Changeset 988 for vendor/current/source3/winbindd/winbindd.c

Timestamp:

Nov 24, 2016, 1:14:11 PM (9 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: update vendor to version 4.4.3

File:

• vendor/current/source3/winbindd/winbindd.c (modified) (55 diffs)

vendor/current/source3/winbindd/winbindd.c

@@ -1 @@
-/* 
+/*
    Unix SMB/CIFS implementation.
 
@@ -32 +32 @@
 #include "../librpc/gen_ndr/srv_samr.h"
 #include "secrets.h"
+#include "rpc_client/cli_netlogon.h"
 #include "idmap.h"
 #include "lib/addrchange.h"
@@ -37 +38 @@
 #include "auth.h"
 #include "messages.h"
+#include "../lib/util/pidfile.h"
+#include "util_cluster.h"
+#include "source4/lib/messaging/irpc.h"
+#include "source4/lib/messaging/messaging.h"
+#include "lib/param/param.h"
+#include "lib/async_req/async_sock.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_WINBIND
 
+#define SCRUB_CLIENTS_INTERVAL 5
+
 static bool client_is_idle(struct winbindd_cli_state *state);
 static void remove_client(struct winbindd_cli_state *state);
+static void winbindd_setup_max_fds(void);
 
 static bool opt_nocache = False;
@@ -49 +59 @@
 extern bool override_logfile;
 
+struct tevent_context *winbind_event_context(void)
+{
+        static struct tevent_context *ev = NULL;
+
+        if (ev != NULL) {
+                return ev;
+        }
+
+        /*
+         * Note we MUST use the NULL context here, not the autofree context,
+         * to avoid side effects in forked children exiting.
+         */
+        ev = samba_tevent_context_init(NULL);
+        if (ev == NULL) {
+                smb_panic("Could not init winbindd's messaging context.\n");
+        }
+        return ev;
+}
+
 struct messaging_context *winbind_messaging_context(void)
 {
-        struct messaging_context *msg_ctx = server_messaging_context();
-        if (likely(msg_ctx != NULL)) {
-                return msg_ctx;
-        }
-        smb_panic("Could not init winbindd's messaging context.\n");
-        return NULL;
+        static struct messaging_context *msg = NULL;
+
+        if (msg != NULL) {
+                return msg;
+        }
+
+        /*
+         * Note we MUST use the NULL context here, not the autofree context,
+         * to avoid side effects in forked children exiting.
+         */
+        msg = messaging_init(NULL, winbind_event_context());
+        if (msg == NULL) {
+                smb_panic("Could not init winbindd's messaging context.\n");
+        }
+        return msg;
+}
+
+struct imessaging_context *winbind_imessaging_context(void)
+{
+        static struct imessaging_context *msg = NULL;
+        struct messaging_context *msg_ctx;
+        struct server_id myself;
+        struct loadparm_context *lp_ctx;
+
+        if (msg != NULL) {
+                return msg;
+        }
+
+        msg_ctx = server_messaging_context();
+        if (msg_ctx == NULL) {
+                smb_panic("server_messaging_context failed\n");
+        }
+        myself = messaging_server_id(msg_ctx);
+
+        lp_ctx = loadparm_init_s3(NULL, loadparm_s3_helpers());
+        if (lp_ctx == NULL) {
+                smb_panic("Could not load smb.conf to init winbindd's imessaging context.\n");
+        }
+
+        /*
+         * Note we MUST use the NULL context here, not the autofree context,
+         * to avoid side effects in forked children exiting.
+         */
+        msg = imessaging_init(NULL, lp_ctx, myself, winbind_event_context(),
+                              false);
+        talloc_unlink(NULL, lp_ctx);
+
+        if (msg == NULL) {
+                smb_panic("Could not init winbindd's messaging context.\n");
+        }
+        return msg;
 }
 
