2 Unix SMB/CIFS implementation.
4 Main SMB server routines
6 Copyright (C) Andrew Tridgell 1992-2005
7 Copyright (C) Martin Pool 2002
8 Copyright (C) Jelmer Vernooij 2002
9 Copyright (C) James J Myers 2003 <myersjj@samba.org>
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "lib/events/events.h"
28 #include "lib/cmdline/popt_common.h"
29 #include "system/dir.h"
30 #include "system/filesys.h"
31 #include "auth/gensec/gensec.h"
32 #include "libcli/auth/schannel.h"
33 #include "smbd/process_model.h"
34 #include "param/secrets.h"
35 #include "lib/util/pidfile.h"
36 #include "param/param.h"
37 #include "dsdb/samdb/samdb.h"
38 #include "auth/session.h"
39 #include "lib/messaging/irpc.h"
40 #include "librpc/gen_ndr/ndr_irpc.h"
41 #include "cluster/cluster.h"
42 #include "dynconfig/dynconfig.h"
43 #include "lib/util/samba_modules.h"
44 #include "nsswitch/winbind_client.h"
45 #include "libds/common/roles.h"
46 #include "lib/util/tfork.h"
53 struct tevent_context
*event_ctx
;
54 const char *binary_name
;
58 recursively delete a directory tree
60 static void recursive_delete(const char *path
)
70 for (de
=readdir(dir
);de
;de
=readdir(dir
)) {
74 if (ISDOT(de
->d_name
) || ISDOTDOT(de
->d_name
)) {
78 fname
= talloc_asprintf(path
, "%s/%s", path
, de
->d_name
);
79 if (stat(fname
, &st
) != 0) {
82 if (S_ISDIR(st
.st_mode
)) {
83 recursive_delete(fname
);
87 if (unlink(fname
) != 0) {
88 DBG_ERR("Unabled to delete '%s' - %s\n",
89 fname
, strerror(errno
));
90 smb_panic("unable to cleanup tmp files");
98 cleanup temporary files. This is the new alternative to
99 TDB_CLEAR_IF_FIRST. Unfortunately TDB_CLEAR_IF_FIRST is not
100 efficient on unix systems due to the lack of scaling of the byte
101 range locking system. So instead of putting the burden on tdb to
102 cleanup tmp files, this function deletes them.
104 static void cleanup_tmp_files(struct loadparm_context
*lp_ctx
)
107 TALLOC_CTX
*mem_ctx
= talloc_new(NULL
);
108 if (mem_ctx
== NULL
) {
109 exit_daemon("Failed to create memory context",
113 path
= smbd_tmp_path(mem_ctx
, lp_ctx
, NULL
);
115 exit_daemon("Failed to cleanup temporary files",
119 recursive_delete(path
);
120 talloc_free(mem_ctx
);
123 static void sig_hup(int sig
)
125 debug_schedule_reopen_logs();
128 static void sig_term(int sig
)
131 if (getpgrp() == getpid()) {
133 * We're the process group leader, send
134 * SIGTERM to our process group.
136 kill(-getpgrp(), SIGTERM
);
142 static void sigterm_signal_handler(struct tevent_context
*ev
,
143 struct tevent_signal
*se
,
144 int signum
, int count
, void *siginfo
,
147 struct server_state
*state
= talloc_get_type_abort(
148 private_data
, struct server_state
);
150 DBG_DEBUG("Process %s got SIGTERM\n", state
->binary_name
);
158 static void setup_signals(void)
160 /* we are never interested in SIGPIPE */
161 BlockSignals(true,SIGPIPE
);
164 /* we are never interested in SIGFPE */
165 BlockSignals(true,SIGFPE
);
168 /* We are no longer interested in USR1 */
169 BlockSignals(true, SIGUSR1
);
172 /* We are no longer interested in USR2 */
173 BlockSignals(true,SIGUSR2
);
176 /* POSIX demands that signals are inherited. If the invoking process has
177 * these signals masked, we will have problems,
178 * as we won't receive them. */
179 BlockSignals(false, SIGHUP
);
180 BlockSignals(false, SIGTERM
);
182 CatchSignal(SIGHUP
, sig_hup
);
183 CatchSignal(SIGTERM
, sig_term
);
189 static void server_stdin_handler(struct tevent_context
*event_ctx
,
190 struct tevent_fd
*fde
,
194 struct server_state
*state
= talloc_get_type_abort(
195 private_data
, struct server_state
);
197 if (read(0, &c
, 1) == 0) {
198 DBG_ERR("%s: EOF on stdin - PID %d terminating\n",
199 state
->binary_name
, (int)getpid());
201 if (getpgrp() == getpid()) {
202 DBG_ERR("Sending SIGTERM from pid %d\n",
204 kill(-getpgrp(), SIGTERM
