diff options
author | Gary Lockyer <gary@catalyst.net.nz> | 2018-08-23 09:35:52 +1200 |
---|---|---|
committer | Gary Lockyer <gary@samba.org> | 2018-11-01 23:49:24 +0100 |
commit | 99aea42520fc10564dbba013c365adb3059febad (patch) | |
tree | f3b63d2d703983b23dc9b6aaddc764c105c10637 /source4/kdc/kdc-heimdal.c | |
parent | d6777a66c0dbd0c356059644b57070d4587d83ea (diff) | |
download | samba-99aea42520fc10564dbba013c365adb3059febad.tar.gz |
source4 smdb: Add a post fork hook to the service API
Add a post fork hook to the service API this will be called:
- standard process model
immediately after the task_init.
- single process model
immediately after the task_init
- prefork process model, inhibit_pre_fork = true
immediately after the task_init
- prefork process model, inhibit_pre_fork = false
after each service worker has forked. It is not run on the service
master process.
The post fork hook is not called in the standard model if a new process
is forked on a new connection. It is instead called immediately after
the task_init.
The task_init hook has been changed to return an error code. This ensures
the post_fork code is only run if the task_init code completed successfully.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Diffstat (limited to 'source4/kdc/kdc-heimdal.c')
-rw-r--r-- | source4/kdc/kdc-heimdal.c | 50 |
1 files changed, 27 insertions, 23 deletions
diff --git a/source4/kdc/kdc-heimdal.c b/source4/kdc/kdc-heimdal.c index 8f09c41d74d..3beff5d95da 100644 --- a/source4/kdc/kdc-heimdal.c +++ b/source4/kdc/kdc-heimdal.c @@ -261,7 +261,7 @@ static NTSTATUS kdc_check_generic_kerberos(struct irpc_message *msg, /* startup the kdc task */ -static void kdc_task_init(struct task_server *task) +static NTSTATUS kdc_task_init(struct task_server *task) { struct kdc_server *kdc; krb5_kdc_configuration *kdc_config = NULL; @@ -273,14 +273,14 @@ static void kdc_task_init(struct task_server *task) switch (lpcfg_server_role(task->lp_ctx)) { case ROLE_STANDALONE: task_server_terminate(task, "kdc: no KDC required in standalone configuration", false); - return; + return NT_STATUS_INVALID_DOMAIN_ROLE; case ROLE_DOMAIN_MEMBER: task_server_terminate(task, "kdc: no KDC required in member server configuration", false); - return; + return NT_STATUS_INVALID_DOMAIN_ROLE; case ROLE_DOMAIN_PDC: case ROLE_DOMAIN_BDC: task_server_terminate(task, "Cannot start KDC as a 'classic Samba' DC", true); - return; + return NT_STATUS_INVALID_DOMAIN_ROLE; case ROLE_ACTIVE_DIRECTORY_DC: /* Yes, we want a KDC */ break; @@ -290,7 +290,7 @@ static void kdc_task_init(struct task_server *task) if (iface_list_count(ifaces) == 0) { task_server_terminate(task, "kdc: no network interfaces configured", false); - return; + return NT_STATUS_UNSUCCESSFUL; } task_server_set_title(task, "task[kdc]"); @@ -298,7 +298,7 @@ static void kdc_task_init(struct task_server *task) kdc = talloc_zero(task, struct kdc_server); if (kdc == NULL) { task_server_terminate(task, "kdc: out of memory", true); - return; + return NT_STATUS_NO_MEMORY; } kdc->task = task; @@ -314,7 +314,7 @@ static void kdc_task_init(struct task_server *task) if (!kdc->samdb) { DEBUG(1,("kdc_task_init: unable to connect to samdb\n")); task_server_terminate(task, "kdc: krb5_init_context samdb connect failed", true); - return; + return NT_STATUS_UNSUCCESSFUL; } ldb_ret = samdb_rodc(kdc->samdb, &kdc->am_rodc); @@ -322,7 +322,7 @@ static void kdc_task_init(struct task_server *task) DEBUG(1, ("kdc_task_init: Cannot determine if we are an RODC: %s\n", ldb_errstring(kdc->samdb))); task_server_terminate(task, "kdc: krb5_init_context samdb RODC connect failed", true); - return; + return NT_STATUS_UNSUCCESSFUL; } kdc->proxy_timeout = lpcfg_parm_int(kdc->task->lp_ctx, NULL, "kdc", "proxy timeout", 