@@ -66 +140 @@
 
         if (lp_loaded()) {
-                char *fname = lp_configfile();
+                char *fname = lp_next_configfile(talloc_tos());
 
                 if (file_exist(fname) && !strcsequal(fname,get_dyn_CONFIGFILE())) {
@@ -81 +155 @@
 
         reopen_logs();
-        ret = lp_load(get_dyn_CONFIGFILE(),False,False,True,True);
+        ret = lp_load_global(get_dyn_CONFIGFILE());
 
         reopen_logs();
         load_interfaces();
+        winbindd_setup_max_fds();
 
         return(ret);
 }
 
-
-/**************************************************************************** **
- Handle a fault..
- **************************************************************************** */
-
-static void fault_quit(void)
-{
-        dump_core();
-}
 
 static void winbindd_status(void)
@@ -170 +236 @@
 
                 if (asprintf(&path, "%s/%s",
-                        get_winbind_pipe_dir(), WINBINDD_SOCKET_NAME) > 0) {
+                        lp_winbindd_socket_directory(), WINBINDD_SOCKET_NAME) > 0) {
                         unlink(path);
                         SAFE_FREE(path);
@@ -193 +259 @@
 
         if (is_parent) {
-                serverid_deregister(procid_self());
-                pidfile_unlink();
+                struct messaging_context *msg = winbind_messaging_context();
+                struct server_id self = messaging_server_id(msg);
+                serverid_deregister(self);
+                pidfile_unlink(lp_pid_directory(), "winbindd");
         }
 
@@ -212 +280 @@
                  signum, (int)*is_parent));
         terminate(*is_parent);
+}
+
+/*
+  handle stdin becoming readable when we are in --foreground mode
+ */
+static void winbindd_stdin_handler(struct tevent_context *ev,
+                               struct tevent_fd *fde,
+                               uint16_t flags,
+                               void *private_data)
+{
+        char c;
+        if (read(0, &c, 1) != 1) {
+                bool *is_parent = talloc_get_type_abort(private_data, bool);
+
+                /* we have reached EOF on stdin, which means the
+                   parent has exited. Shutdown the server */
+                DEBUG(0,("EOF on stdin (is_parent=%d)\n",
+                         (int)*is_parent));
+                terminate(*is_parent);
+        }
 }
 
@@ -262 +350 @@
 }
 
+bool winbindd_setup_stdin_handler(bool parent, bool foreground)
+{
+        bool *is_parent;
+
+        if (foreground) {
+                struct stat st;
+
+                is_parent = talloc(winbind_event_context(), bool);
+                if (!is_parent) {
+                        return false;
+                }
+
+                *is_parent = parent;
+
+                /* if we are running in the foreground then look for
+                   EOF on stdin, and exit if it happens. This allows
+                   us to die if the parent process dies
+                   Only do this on a pipe or socket, no other device.
+                */
+                if (fstat(0, &st) != 0) {
+                        return false;
+                }
+                if (S_ISFIFO(st.st_mode) || S_ISSOCK(st.st_mode)) {
+                        tevent_add_fd(winbind_event_context(),
+                                        is_parent,
+                                        0,
+                                        TEVENT_FD_READ,
+                                        winbindd_stdin_handler,
+                                        is_parent);
+                }
+        }
+
+        return true;
+}
+
 static void winbindd_sig_hup_handler(struct tevent_context *ev,
                                      struct tevent_signal *se,
@@ -388 +511 @@
                                        DATA_BLOB *data)
 {
-        uint8 ret;
+        uint8_t ret;
         pid_t child_pid;
         NTSTATUS status;
@@ -400 +523 @@
          * code can safely use fork/waitpid...
          */
-        child_pid = sys_fork();
+        child_pid = fork();
 
         if (child_pid == -1) {
@@ -427 +550 @@
         CatchSignal(SIGCHLD, SIG_DFL);
 
-        ret = (uint8)winbindd_validate_cache_nobackup();
+        ret = (uint8_t)winbindd_validate_cache_nobackup();
         DEBUG(10, ("winbindd_msg_validata_cache: got return value %d\n", ret));
         messaging_send_buf(msg_ctx, server_id, MSG_WINBIND_VALIDATE_CACHE, &ret,
@@ -460 +583 @@
         { WINBINDD_CCACHE_NTLMAUTH, winbindd_ccache_ntlm_auth, "NTLMAUTH" },
         { WINBINDD_CCACHE_SAVE, winbindd_ccache_save, "CCACHE_SAVE" },
-
-        /* WINS functions */
-
-        { WINBINDD_WINS_BYNAME, winbindd_wins_byname, "WINS_BYNAME" },
-        { WINBINDD_WINS_BYIP, winbindd_wins_byip, "WINS_BYIP" },
 