);
213 die if the user selected maximum runtime is exceeded
215 _NORETURN_
static void max_runtime_handler(struct tevent_context
*ev
,
216 struct tevent_timer
*te
,
217 struct timeval t
, void *private_data
)
219 struct server_state
*state
= talloc_get_type_abort(
220 private_data
, struct server_state
);
221 DBG_ERR("%s: maximum runtime exceeded - "
222 "terminating PID %d at %llu, current ts: %llu\n",
225 (unsigned long long)t
.tv_sec
,
226 (unsigned long long)time(NULL
));
232 pre-open the key databases. This saves a lot of time in child
235 static void prime_ldb_databases(struct tevent_context
*event_ctx
)
237 TALLOC_CTX
*db_context
;
238 db_context
= talloc_new(event_ctx
);
240 samdb_connect(db_context
,
243 system_session(cmdline_lp_ctx
),
245 privilege_connect(db_context
, cmdline_lp_ctx
);
247 /* we deliberately leave these open, which allows them to be
248 * re-used in ldb_wrap_connect() */
253 called when a fatal condition occurs in a child task
255 static NTSTATUS
samba_terminate(struct irpc_message
*msg
,
256 struct samba_terminate
*r
)
258 struct server_state
*state
= talloc_get_type(msg
->private_data
,
259 struct server_state
);
260 DBG_ERR("samba_terminate of %s %d: %s\n",
261 state
->binary_name
, (int)getpid(), r
->in
.reason
);
267 setup messaging for the top level samba (parent) task
269 static NTSTATUS
setup_parent_messaging(struct server_state
*state
,
270 struct loadparm_context
*lp_ctx
)
272 struct imessaging_context
*msg
;
275 msg
= imessaging_init(state
->event_ctx
,
277 cluster_id(0, SAMBA_PARENT_TASKID
),
279 NT_STATUS_HAVE_NO_MEMORY(msg
);
281 status
= irpc_add_name(msg
, "samba");
282 if (!NT_STATUS_IS_OK(status
)) {
286 status
= IRPC_REGISTER(msg
, irpc
, SAMBA_TERMINATE
,
287 samba_terminate
, state
);
296 static void show_build(void)
298 #define CONFIG_OPTION(n) { #n, dyn_ ## n }
302 } config_options
[] = {
303 CONFIG_OPTION(BINDIR
),
304 CONFIG_OPTION(SBINDIR
),
305 CONFIG_OPTION(CONFIGFILE
),
306 CONFIG_OPTION(NCALRPCDIR
),
307 CONFIG_OPTION(LOGFILEBASE
),
308 CONFIG_OPTION(LMHOSTSFILE
),
309 CONFIG_OPTION(DATADIR
),
310 CONFIG_OPTION(MODULESDIR
),
311 CONFIG_OPTION(LOCKDIR
),
312 CONFIG_OPTION(STATEDIR
),
313 CONFIG_OPTION(CACHEDIR
),
314 CONFIG_OPTION(PIDDIR
),
315 CONFIG_OPTION(PRIVATE_DIR
),
316 CONFIG_OPTION(CODEPAGEDIR
),
317 CONFIG_OPTION(SETUPDIR
),
318 CONFIG_OPTION(WINBINDD_SOCKET_DIR
),
319 CONFIG_OPTION(NTP_SIGND_SOCKET_DIR
),
324 printf("Samba version: %s\n", SAMBA_VERSION_STRING
);
325 printf("Build environment:\n");
328 for (i
=0; config_options
[i
].name
; i
++) {
330 config_options
[i
].name
,
331 config_options
[i
].value
);
337 static int event_ctx_destructor(struct tevent_context
*event_ctx
)
339 imessaging_dgm_unref_ev(event_ctx
);
344 static int to_children_fd
= -1;
345 static void atfork_prepare(void) {
347 static void atfork_parent(void) {
349 static void atfork_child(void) {
350 if (to_children_fd
!= -1) {
351 close(to_children_fd
);
360 static int binary_smbd_main(const char *binary_name
,
364 bool opt_daemon
= false;
365 bool opt_fork
= true;
366 bool opt_interactive
= false;
367 bool opt_no_process_group
= false;
370 #define _MODULE_PROTO(init) extern NTSTATUS init(TALLOC_CTX *);
371 STATIC_service_MODULES_PROTO
;
372 init_module_fn static_init
[] = { STATIC_service_MODULES
};
373 init_module_fn
*shared_init
;
374 uint16_t stdin_event_flags
;
376 const char *model
= "standard";
385 OPT_NO_PROCESS_GROUP
,
387 struct poptOption long_options
[] = {
389 {"daemon", 'D', POPT_ARG_NONE
, NULL
, OPT_DAEMON
,
390 "Become a daemon (default)", NULL
},
391 {"foreground", 'F', POPT_ARG_NONE
, NULL
, OPT_FOREGROUND
,
392 "Run the daemon in foreground", NULL
},
393 {"interactive", 'i', POPT_ARG_NONE
, NULL
, OPT_INTERACTIVE
,
394 "Run interactive (not a daemon)", NULL
},
395 {"model", 'M', POPT_ARG_STRING
