smbd_join.c revision c8ec8eea9849cac239663c46be8a7f5d2ba7ca00
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER START
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The contents of this file are subject to the terms of the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Common Development and Distribution License (the "License").
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You may not use this file except in compliance with the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * See the License for the specific language governing permissions
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * and limitations under the License.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * When distributing Covered Code, include this CDDL HEADER in each
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * If applicable, add the following below this CDDL HEADER, with the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * fields enclosed by brackets "[]" replaced with your own identifying
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * information: Portions Copyright [yyyy] [name of copyright owner]
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * CDDL HEADER END
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Use is subject to license terms.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw#pragma ident "@(#)smbd_join.c 1.9 08/07/17 SMI"
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Maximum time to wait for a domain controller (30 seconds).
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Flags used in conjunction with the location and query condition
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * variables.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwtypedef struct smb_netlogon_info {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/* NT4 domain support is not yet available. */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Inline convenience function to find out if the domain information is
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * valid. The caller can decide whether or not to wait.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Retrieve the kpasswd server from krb5.conf.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw return (-1);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw /* Weed out any comment text */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * smbd_join
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Joins the specified domain/workgroup
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) smb_config_getstr(SMB_CI_KPASSWD_DOMAIN, kpasswd_domain,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw " old keys from the Kerberos keytab. "
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "Please remove the old keys for your "
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego "host principal.");
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) smb_config_setstr(SMB_CI_DOMAIN_NAME, info->domain_name);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * Ensure that any previous membership of this domain has
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * been cleared from the environment before we start. This
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * will ensure that we don't attempt a NETLOGON_SAMLOGON
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * when attempting to find the PDC.
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego (void) smb_config_setbool(SMB_CI_DOMAIN_MEMB, B_FALSE);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego (void) strlcpy(plain_user, info->domain_username, sizeof (plain_user));
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego (void) strlcpy(plain_passwd, info->domain_passwd,
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego (void) smb_resolve_netbiosname(info->domain_name, nbt_domain,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (smb_resolve_fqdn(info->domain_name, fqdn, sizeof (fqdn)) != 1) {
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego syslog(LOG_ERR, "smbd: fully-qualified domain name is unknown");
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego syslog(LOG_ERR, "smbd: unable to remove the old keys from the"
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw " Kerberos keytab. Please remove the old keys for your "
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego "host principal.");
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego if (smb_auth_ntlm_hash(plain_passwd, passwd_hash) != SMBAUTH_SUCCESS) {
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego syslog(LOG_ERR, "smbd: could not compute ntlm hash for '%s'",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "controller information for '%s'",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "specified domain controller information "
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * Temporary delay before creating
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * the workstation trust account.
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego syslog(LOG_ERR, "smbd: failed locating domain controller for %s",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * smbd_locate_dc
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * This is the entry point for discovering a domain controller for the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * specified domain. The caller may block here for around 30 seconds if
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * the system has to go to the network and find a domain controller.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Sometime it would be good to change this to smb_locate_pdc and allow
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * the caller to specify whether or not he wants to wait for a response.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * The actual work of discovering a DC is handled by other threads.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * All we do here is signal the request and wait for a DC or a timeout.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * domain - domain to be discovered
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * dc - preferred DC. If the preferred DC is set to empty string, it
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * will attempt to discover any DC in the specified domain.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns B_TRUE if a domain controller is available.
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego (void) mutex_lock(&smb_netlogon_info.snli_locate_mtx);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego if ((smb_netlogon_info.snli_flags & SMB_NETLF_LOCATE_DC) == 0) {
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego smb_netlogon_info.snli_flags |= SMB_NETLF_LOCATE_DC;
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego (void) strlcpy(smb_netlogon_info.snli_domain, domain,
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego (void) cond_broadcast(&smb_netlogon_info.snli_locate_cv);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw while (smb_netlogon_info.snli_flags & SMB_NETLF_LOCATE_DC) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw rc = cond_reltimedwait(&smb_netlogon_info.snli_locate_cv,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) mutex_unlock(&smb_netlogon_info.snli_locate_mtx);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * smb_netlogon_init
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * Initialization of the DC browser and LSA monitor threads.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns 0 on success, an error number if thread creation fails.
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego (void) pthread_attr_setdetachstate(&tattr, PTHREAD_CREATE_DETACHED);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * smb_netlogon_dc_browser
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * This is the DC browser thread: it gets woken up whenever someone
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * wants to locate a domain controller.
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * With the introduction of Windows 2000, NetBIOS is no longer a
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * requirement for NT domains. If NetBIOS has been disabled on the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * network there will be no browsers and we won't get any response
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * to netlogon requests. So we try to find a DC controller via ADS
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * first. If ADS is disabled or the DNS query fails, we drop back
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * to the netlogon protocol.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * This function will block for up to 30 seconds waiting for the PDC
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * to be discovered. Sometime it would be good to change this to
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * smb_locate_pdc and allow the caller to specify whether or not he
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * wants to wait for a response.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States/*ARGSUSED*/
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borregostatic void *
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States boolean_t rc;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States char resource_domain[SMB_PI_MAX_DOMAIN];
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego (void) mutex_lock(&smb_netlogon_info.snli_locate_mtx);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego while ((smb_netlogon_info.snli_flags & SMB_NETLF_LOCATE_DC) ==
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego (void) cond_wait(&smb_netlogon_info.snli_locate_cv,
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States (void) mutex_unlock(&smb_netlogon_info.snli_locate_mtx);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States (void) strlcpy(resource_domain, smb_netlogon_info.snli_domain,
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States SMB_PI_MAX_DOMAIN);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States (void) strlcpy(dc, smb_netlogon_info.snli_dc, MAXHOSTNAMELEN);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States if ((smb_msdcs_lookup_ads(resource_domain, dc) == 0) &&
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego /* Try to locate a DC via NetBIOS */
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego rc = smb_ntdomain_is_valid(SMB_NETLOGON_TIMEOUT);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego (void) mutex_lock(&smb_netlogon_info.snli_locate_mtx);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States smb_netlogon_info.snli_flags &= ~SMB_NETLF_LOCATE_DC;
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego (void) cond_broadcast(&smb_netlogon_info.snli_locate_cv);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego (void) mutex_unlock(&smb_netlogon_info.snli_locate_mtx);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * Notify the LSA monitor to update the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * primary and trusted domain information.