         /* End of list */
@@ -556 +674 @@
           winbindd_pam_chng_pswd_auth_crap_send,
           winbindd_pam_chng_pswd_auth_crap_recv },
+        { WINBINDD_WINS_BYIP, "WINS_BYIP",
+          winbindd_wins_byip_send, winbindd_wins_byip_recv },
+        { WINBINDD_WINS_BYNAME, "WINS_BYNAME",
+          winbindd_wins_byname_send, winbindd_wins_byname_recv },
 
         { 0, NULL, NULL, NULL }
@@ -589 +711 @@
         state->cmd_name = "unknown request";
         state->recv_fn = NULL;
-        state->last_access = time(NULL);
+        /* client is newest */
+        winbindd_promote_client(state);
 
         /* Process command */
@@ -700 +823 @@
 static void winbind_client_request_read(struct tevent_req *req);
 static void winbind_client_response_written(struct tevent_req *req);
+static void winbind_client_activity(struct tevent_req *req);
 
 static void request_finished(struct winbindd_cli_state *state)
 {
         struct tevent_req *req;
+
+        /* free client socket monitoring request */
+        TALLOC_FREE(state->io_req);
 
         TALLOC_FREE(state->request);
@@ -717 +844 @@
         }
         tevent_req_set_callback(req, winbind_client_response_written, state);
+        state->io_req = req;
 }
 
@@ -725 +853 @@
         ssize_t ret;
         int err;
+
+        state->io_req = NULL;
 
         ret = wb_resp_write_recv(req, &err);
@@ -752 +882 @@
         }
         tevent_req_set_callback(req, winbind_client_request_read, state);
+        state->io_req = req;
 }
 
@@ -786 +917 @@
         if (sock == -1) {
                 if (errno != EINTR) {
-                        DEBUG(0, ("Faild to accept socket - %s\n",
+                        DEBUG(0, ("Failed to accept socket - %s\n",
                                   strerror(errno)));
                 }
@@ -796 +927 @@
         /* Create new connection structure */
 
-        if ((state = TALLOC_ZERO_P(NULL, struct winbindd_cli_state)) == NULL) {
+        if ((state = talloc_zero(NULL, struct winbindd_cli_state)) == NULL) {
                 close(sock);
                 return;
@@ -809 +940 @@
                 return;
         }
-
-        state->last_access = time(NULL);        
 
         state->privileged = privileged;
@@ -822 +951 @@
         }
         tevent_req_set_callback(req, winbind_client_request_read, state);
+        state->io_req = req;
 
         /* Add to connection list */
@@ -834 +964 @@
         ssize_t ret;
         int err;
+
+        state->io_req = NULL;
 
         ret = wb_req_read_recv(req, state, &state->request, &err);
@@ -850 +982 @@
                 return;
         }
+
+        req = wait_for_read_send(state, winbind_event_context(), state->sock,
+                                 true);
+        if (req == NULL) {
+                DEBUG(0, ("winbind_client_request_read[%d:%s]:"
+                          " wait_for_read_send failed - removing client\n",
+                          (int)state->pid, state->cmd_name));
+                remove_client(state);
+                return;
+        }
+        tevent_req_set_callback(req, winbind_client_activity, state);
+        state->io_req = req;
+
         process_request(state);
+}
+
+static void winbind_client_activity(struct tevent_req *req)
+{
+        struct winbindd_cli_state *state =
+            tevent_req_callback_data(req, struct winbindd_cli_state);
+        int err;
+        bool has_data;
+
+        has_data = wait_for_read_recv(req, &err);
+
+        if (has_data) {
+                DEBUG(0, ("winbind_client_activity[%d:%s]:"
+                          "unexpected data from client - removing client\n",
+                          (int)state->pid, state->cmd_name));
+        } else {
+                if (err == EPIPE) {
+                        DEBUG(6, ("winbind_client_activity[%d:%s]: "
+                                  "client has closed connection - removing "
+                                  "client\n",
+                                  (int)state->pid, state->cmd_name));
+                } else {
+                        DEBUG(2, ("winbind_client_activity[%d:%s]: "
+                                  "client socket error (%s) - removing "
+                                  "client\n",
+                                  (int)state->pid, state->cmd_name,
+                                  strerror(err)));
+                }
+        }
+
+        remove_client(state);
 }
 