, NULL
, OPT_PROCESS_MODEL
,
396 "Select process model", "MODEL"},
397 {"maximum-runtime",0, POPT_ARG_INT
, &max_runtime
, 0,
398 "set maximum runtime of the server process, "
399 "till autotermination", "seconds"},
400 {"show-build", 'b', POPT_ARG_NONE
, NULL
, OPT_SHOW_BUILD
,
401 "show build info", NULL
},
402 {"no-process-group", '\0', POPT_ARG_NONE
, NULL
,
403 OPT_NO_PROCESS_GROUP
, "Don't create a new process group" },
408 struct server_state
*state
= NULL
;
409 struct tevent_signal
*se
= NULL
;
411 setproctitle("root process");
413 pc
= poptGetContext(binary_name
, argc
, argv
, long_options
, 0);
414 while((opt
= poptGetNextOpt(pc
)) != -1) {
422 case OPT_INTERACTIVE
:
423 opt_interactive
= true;
425 case OPT_PROCESS_MODEL
:
426 model
= poptGetOptArg(pc
);
431 case OPT_NO_PROCESS_GROUP
:
432 opt_no_process_group
= true;
435 fprintf(stderr
, "\nInvalid option %s: %s\n\n",
436 poptBadOption(pc
, 0), poptStrerror(opt
));
437 poptPrintUsage(pc
, stderr
, 0);
442 if (opt_daemon
&& opt_interactive
) {
443 fprintf(stderr
,"\nERROR: "
444 "Option -i|--interactive is "
445 "not allowed together with -D|--daemon\n\n");
446 poptPrintUsage(pc
, stderr
, 0);
448 } else if (!opt_interactive
&& opt_fork
) {
449 /* default is --daemon */
455 talloc_enable_null_tracking();
457 setup_logging(binary_name
, opt_interactive
?DEBUG_STDOUT
:DEBUG_FILE
);
460 /* we want total control over the permissions on created files,
461 so set our umask to 0 */
464 DEBUG(0,("%s version %s started.\n",
466 SAMBA_VERSION_STRING
));
467 DEBUGADD(0,("Copyright Andrew Tridgell and the Samba Team"
470 if (sizeof(uint16_t) < 2 ||
471 sizeof(uint32_t) < 4 ||
472 sizeof(uint64_t) < 8) {
473 DEBUG(0,("ERROR: Samba is not configured correctly "
474 "for the word size on your machine\n"));
475 DEBUGADD(0,("sizeof(uint16_t) = %u, sizeof(uint32_t) %u, "
476 "sizeof(uint64_t) = %u\n",
477 (unsigned int)sizeof(uint16_t),
478 (unsigned int)sizeof(uint32_t),
479 (unsigned int)sizeof(uint64_t)));
484 DBG_NOTICE("Becoming a daemon.\n");
485 become_daemon(opt_fork
, opt_no_process_group
, false);
488 /* Create the memory context to hang everything off. */
489 state
= talloc_zero(NULL
, struct server_state
);
491 exit_daemon("Samba cannot create server state", ENOMEM
);
493 state
->binary_name
= binary_name
;
495 cleanup_tmp_files(cmdline_lp_ctx
);
497 if (!directory_exist(lpcfg_lock_directory(cmdline_lp_ctx
))) {
498 mkdir(lpcfg_lock_directory(cmdline_lp_ctx
), 0755);
501 pidfile_create(lpcfg_pid_directory(cmdline_lp_ctx
), binary_name
);
503 if (lpcfg_server_role(cmdline_lp_ctx
) == ROLE_ACTIVE_DIRECTORY_DC
) {
504 if (!open_schannel_session_store(state
,
507 exit_daemon("Samba cannot open schannel store "
508 "for secured NETLOGON operations.", EACCES
);
512 /* make sure we won't go through nss_winbind */
513 if (!winbind_off()) {
515 exit_daemon("Samba failed to disable recusive "
516 "winbindd calls.", EACCES
);
519 gensec_init(); /* FIXME: */
521 process_model_init(cmdline_lp_ctx
);
523 shared_init
= load_samba_modules(NULL
, "service");
525 run_init_functions(NULL
, static_init
);
526 run_init_functions(NULL
, shared_init
);
528 talloc_free(shared_init
);
530 /* the event context is the top level structure in smbd. Everything else
531 should hang off that */
532 state
->event_ctx
= s4_event_context_init(state
);
534 if (state
->event_ctx
== NULL
) {
536 exit_daemon("Initializing event context failed", EACCES
);
539 talloc_set_destructor(state
->event_ctx
, event_ctx_destructor
);
541 if (opt_interactive
) {
542 /* terminate when stdin goes away */
543 stdin_event_flags
= TEVENT_FD_READ
;
545 /* stay alive forever */
546 stdin_event_flags
= 0;
551 * If we're interactive we want to set our own process group for
552 * signal management, unless --no-process-group specified.
