2
Unix SMB/CIFS implementation.
4
winbind client common code
6
Copyright (C) Tim Potter 2000
7
Copyright (C) Andrew Tridgell 2000
8
Copyright (C) Andrew Bartlett 2002
11
This library is free software; you can redistribute it and/or
12
modify it under the terms of the GNU Lesser General Public
13
License as published by the Free Software Foundation; either
14
version 3 of the License, or (at your option) any later version.
16
This library is distributed in the hope that it will be useful,
17
but WITHOUT ANY WARRANTY; without even the implied warranty of
18
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19
Library General Public License for more details.
21
You should have received a copy of the GNU Lesser General Public License
22
along with this program. If not, see <http://www.gnu.org/licenses/>.
25
#include "winbind_client.h"
27
/* Global variables. These are effectively the client state information */
29
int winbindd_fd = -1; /* fd for winbindd socket */
30
static int is_privileged = 0;
32
/* Free a response structure */
34
void winbindd_free_response(struct winbindd_response *response)
36
/* Free any allocated extra_data */
39
SAFE_FREE(response->extra_data.data);
42
/* Initialise a request structure */
44
void winbindd_init_request(struct winbindd_request *request, int request_type)
46
request->length = sizeof(struct winbindd_request);
48
request->cmd = (enum winbindd_cmd)request_type;
49
request->pid = getpid();
53
/* Initialise a response structure */
55
static void init_response(struct winbindd_response *response)
57
/* Initialise return value */
59
response->result = WINBINDD_ERROR;
62
/* Close established socket */
64
void winbind_close_sock(void)
66
if (winbindd_fd != -1) {
72
#define CONNECT_TIMEOUT 30
74
/* Make sure socket handle isn't stdin, stdout or stderr */
75
#define RECURSION_LIMIT 3
77
static int make_nonstd_fd_internals(int fd, int limit /* Recursion limiter */)
80
if (fd >= 0 && fd <= 2) {
82
if ((new_fd = fcntl(fd, F_DUPFD, 3)) == -1) {
100
/* use the program stack to hold our list of FDs to close */
101
new_fd = make_nonstd_fd_internals(new_fd, limit - 1);
109
/****************************************************************************
110
Set a fd into blocking/nonblocking mode. Uses POSIX O_NONBLOCK if available,
114
Set close on exec also.
115
****************************************************************************/
117
static int make_safe_fd(int fd)
120
int new_fd = make_nonstd_fd_internals(fd, RECURSION_LIMIT);
126
/* Socket should be nonblocking. */
128
#define FLAG_TO_SET O_NONBLOCK
131
#define FLAG_TO_SET O_NDELAY
133
#define FLAG_TO_SET FNDELAY
137
if ((flags = fcntl(new_fd, F_GETFL)) == -1) {
142
flags |= FLAG_TO_SET;
143
if (fcntl(new_fd, F_SETFL, flags) == -1) {
150
/* Socket should be closed on exec() */
152
result = flags = fcntl(new_fd, F_GETFD, 0);
155
result = fcntl( new_fd, F_SETFD, flags );
165
/* Connect to winbindd socket */
167
static int winbind_named_pipe_sock(const char *dir)
169
struct sockaddr_un sunaddr;
176
/* Check permissions on unix socket directory */
178
if (lstat(dir, &st) == -1) {
183
if (!S_ISDIR(st.st_mode) ||
184
(st.st_uid != 0 && st.st_uid != geteuid())) {
189
/* Connect to socket */
191
if (asprintf(&path, "%s/%s", dir, WINBINDD_SOCKET_NAME) < 0) {
195
ZERO_STRUCT(sunaddr);
196
sunaddr.sun_family = AF_UNIX;
197
strncpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path) - 1);
199
/* If socket file doesn't exist, don't bother trying to connect
200
with retry. This is an attempt to make the system usable when
201
the winbindd daemon is not running. */
203
if (lstat(path, &st) == -1) {
210
/* Check permissions on unix socket file */
212
if (!S_ISSOCK(st.st_mode) ||
213
(st.st_uid != 0 && st.st_uid != geteuid())) {
218
/* Connect to socket */
220