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego (void) mutex_lock(&smb_netlogon_info.snli_query_mtx);
8d7e41661dc4633488e93b13363137523ce59977jose borrego smb_netlogon_info.snli_flags |= SMB_NETLF_LSA_QUERY;
8d7e41661dc4633488e93b13363137523ce59977jose borrego (void) cond_broadcast(&smb_netlogon_info.snli_query_cv);
8d7e41661dc4633488e93b13363137523ce59977jose borrego (void) mutex_unlock(&smb_netlogon_info.snli_query_mtx);
8d7e41661dc4633488e93b13363137523ce59977jose borrego /*NOTREACHED*/
8d7e41661dc4633488e93b13363137523ce59977jose borrego * smb_netlogon_lsa_monitor
8d7e41661dc4633488e93b13363137523ce59977jose borrego * This monitor should run as a separate thread. It waits on a condition
8d7e41661dc4633488e93b13363137523ce59977jose borrego * variable until someone indicates that the LSA domain information needs
8d7e41661dc4633488e93b13363137523ce59977jose borrego * to be refreshed. It then queries the DC for the NT domain information:
8d7e41661dc4633488e93b13363137523ce59977jose borrego * primary, account and trusted domains. The condition variable should be
8d7e41661dc4633488e93b13363137523ce59977jose borrego * signaled whenever a DC is selected.
8d7e41661dc4633488e93b13363137523ce59977jose borrego * Note that the LSA query calls require the DC information and this task
8d7e41661dc4633488e93b13363137523ce59977jose borrego * may end up blocked on the DC location protocol, which is why this
8d7e41661dc4633488e93b13363137523ce59977jose borrego * monitor is run as a separate thread. This should only happen if the DC
8d7e41661dc4633488e93b13363137523ce59977jose borrego * goes down immediately after we located it.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States/*ARGSUSED*/
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statesstatic void *
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United Statessmb_netlogon_lsa_monitor(void *arg)
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States uint32_t status;
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States for (;;) {
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States (void) mutex_lock(&smb_netlogon_info.snli_query_mtx);
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States while ((smb_netlogon_info.snli_flags & SMB_NETLF_LSA_QUERY) ==
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego (void) cond_wait(&smb_netlogon_info.snli_query_cv,
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego smb_netlogon_info.snli_flags &= ~SMB_NETLF_LSA_QUERY;
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego (void) mutex_unlock(&smb_netlogon_info.snli_query_mtx);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * Skip the LSA query if Authenticated IPC is supported
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * and the credential is not yet set.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States syslog(LOG_DEBUG,
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego "NetlogonLSAMonitor: query "
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States "account info failed");
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States syslog(LOG_DEBUG,
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego "NetlogonLSAMonitor: enum "
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States "trusted domain failed");
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States syslog(LOG_DEBUG,
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States "NetlogonLSAMonitor: update failed");
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw /*NOTREACHED*/
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * smb_set_netlogon_cred
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * If the system is joined to an AD domain via kclient, SMB daemon will need
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * to establish the NETLOGON credential chain.
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * Since the kclient has updated the machine password stored in SMF
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * repository, the cached ipc_info must be updated accordingly by calling
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * smbrdr_ipc_commit.
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * Due to potential replication delays in a multiple DC environment, the
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * NETLOGON rpc request must be sent to the DC, to which the KPASSWD request
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * is sent. If the DC discovered by the SMB daemon is different than the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * kpasswd server, the current connection with the DC will be torn down
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * and a DC discovery process will be triggered to locate the kpasswd
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * If joining a new domain, the domain_name property must be set after a
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * successful credential chain setup.
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego (void) smb_config_getstr(SMB_CI_KPASSWD_SRV, kpasswd_srv,
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * If the domain join initiated by smbadm join CLI is in
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * progress, don't do anything.
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego (void) smb_gethostname(sam_acct, MLSVC_ACCOUNT_NAME_MAX - 1, 0);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego (void) strlcat(sam_acct, "$", MLSVC_ACCOUNT_NAME_MAX);
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego (void) smb_config_getstr(SMB_CI_KPASSWD_DOMAIN, kpasswd_domain,
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego strncasecmp(kpasswd_domain, dp->domain, strlen(dp->domain))) {
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * DC discovery will be triggered if the domain info is not
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * currently cached or the SMB daemon has previously discovered a DC
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * that is different than the kpasswd server.
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego if (new_domain || strcasecmp(dp->server, kpasswd_srv) != 0) {
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego syslog(LOG_ERR, "NETLOGON credential chain establishment"
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego (void) smb_config_setstr(SMB_CI_KPASSWD_DOMAIN,
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * smbd_locate_dc_thread()
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * If necessary, set up Netlogon credential chain and locate a
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego * domain controller in the given resource domain.
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borregostatic void *
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * smbd_locate_dc_start()
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Initialization of the locate dc thread.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw * Returns 0 on success, an error number if thread creation fails.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (void) pthread_attr_setdetachstate(&tattr, PTHREAD_CREATE_DETACHED);