@@ -865 +1041 @@
                 return;
         }
+
+        /*
+         * We need to remove a pending wb_req_read_*
+         * or wb_resp_write_* request before closing the
+         * socket.
+         *
+         * This is important as they might have used tevent_add_fd() and we
+         * use the epoll * backend on linux. So we must remove the tevent_fd
+         * before closing the fd.
+         *
+         * Otherwise we might hit a race with close_conns_after_fork() (via
+         * winbindd_reinit_after_fork()) where a file description
+         * is still open in a child, which means it's still active in
+         * the parents epoll queue, but the related tevent_fd is already
+         * already gone in the parent.
+         *
+         * See bug #11141.
+         */
+        TALLOC_FREE(state->io_req);
 
         if (state->sock != -1) {
@@ -901 +1096 @@
 {
         struct winbindd_cli_state *state, *remove_state = NULL;
-        time_t last_access = 0;
         int nidle = 0;
 
@@ -907 +1101 @@
                 if (client_is_idle(state)) {
                         nidle++;
-                        if (!last_access || state->last_access < last_access) {
-                                last_access = state->last_access;
-                                remove_state = state;
-                        }
+                        /* list is sorted by access time */
+                        remove_state = state;
                 }
         }
@@ -922 +1114 @@
 
         return False;
+}
+
+/*
+ * Terminate all clients whose requests have taken longer than
+ * "winbind request timeout" seconds to process, or have been
+ * idle for more than "winbind request timeout" seconds.
+ */
+
+static void remove_timed_out_clients(void)
+{
+        struct winbindd_cli_state *state, *prev = NULL;
+        time_t curr_time = time(NULL);
+        int timeout_val = lp_winbind_request_timeout();
+
+        for (state = winbindd_client_list_tail(); state; state = prev) {
+                time_t expiry_time;
+
+                prev = winbindd_client_list_prev(state);
+                expiry_time = state->last_access + timeout_val;
+
+                if (curr_time > expiry_time) {
+                        if (client_is_idle(state)) {
+                                DEBUG(5,("Idle client timed out, "
+                                        "shutting down sock %d, pid %u\n",
+                                        state->sock,
+                                        (unsigned int)state->pid));
+                        } else {
+                                DEBUG(5,("Client request timed out, "
+                                        "shutting down sock %d, pid %u\n",
+                                        state->sock,
+                                        (unsigned int)state->pid));
+                        }
+                        remove_client(state);
+                } else {
+                        /* list is sorted, previous clients in
+                           list are newer */
+                        break;
+                }
+        }
+}
+
+static void winbindd_scrub_clients_handler(struct tevent_context *ev,
+                                           struct tevent_timer *te,
+                                           struct timeval current_time,
+                                           void *private_data)
+{
+        remove_timed_out_clients();
+        if (tevent_add_timer(ev, ev,
+                             timeval_current_ofs(SCRUB_CLIENTS_INTERVAL, 0),
+                             winbindd_scrub_clients_handler, NULL) == NULL) {
+                DEBUG(0, ("winbindd: failed to reschedule client scrubber\n"));
+                exit(1);
+        }
 }
 
@@ -949 +1194 @@
                 }
         }
+        remove_timed_out_clients();
         new_connection(s->fd, s->privileged);
 }
@@ -956 +1202 @@
  */
 