554 if (opt_interactive
&& !opt_no_process_group
)
555 setpgid((pid_t
)0, (pid_t
)0);
558 /* catch EOF on stdin */
560 signal(SIGTTIN
, SIG_IGN
);
563 if (fstat(0, &st
) != 0) {
565 exit_daemon("Samba failed to set standard input handler",
569 if (S_ISFIFO(st
.st_mode
) || S_ISSOCK(st
.st_mode
)) {
570 struct tevent_fd
*fde
= tevent_add_fd(state
->event_ctx
,
574 server_stdin_handler
,
578 exit_daemon("Initializing stdin failed", ENOMEM
);
583 struct tevent_timer
*te
;
584 DBG_ERR("%s PID %d was called with maxruntime %d - "
586 binary_name
, (int)getpid(),
587 max_runtime
, (unsigned long long) time(NULL
));
588 te
= tevent_add_timer(state
->event_ctx
, state
->event_ctx
,
589 timeval_current_ofs(max_runtime
, 0),
594 exit_daemon("Maxruntime handler failed", ENOMEM
);
598 se
= tevent_add_signal(state
->event_ctx
,
602 sigterm_signal_handler
,
606 exit_daemon("Initialize SIGTERM handler failed", ENOMEM
);
609 if (lpcfg_server_role(cmdline_lp_ctx
) != ROLE_ACTIVE_DIRECTORY_DC
610 && !lpcfg_parm_bool(cmdline_lp_ctx
, NULL
,
611 "server role check", "inhibit", false)
612 && !str_list_check_ci(lpcfg_server_services(cmdline_lp_ctx
), "smb")
613 && !str_list_check_ci(lpcfg_dcerpc_endpoint_servers(cmdline_lp_ctx
),
615 && !str_list_check_ci(lpcfg_dcerpc_endpoint_servers(cmdline_lp_ctx
),
617 DEBUG(0, ("At this time the 'samba' binary should only be used "
619 DEBUGADD(0, ("'server role = active directory domain "
620 "controller' or to access the ntvfs file server "
621 "with 'server services = +smb' or the rpc proxy "
622 "with 'dcerpc endpoint servers = remote'\n"));
623 DEBUGADD(0, ("You should start smbd/nmbd/winbindd instead for "
624 "domain member and standalone file server tasks\n"));
625 exit_daemon("Samba detected misconfigured 'server role' "
626 "and exited. Check logs for details", EINVAL
);
629 prime_ldb_databases(state
->event_ctx
);
631 status
= setup_parent_messaging(state
, cmdline_lp_ctx
);
632 if (!NT_STATUS_IS_OK(status
)) {
634 exit_daemon("Samba failed to setup parent messaging",
635 NT_STATUS_V(status
));
638 DBG_ERR("%s: using '%s' process model\n", binary_name
, model
);
643 bool start_services
= false;
645 rc
= pipe(child_pipe
);
648 exit_daemon("Samba failed to open process control pipe",
651 smb_set_close_on_exec(child_pipe
[0]);
652 smb_set_close_on_exec(child_pipe
[1]);
655 to_children_fd
= child_pipe
[1];
656 pthread_atfork(atfork_prepare
, atfork_parent
,
658 start_services
= true;
661 struct tfork
*t
= NULL
;
665 "Samba unable to fork master process",
668 pid
= tfork_child_pid(t
);
670 start_services
= false;
672 /* In the child process */
673 start_services
= true;
674 close(child_pipe
[1]);
677 if (start_services
) {
678 status
= server_service_startup(
679 state
->event_ctx
, cmdline_lp_ctx
, model
,
680 lpcfg_server_services(cmdline_lp_ctx
),
682 if (!NT_STATUS_IS_OK(status
)) {
684 exit_daemon("Samba failed to start services",
685 NT_STATUS_V(status
));
691 daemon_ready("samba");
694 /* wait for events - this is where smbd sits for most of its
696 tevent_loop_wait(state
->event_ctx
);
698 /* as everything hangs off this state->event context, freeing state
699 will initiate a clean shutdown of all services */
705 int main(int argc
, const char *argv
[])
707 setproctitle_init(argc
, discard_const(argv
), environ
);
709 return binary_smbd_main("samba", argc
, argv
);