if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
224
/* Set socket non-blocking and close on exec. */
226
if ((fd = make_safe_fd( fd)) == -1) {
230
for (wait_time = 0; connect(fd, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1;
231
wait_time += slept) {
235
int connect_errno = 0;
238
if (wait_time >= CONNECT_TIMEOUT)
245
tv.tv_sec = CONNECT_TIMEOUT - wait_time;
248
ret = select(fd + 1, NULL, &w_fds, NULL, &tv);
251
errnosize = sizeof(connect_errno);
253
ret = getsockopt(fd, SOL_SOCKET,
254
SO_ERROR, &connect_errno, &errnosize);
256
if (ret >= 0 && connect_errno == 0) {
257
/* Connect succeed */
262
slept = CONNECT_TIMEOUT;
265
slept = rand() % 3 + 1;
284
static const char *winbindd_socket_dir(void)
286
#ifdef SOCKET_WRAPPER
289
env_dir = getenv(WINBINDD_SOCKET_DIR_ENVVAR);
295
return WINBINDD_SOCKET_DIR;
298
/* Connect to winbindd socket */
300
static int winbind_open_pipe_sock(int recursing, int need_priv)
302
#ifdef HAVE_UNIXSOCKET
303
static pid_t our_pid;
304
struct winbindd_request request;
305
struct winbindd_response response;
306
ZERO_STRUCT(request);
307
ZERO_STRUCT(response);
309
if (our_pid != getpid()) {
310
winbind_close_sock();
314
if ((need_priv != 0) && (is_privileged == 0)) {
315
winbind_close_sock();
318
if (winbindd_fd != -1) {
326
if ((winbindd_fd = winbind_named_pipe_sock(winbindd_socket_dir())) == -1) {
332
/* version-check the socket */
334
request.wb_flags = WBFLAG_RECURSE;
335
if ((winbindd_request_response(WINBINDD_INTERFACE_VERSION, &request, &response) != NSS_STATUS_SUCCESS) || (response.data.interface_version != WINBIND_INTERFACE_VERSION)) {
336
winbind_close_sock();
340
/* try and get priv pipe */
342
request.wb_flags = WBFLAG_RECURSE;
343
if (winbindd_request_response(WINBINDD_PRIV_PIPE_DIR, &request, &response) == NSS_STATUS_SUCCESS) {
345
if ((fd = winbind_named_pipe_sock((char *)response.extra_data.data)) != -1) {
352
if ((need_priv != 0) && (is_privileged == 0)) {
356
SAFE_FREE(response.extra_data.data);
361
#endif /* HAVE_UNIXSOCKET */
364
/* Write data to winbindd socket */
366
int winbind_write_sock(void *buffer, int count, int recursing, int need_priv)
368
int result, nwritten;
370
/* Open connection to winbind daemon */
374
if (winbind_open_pipe_sock(recursing, need_priv) == -1) {
379
/* Write data to socket */
383
while(nwritten < count) {
387
/* Catch pipe close on other end by checking if a read()
388
call would not block by calling select(). */
391
FD_SET(winbindd_fd, &r_fds);
394
if (select(winbindd_fd + 1, &r_fds, NULL, NULL, &tv) == -1) {
395
winbind_close_sock();
396
return -1; /* Select error */
399
/* Write should be OK if fd not available for reading */
401
if (!FD_ISSET(winbindd_fd, &r_fds)) {
405
result = write(winbindd_fd,
406
(char *)buffer + nwritten,
409
if ((result == -1) || (result == 0)) {
413
winbind_close_sock();
421
/* Pipe has closed on remote end */
423
winbind_close_sock();
431
/* Read data from winbindd socket */
433
int winbind_read_sock(void *buffer, int count)
436
int total_time = 0, selret;
438
if (winbindd_fd == -1) {
442
/* Read data from socket */
443
while(nread < count) {
447
/* Catch pipe close on other end by checking if a read()
448
call would not block by calling select(). */
451
FD_SET(winbindd_fd, &r_fds);
453
/* Wait for 5 seconds for a reply. May need to parameterise this... */
456
if ((selret = select(winbindd_fd + 1, &r_fds, NULL, NULL, &tv)) == -1) {
457
winbind_close_sock();
458
return -1; /* Select error */
462
/* Not ready for read yet... */
463
if (total_time >= 30) {
465
winbind_close_sock();
472
if (FD_ISSET(winbindd_fd, &r_fds)) {
476
int result = read(winbindd_fd, (char *)buffer + nread,
479
if ((result == -1) || (result == 0)) {
481
/* Read failed. I think the only useful thing we
482
can do here is just return -1 and fail since the
483