-const char *get_winbind_pipe_dir(void)
-{
-        return lp_parm_const_string(-1, "winbindd", "socket dir", WINBINDD_SOCKET_DIR);
-}
-
 char *get_winbind_priv_pipe_dir(void)
 {
-        return lock_path(WINBINDD_PRIV_SOCKET_SUBDIR);
+        return state_path(WINBINDD_PRIV_SOCKET_SUBDIR);
+}
+
+static void winbindd_setup_max_fds(void)
+{
+        int num_fds = MAX_OPEN_FUDGEFACTOR;
+        int actual_fds;
+
+        num_fds += lp_winbind_max_clients();
+        /* Add some more to account for 2 sockets open
+           when the client transitions from unprivileged
+           to privileged socket
+        */
+        num_fds += lp_winbind_max_clients() / 10;
+
+        /* Add one socket per child process
+           (yeah there are child processes other than the
+           domain children but only domain children can vary
+           with configuration
+        */
+        num_fds += lp_winbind_max_domain_connections() *
+                   (lp_allow_trusted_domains() ? WINBIND_MAX_DOMAINS_HINT : 1);
+
+        actual_fds = set_maxfiles(num_fds);
+
+        if (actual_fds < num_fds) {
+                DEBUG(1, ("winbindd_setup_max_fds: Information only: "
+                          "requested %d open files, %d are available.\n",
+                          num_fds, actual_fds));
+        }
 }
 
@@ -971 +1241 @@
         struct winbindd_listen_state *priv_state = NULL;
         struct tevent_fd *fde;
+        int rc;
+        char *socket_path;
 
         pub_state = talloc(winbind_event_context(),
@@ -980 +1252 @@
         pub_state->privileged = false;
         pub_state->fd = create_pipe_sock(
-                get_winbind_pipe_dir(), WINBINDD_SOCKET_NAME, 0755);
+                lp_winbindd_socket_directory(), WINBINDD_SOCKET_NAME, 0755);
         if (pub_state->fd == -1) {
+                goto failed;
+        }
+        rc = listen(pub_state->fd, 5);
+        if (rc < 0) {
                 goto failed;
         }
@@ -1000 +1276 @@
         }
 
+        socket_path = get_winbind_priv_pipe_dir();
+        if (socket_path == NULL) {
+                goto failed;
+        }
+
         priv_state->privileged = true;
         priv_state->fd = create_pipe_sock(
-                get_winbind_priv_pipe_dir(), WINBINDD_SOCKET_NAME, 0750);
+                socket_path, WINBINDD_SOCKET_NAME, 0750);
+        TALLOC_FREE(socket_path);
         if (priv_state->fd == -1) {
+                goto failed;
+        }
+        rc = listen(priv_state->fd, 5);
+        if (rc < 0) {
                 goto failed;
         }
@@ -1016 +1302 @@
         tevent_fd_set_auto_close(fde);
 
+        winbindd_scrub_clients_handler(winbind_event_context(), NULL,
+                                       timeval_current(), NULL);
         return true;
 failed:
@@ -1033 +1321 @@
 }
 
-void winbindd_register_handlers(void)
-{
+static void winbindd_register_handlers(struct messaging_context *msg_ctx,
+                                       bool foreground)
+{
+        NTSTATUS status;
         /* Setup signal handlers */
 
         if (!winbindd_setup_sig_term_handler(true))
+                exit(1);
+        if (!winbindd_setup_stdin_handler(true, foreground))
                 exit(1);
         if (!winbindd_setup_sig_hup_handler(NULL))
@@ -1058 +1350 @@
         /* get broadcast messages */
 
-        if (!serverid_register(procid_self(),
-                               FLAG_MSG_GENERAL|FLAG_MSG_DBWRAP)) {
+        if (!serverid_register(messaging_server_id(msg_ctx),
+                               FLAG_MSG_GENERAL |
+                               FLAG_MSG_WINBIND |
+                               FLAG_MSG_DBWRAP)) {
                 DEBUG(1, ("Could not register myself in serverid.tdb\n"));
                 exit(1);
@@ -1066 +1360 @@
         /* React on 'smbcontrol winbindd reload-config' in the same way
            as to SIGHUP signal */
-        messaging_register(winbind_messaging_context(), NULL,
+        messaging_register(msg_ctx, NULL,
                            MSG_SMB_CONF_UPDATED, msg_reload_services);
-        messaging_register(winbind_messaging_context(), NULL,
+        messaging_register(msg_ctx, NULL,
                            MSG_SHUTDOWN, msg_shutdown);
 
