and_flags_connect: domain %s is %srunning active directory.\n",
domain->name, domain->active_directory ? "" : "NOT "));
- cli_rpc_pipe_close(cli);
+ TALLOC_FREE(cli);
TALLOC_FREE(mem_ctx);
@@ -2123,7 +1956,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
domain_name, machine_account));
result = rpccli_samr_Connect2(conn->samr_pipe, mem_ctx,
- conn->samr_pipe->cli->desthost,
+ conn->samr_pipe->desthost,
SEC_RIGHTS_MAXIMUM_ALLOWED,
&conn->sam_connect_handle);
if (NT_STATUS_IS_OK(result)) {
@@ -2132,7 +1965,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
DEBUG(10,("cm_connect_sam: ntlmssp-sealed rpccli_samr_Connect2 "
"failed for domain %s, error was %s. Trying schannel\n",
domain->name, nt_errstr(result) ));
- cli_rpc_pipe_close(conn->samr_pipe);
+ TALLOC_FREE(conn->samr_pipe);
schannel:
@@ -2158,7 +1991,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
"schannel.\n", domain->name ));
result = rpccli_samr_Connect2(conn->samr_pipe, mem_ctx,
- conn->samr_pipe->cli->desthost,
+ conn->samr_pipe->desthost,
SEC_RIGHTS_MAXIMUM_ALLOWED,
&conn->sam_connect_handle);
if (NT_STATUS_IS_OK(result)) {
@@ -2167,7 +2000,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
DEBUG(10,("cm_connect_sam: schannel-sealed rpccli_samr_Connect2 failed "
"for domain %s, error was %s. Trying anonymous\n",
domain->name, nt_errstr(result) ));
- cli_rpc_pipe_close(conn->samr_pipe);
+ TALLOC_FREE(conn->samr_pipe);
anonymous:
@@ -2181,7 +2014,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
}
result = rpccli_samr_Connect2(conn->samr_pipe, mem_ctx,
- conn->samr_pipe->cli->desthost,
+ conn->samr_pipe->desthost,
SEC_RIGHTS_MAXIMUM_ALLOWED,
&conn->sam_connect_handle);
if (!NT_STATUS_IS_OK(result)) {
@@ -2269,7 +2102,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
DEBUG(10,("cm_connect_lsa: rpccli_lsa_open_policy failed, trying "
"schannel\n"));
- cli_rpc_pipe_close(conn->lsa_pipe);
+ TALLOC_FREE(conn->lsa_pipe);
schannel:
@@ -2304,7 +2137,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
DEBUG(10,("cm_connect_lsa: rpccli_lsa_open_policy failed, trying "
"anonymous\n"));
- cli_rpc_pipe_close(conn->lsa_pipe);
+ TALLOC_FREE(conn->lsa_pipe);
anonymous:
@@ -2379,7 +2212,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
if (!get_trust_pw_hash(domain->name, mach_pwd, &account_name,
&sec_chan_type))
{
- cli_rpc_pipe_close(netlogon_pipe);
+ TALLOC_FREE(netlogon_pipe);
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
@@ -2394,14 +2227,14 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
&neg_flags);
if (!NT_STATUS_IS_OK(result)) {
- cli_rpc_pipe_close(netlogon_pipe);
+ TALLOC_FREE(netlogon_pipe);
return result;
}
if ((lp_client_schannel() == True) &&
((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) {
DEBUG(3, ("Server did not offer schannel\n"));
- cli_rpc_pipe_close(netlogon_pipe);
+ TALLOC_FREE(netlogon_pipe);
return NT_STATUS_ACCESS_DENIED;
}
@@ -2434,7 +2267,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
&result);
/* We can now close the initial netlogon pipe. */
- cli_rpc_pipe_close(netlogon_pipe);
+ TALLOC_FREE(netlogon_pipe);
if (conn->netlogon_pipe == NULL) {
DEBUG(3, ("Could not open schannel'ed NETLOGON pipe. Error "
diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c
index 3c342e54a4..77fbe3c0ed 100644
--- a/source3/winbindd/winbindd_dual.c
+++ b/source3/winbindd/winbindd_dual.c
@@ -1005,9 +1005,8 @@ static bool fork_domain_child(struct winbindd_child *child)
state.sock = fdpair[0];
close(fdpair[1]);
- /* tdb needs special fork handling */
- if (tdb_reopen_all(1) == -1) {
- DEBUG(0,("tdb_reopen_all failed.\n"));
+ if (!reinit_after_fork(winbind_messaging_context())) {
+ DEBUG(0,("reinit_after_fork() failed\n"));
_exit(0);
}
diff --git a/source3/winbindd/winbindd_misc.c b/source3/winbindd/winbindd_misc.c
index 93986d174e..bde2eafb53 100644
--- a/source3/winbindd/winbindd_misc.c
+++ b/source3/winbindd/winbindd_misc.c
@@ -333,7 +333,7 @@ enum winbindd_result winbindd_dual_getdcname(struct winbindd_domain *domain,
/* This call can take a long time - allow the server to time out.
35 seconds should do it. */
- orig_timeout = cli_set_timeout(netlogon_pipe->cli, 35000);
+ orig_timeout = rpccli_set_timeout(netlogon_pipe, 35000);
req_domain = find_domain_from_name_noinit(state->request.domain_name);
if (req_domain == domain) {
@@ -352,7 +352,7 @@ enum winbindd_result winbindd_dual_getdcname(struct winbindd_domain *domain,
&werr);
}
/* And restore our original timeout. */
- cli_set_timeout(netlogon_pipe->cli, orig_timeout);
+ rpccli_set_timeout(netlogon_pipe, orig_timeout);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(5,("Error requesting DCname for domain %s: %s\n",
diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index 2a7704c8a5..bb79d7ec12 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -750,14 +750,14 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
/* This call can take a long time - allow the server to time out.
35 seconds should do it. */
- orig_timeout = cli_set_timeout(cli->cli, 35000);
+ orig_timeout = rpccli_set_timeout(cli, 35000);
result = rpccli_samr_QueryGroupMember(cli, mem_ctx,
&group_pol,
&rids);
/* And restore our original timeout. */
- cli_set_timeout(cli->cli, orig_timeout);
+ rpccli_set_timeout(cli, orig_timeout);
rpccli_samr_Close(cli, mem_ctx, &group_pol);