transaction has failed half way through. */
485
winbind_close_sock();
499
int winbindd_read_reply(struct winbindd_response *response)
501
int result1, result2 = 0;
507
/* Read fixed length response */
509
result1 = winbind_read_sock(response,
510
sizeof(struct winbindd_response));
515
/* We actually send the pointer value of the extra_data field from
516
the server. This has no meaning in the client's address space
517
so we clear it out. */
519
response->extra_data.data = NULL;
521
/* Read variable length response */
523
if (response->length > sizeof(struct winbindd_response)) {
524
int extra_data_len = response->length -
525
sizeof(struct winbindd_response);
527
/* Mallocate memory for extra data */
529
if (!(response->extra_data.data = malloc(extra_data_len))) {
533
result2 = winbind_read_sock(response->extra_data.data,
536
winbindd_free_response(response);
541
/* Return total amount of data read */
543
return result1 + result2;
547
* send simple types of requests
550
NSS_STATUS winbindd_send_request(int req_type, int need_priv,
551
struct winbindd_request *request)
553
struct winbindd_request lrequest;
555
/* Check for our tricky environment variable */
557
if (winbind_env_set()) {
558
return NSS_STATUS_NOTFOUND;
562
ZERO_STRUCT(lrequest);
566
/* Fill in request and send down pipe */
568
winbindd_init_request(request, req_type);
570
if (winbind_write_sock(request, sizeof(*request),
571
request->wb_flags & WBFLAG_RECURSE,
574
/* Set ENOENT for consistency. Required by some apps */
577
return NSS_STATUS_UNAVAIL;
580
if ((request->extra_len != 0) &&
581
(winbind_write_sock(request->extra_data.data,
583
request->wb_flags & WBFLAG_RECURSE,
586
/* Set ENOENT for consistency. Required by some apps */
589
return NSS_STATUS_UNAVAIL;
592
return NSS_STATUS_SUCCESS;
596
* Get results from winbindd request
599
NSS_STATUS winbindd_get_response(struct winbindd_response *response)
601
struct winbindd_response lresponse;
604
ZERO_STRUCT(lresponse);
605
response = &lresponse;
608
init_response(response);
611
if (winbindd_read_reply(response) == -1) {
612
/* Set ENOENT for consistency. Required by some apps */
615
return NSS_STATUS_UNAVAIL;
618
/* Throw away extra data if client didn't request it */
619
if (response == &lresponse) {
620
winbindd_free_response(response);
623
/* Copy reply data from socket */
624
if (response->result != WINBINDD_OK) {
625
return NSS_STATUS_NOTFOUND;
628
return NSS_STATUS_SUCCESS;
631
/* Handle simple types of requests */
633
NSS_STATUS winbindd_request_response(int req_type,
634
struct winbindd_request *request,
635
struct winbindd_response *response)
637
NSS_STATUS status = NSS_STATUS_UNAVAIL;
640
while ((status == NSS_STATUS_UNAVAIL) && (count < 10)) {
641
status = winbindd_send_request(req_type, 0, request);
642
if (status != NSS_STATUS_SUCCESS)
644
status = winbindd_get_response(response);
651
NSS_STATUS winbindd_priv_request_response(int req_type,
652
struct winbindd_request *request,
653
struct winbindd_response *response)
655
NSS_STATUS status = NSS_STATUS_UNAVAIL;
658
while ((status == NSS_STATUS_UNAVAIL) && (count < 10)) {
659
status = winbindd_send_request(req_type, 1, request);
660
if (status != NSS_STATUS_SUCCESS)
662
status = winbindd_get_response(response);
669
/*************************************************************************
670
************************************************************************/
672
const char *nss_err_str(NSS_STATUS ret)
675
case NSS_STATUS_TRYAGAIN:
676
return "NSS_STATUS_TRYAGAIN";
677
case NSS_STATUS_SUCCESS:
678
return "NSS_STATUS_SUCCESS";
679
case NSS_STATUS_NOTFOUND:
680
return "NSS_STATUS_NOTFOUND";
681
case NSS_STATUS_UNAVAIL:
682
return "NSS_STATUS_UNAVAIL";
683
#ifdef NSS_STATUS_RETURN
684
case NSS_STATUS_RETURN:
685
return "NSS_STATUS_RETURN";
688
return "UNKNOWN RETURN CODE!!!!!!!";