         /* Handle online/offline messages. */
-        messaging_register(winbind_messaging_context(), NULL,
+        messaging_register(msg_ctx, NULL,
                            MSG_WINBIND_OFFLINE, winbind_msg_offline);
-        messaging_register(winbind_messaging_context(), NULL,
+        messaging_register(msg_ctx, NULL,
                            MSG_WINBIND_ONLINE, winbind_msg_online);
-        messaging_register(winbind_messaging_context(), NULL,
+        messaging_register(msg_ctx, NULL,
                            MSG_WINBIND_ONLINESTATUS, winbind_msg_onlinestatus);
 
@@ -1085 +1379 @@
                            MSG_WINBIND_DOMAIN_ONLINE, winbind_msg_domain_online);
 
-        messaging_register(winbind_messaging_context(), NULL,
+        messaging_register(msg_ctx, NULL,
                            MSG_DUMP_EVENT_LIST, winbind_msg_dump_event_list);
 
-        messaging_register(winbind_messaging_context(), NULL,
+        messaging_register(msg_ctx, NULL,
                            MSG_WINBIND_VALIDATE_CACHE,
                            winbind_msg_validate_cache);
 
-        messaging_register(winbind_messaging_context(), NULL,
+        messaging_register(msg_ctx, NULL,
                            MSG_WINBIND_DUMP_DOMAIN_LIST,
                            winbind_msg_dump_domain_list);
 
-        messaging_register(winbind_messaging_context(), NULL,
+        messaging_register(msg_ctx, NULL,
                            MSG_WINBIND_IP_DROPPED,
                            winbind_msg_ip_dropped_parent);
 
         /* Register handler for MSG_DEBUG. */
-        messaging_register(winbind_messaging_context(), NULL,
+        messaging_register(msg_ctx, NULL,
                            MSG_DEBUG,
                            winbind_msg_debug);
@@ -1130 +1424 @@
         }
 
+        status = wb_irpc_register();
+
+        if (!NT_STATUS_IS_OK(status)) {
+                DEBUG(0, ("Could not register IRPC handlers\n"));
+                exit(1);
+        }
 }
 
@@ -1218 +1518 @@
 /* Main function */
 
-int main(int argc, char **argv, char **envp)
+int main(int argc, const char **argv)
 {
         static bool is_daemon = False;
@@ -1245 +1545 @@
         TALLOC_CTX *frame;
         NTSTATUS status;
+        bool ok;
 
         /*
@@ -1252 +1553 @@
         frame = talloc_stackframe();
 
+        /*
+         * We want total control over the permissions on created files,
+         * so set our umask to 0.
+         */
+        umask(0);
+
+        setup_logging("winbindd", DEBUG_DEFAULT_STDOUT);
+
         /* glibc (?) likes to print "User defined signal 1" and exit if a
            SIGUSR[12] is received before a handler is installed */
@@ -1258 +1567 @@
         CatchSignal(SIGUSR2, SIG_IGN);
 
-        fault_setup((void (*)(void *))fault_quit );
-        dump_core_setup("winbindd");
-
-        load_case_tables();
+        fault_setup();
+        dump_core_setup("winbindd", lp_logfile(talloc_tos()));
+
+        smb_init_locale();
 
         /* Initialise for running in non-root mode */
@@ -1279 +1588 @@
         /* Initialise samba/rpc client stuff */
 
-        pc = poptGetContext("winbindd", argc, (const char **)argv, long_options, 0);
+        pc = poptGetContext("winbindd", argc, argv, long_options, 0);
 
         while ((opt = poptGetNextOpt(pc)) != -1) {
@@ -1319 +1628 @@
          * in production.
          */
-        dump_core_setup("winbindd");
-
+        dump_core_setup("winbindd", lp_logfile(talloc_tos()));
         if (is_daemon && interactive) {
                 d_fprintf(stderr,"\nERROR: "
@@ -1345 +1653 @@
                 }
         }
+
         if (log_stdout) {
                 setup_logging("winbindd", DEBUG_STDOUT);
@@ -1356 +1665 @@
 