5); @@ -334,7 +334,7 @@ static void kdc_task_init(struct task_server *task) DEBUG(1,("kdc_task_init: krb5_init_context failed (%s)\n", error_message(ret))); task_server_terminate(task, "kdc: krb5_init_context failed", true); - return; + return NT_STATUS_UNSUCCESSFUL; } krb5_add_et_list(kdc->smb_krb5_context->krb5_context, initialize_hdb_error_table_r); @@ -343,14 +343,14 @@ static void kdc_task_init(struct task_server *task) &kdc_config); if(ret) { task_server_terminate(task, "kdc: failed to get KDC configuration", true); - return; + return NT_STATUS_UNSUCCESSFUL; } kdc_config->logf = (krb5_log_facility *)kdc->smb_krb5_context->pvt_log_data; kdc_config->db = talloc(kdc, struct HDB *); if (!kdc_config->db) { task_server_terminate(task, "kdc: out of memory", true); - return; + return NT_STATUS_UNSUCCESSFUL; } kdc_config->num_db = 1; @@ -382,7 +382,7 @@ static void kdc_task_init(struct task_server *task) kdc->base_ctx = talloc_zero(kdc, struct samba_kdc_base_context); if (!kdc->base_ctx) { task_server_terminate(task, "kdc: out of memory", true); - return; + return NT_STATUS_NO_MEMORY; } kdc->base_ctx->ev_ctx = task->event_ctx; @@ -394,7 +394,7 @@ static void kdc_task_init(struct task_server *task) &kdc_config->db[0]); if (!NT_STATUS_IS_OK(status)) { task_server_terminate(task, "kdc: hdb_samba4_create_kdc (setup KDC database) failed", true); - return; + return status; } ret = krb5_plugin_register(kdc->smb_krb5_context->krb5_context, @@ -402,13 +402,13 @@ static void kdc_task_init(struct task_server *task) &hdb_samba4_interface); if(ret) { task_server_terminate(task, "kdc: failed to register hdb plugin", true); - return; + return NT_STATUS_UNSUCCESSFUL; } ret = krb5_kt_register(kdc->smb_krb5_context->krb5_context, &hdb_kt_ops); if(ret) { task_server_terminate(task, "kdc: failed to register keytab plugin", true); - return; + return NT_STATUS_UNSUCCESSFUL; } kdc->keytab_name = talloc_asprintf(kdc, "HDB:samba4&%p", kdc->base_ctx); @@ -416,7 +416,7 @@ static void kdc_task_init(struct task_server *task) task_server_terminate(task, "kdc: Failed to set keytab name", true); - return; + return NT_STATUS_UNSUCCESSFUL; } /* Register WinDC hooks */ @@ -425,21 +425,21 @@ static void kdc_task_init(struct task_server *task) &windc_plugin_table); if(ret) { task_server_terminate(task, "kdc: failed to register windc plugin", true); - return; + return NT_STATUS_UNSUCCESSFUL; } ret = krb5_kdc_windc_init(kdc->smb_krb5_context->krb5_context); if(ret) { task_server_terminate(task, "kdc: failed to init windc plugin", true); - return; + return NT_STATUS_UNSUCCESSFUL; } ret = krb5_kdc_pkinit_config(kdc->smb_krb5_context->krb5_context, kdc_config); if(ret) { task_server_terminate(task, "kdc: failed to init kdc pkinit subsystem", true); - return; + return NT_STATUS_UNSUCCESSFUL; } kdc->private_data = kdc_config; @@ -448,17 +448,19 @@ static void kdc_task_init(struct task_server *task) task->model_ops); if (!NT_STATUS_IS_OK(status)) { task_server_terminate(task, "kdc failed to setup interfaces", true); - return; + return status; } status = IRPC_REGISTER(task->msg_ctx, irpc, KDC_CHECK_GENERIC_KERBEROS, kdc_check_generic_kerberos, kdc); if (!NT_STATUS_IS_OK(status)) { task_server_terminate(task, "kdc failed to setup monitoring", true); - return; + return status; } irpc_add_name(task->msg_ctx, "kdc_server"); + + return NT_STATUS_OK; } @@ -478,7 +480,9 @@ NTSTATUS server_service_kdc_init(TALLOC_CTX *ctx) * the master process is responsible for managing the worker * processes not performing work. */ - .inhibit_pre_fork = true + .inhibit_pre_fork = true, + .task_init = kdc_task_init, + .post_fork = NULL }; - return register_server_service(ctx, "kdc", kdc_task_init, &details); + return register_server_service(ctx, "kdc", &details); } |