         if (!lp_load_initial_only(get_dyn_CONFIGFILE())) {
-                DEBUG(0, ("error opening config file\n"));
+                DEBUG(0, ("error opening config file '%s'\n", get_dyn_CONFIGFILE()));
                 exit(1);
         }
@@ -1363 +1672 @@
          * path is by default basename(lp_logfile()).
          */
-        dump_core_setup("winbindd");
+        dump_core_setup("winbindd", lp_logfile(talloc_tos()));
+
+        if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC
+            && !lp_parm_bool(-1, "server role check", "inhibit", false)) {
+                DEBUG(0, ("server role = 'active directory domain controller' not compatible with running the winbindd binary. \n"));
+                DEBUGADD(0, ("You should start 'samba' instead, and it will control starting the internal AD DC winbindd implementation, which is not the same as this one\n"));
+                exit(1);
+        }
+
+        if (!cluster_probe_ok()) {
+                exit(1);
+        }
 
         /* Initialise messaging system */
@@ -1376 +1696 @@
         }
 
-        if (!directory_exist(lp_lockdir())) {
-                mkdir(lp_lockdir(), 0755);
+        ok = directory_create_or_exist(lp_lock_directory(), 0755);
+        if (!ok) {
+                DEBUG(0, ("Failed to create directory %s for lock files - %s\n",
+                          lp_lock_directory(), strerror(errno)));
+                exit(1);
+        }
+
+        ok = directory_create_or_exist(lp_pid_directory(), 0755);
+        if (!ok) {
+                DEBUG(0, ("Failed to create directory %s for pid files - %s\n",
+                          lp_pid_directory(), strerror(errno)));
+                exit(1);
         }
 
@@ -1391 +1721 @@
                 DEBUG(0,("Could not initialize domain trust account secrets. Giving up\n"));
                 return False;
+        }
+
+        status = rpccli_pre_open_netlogon_creds();
+        if (!NT_STATUS_IS_OK(status)) {
+                DEBUG(0, ("rpccli_pre_open_netlogon_creds() - %s\n",
+                          nt_errstr(status)));
+                exit(1);
         }
 
@@ -1407 +1744 @@
                 become_daemon(Fork, no_process_group, log_stdout);
 
-        pidfile_create("winbindd");
+        pidfile_create(lp_pid_directory(), "winbindd");
 
 #if HAVE_SETPGID
@@ -1427 +1764 @@
         status = reinit_after_fork(winbind_messaging_context(),
                                    winbind_event_context(),
-                                   procid_self(), false);
+                                   false, NULL);
         if (!NT_STATUS_IS_OK(status)) {
-                DEBUG(0,("reinit_after_fork() failed\n"));
-                exit(1);
-        }
-
-        winbindd_register_handlers();
-
-        status = init_system_info();
+                exit_daemon("Winbindd reinit_after_fork() failed", map_errno_from_nt_status(status));
+        }
+
+        /*
+         * Do not initialize the parent-child-pipe before becoming
+         * a daemon: this is used to detect a died parent in the child
+         * process.
+         */
+        status = init_before_fork();
         if (!NT_STATUS_IS_OK(status)) {
-                DEBUG(1, ("ERROR: failed to setup system user info: %s.\n",
-                          nt_errstr(status)));
-                exit(1);
+                exit_daemon(nt_errstr(status), map_errno_from_nt_status(status));
+        }
+
+        winbindd_register_handlers(winbind_messaging_context(), !Fork);
+
+        if (!messaging_parent_dgm_cleanup_init(winbind_messaging_context())) {
+                exit(1);
+        }
+
+        status = init_system_session_info();
+        if (!NT_STATUS_IS_OK(status)) {
+                exit_daemon("Winbindd failed to setup system user info", map_errno_from_nt_status(status));
         }
 
@@ -1451 +1799 @@
 
         if (!winbindd_setup_listeners()) {
-                DEBUG(0,("winbindd_setup_listeners() failed\n"));
-                exit(1);
-        }
+                exit_daemon("Winbindd failed to setup listeners", EPIPE);
+        }
+
+        irpc_add_name(winbind_imessaging_context(), "winbind_server");
 
         TALLOC_FREE(frame);
+
+        if (!interactive) {
+                daemon_ready("winbindd");
+        }
+
         /* Loop waiting for requests */
         while (1) {