search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:samba: Do not segfault if we run into issues
[Samba.git] / source4 / smbd / server.c
blobf107350e1af09c01edc1e47008d1ab59b87173d3
1 /*
2 Unix SMB/CIFS implementation.
3
4 Main SMB server routines
5
6 Copyright (C) Andrew Tridgell 1992-2005
7 Copyright (C) Martin Pool 2002
8 Copyright (C) Jelmer Vernooij 2002
9 Copyright (C) James J Myers 2003 <myersjj@samba.org>
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 */
24
25 #include "includes.h"
26 #include "lib/events/events.h"
27 #include "version.h"
28 #include "lib/cmdline/popt_common.h"
29 #include "system/dir.h"
30 #include "system/filesys.h"
31 #include "auth/gensec/gensec.h"
32 #include "libcli/auth/schannel.h"
33 #include "smbd/process_model.h"
34 #include "param/secrets.h"
35 #include "lib/util/pidfile.h"
36 #include "param/param.h"
37 #include "dsdb/samdb/samdb.h"
38 #include "auth/session.h"
39 #include "lib/messaging/irpc.h"
40 #include "librpc/gen_ndr/ndr_irpc.h"
41 #include "cluster/cluster.h"
42 #include "dynconfig/dynconfig.h"
43 #include "lib/util/samba_modules.h"
44 #include "nsswitch/winbind_client.h"
45 #include "libds/common/roles.h"
46 #include "lib/util/tfork.h"
47
48 #ifdef HAVE_PTHREAD
49 #include <pthread.h>
50 #endif
51
52 struct server_state {
53 struct tevent_context *event_ctx;
54 const char *binary_name;
55 };
56
57 /*
58 recursively delete a directory tree
59 */
60 static void recursive_delete(const char *path)
61 {
62 DIR *dir;
63 struct dirent *de;
64
65 dir = opendir(path);
66 if (!dir) {
67 return;
68 }
69
70 for (de=readdir(dir);de;de=readdir(dir)) {
71 char *fname;
72 struct stat st;
73
74 if (ISDOT(de->d_name) || ISDOTDOT(de->d_name)) {
75 continue;
76 }
77
78 fname = talloc_asprintf(path, "%s/%s", path, de->d_name);
79 if (stat(fname, &st) != 0) {
80 continue;
81 }
82 if (S_ISDIR(st.st_mode)) {
83 recursive_delete(fname);
84 talloc_free(fname);
85 continue;
86 }
87 if (unlink(fname) != 0) {
88 DBG_ERR("Unabled to delete '%s' - %s\n",
89 fname, strerror(errno));
90 smb_panic("unable to cleanup tmp files");
91 }
92 talloc_free(fname);
93 }
94 closedir(dir);
95 }
96
97 /*
98 cleanup temporary files. This is the new alternative to
99 TDB_CLEAR_IF_FIRST. Unfortunately TDB_CLEAR_IF_FIRST is not
100 efficient on unix systems due to the lack of scaling of the byte
101 range locking system. So instead of putting the burden on tdb to
102 cleanup tmp files, this function deletes them.
103 */
104 static void cleanup_tmp_files(struct loadparm_context *lp_ctx)
105 {
106 char *path;
107 TALLOC_CTX *mem_ctx = talloc_new(NULL);
108 if (mem_ctx == NULL) {
109 exit_daemon("Failed to create memory context",
110 ENOMEM);
111 }
112
113 path = smbd_tmp_path(mem_ctx, lp_ctx, NULL);
114 if (path == NULL) {
115 exit_daemon("Failed to cleanup temporary files",
116 EINVAL);
117 }
118
119 recursive_delete(path);
120 talloc_free(mem_ctx);
121 }
122
123 static void sig_hup(int sig)
124 {
125 debug_schedule_reopen_logs();
126 }
127
128 static void sig_term(int sig)
129 {
130 #if HAVE_GETPGRP
131 if (getpgrp() == getpid()) {
132 /*
133 * We're the process group leader, send
134 * SIGTERM to our process group.
135 */
136 DBG_ERR("SIGTERM: killing children\n");
137 kill(-getpgrp(), SIGTERM);
138 }
139 #endif
140 DBG_ERR("Exiting pid %d on SIGTERM\n", (int)getpid());
141 exit(127);
142 }
143
144 static void sigterm_signal_handler(struct tevent_context *ev,
145 struct tevent_signal *se,
146 int signum, int count, void *siginfo,
147 void *private_data)
148 {
149 struct server_state *state = talloc_get_type_abort(
150 private_data, struct server_state);
151
152 DBG_DEBUG("Process %s got SIGTERM\n", state->binary_name);
153 TALLOC_FREE(state);
154 sig_term(SIGTERM);
155 }
156
157 /*
158 setup signal masks
159 */
160 static void setup_signals(void)
161 {
162 /* we are never interested in SIGPIPE */
163 BlockSignals(true,SIGPIPE);
164
165 #if defined(SIGFPE)
166 /* we are never interested in SIGFPE */
167 BlockSignals(true,SIGFPE);
168 #endif
169
170 /* We are no longer interested in USR1 */
171 BlockSignals(true, SIGUSR1);
172
173 #if defined(SIGUSR2)
174 /* We are no longer interested in USR2 */
175 BlockSignals(true,SIGUSR2);
176 #endif
177
178 /* POSIX demands that signals are inherited. If the invoking process has
179 * these signals masked, we will have problems,
180 * as we won't receive them. */
181 BlockSignals(false, SIGHUP);
182 BlockSignals(false, SIGTERM);
183
184 CatchSignal(SIGHUP, sig_hup);
185 CatchSignal(SIGTERM, sig_term);
186 }
187
188 /*
189 handle io on stdin
190 */
191 static void server_stdin_handler(struct tevent_context *event_ctx,
192 struct tevent_fd *fde,
193 uint16_t flags,
194 void *private_data)
195 {
196 struct server_state *state = talloc_get_type_abort(
197 private_data, struct server_state);
198 uint8_t c;
199 if (read(0, &c, 1) == 0) {
200 DBG_ERR("%s: EOF on stdin - PID %d terminating\n",
201 state->binary_name, (int)getpid());
202 #if HAVE_GETPGRP
203 if (getpgrp() == getpid()) {
204 DBG_ERR("Sending SIGTERM from pid %d\n",
205 (int)getpid());
206 kill(-getpgrp(), SIGTERM);
207 }
208 #endif
209 TALLOC_FREE(state);
210 exit(0);
211 }
212 }
213
214 /*
215 die if the user selected maximum runtime is exceeded
216 */
217 _NORETURN_ static void max_runtime_handler(struct tevent_context *ev,
218 struct tevent_timer *te,
219 struct timeval t, void *private_data)
220 {
221 struct server_state *state = talloc_get_type_abort(
222 private_data, struct server_state);
223 DBG_ERR("%s: maximum runtime exceeded - "
224 "terminating PID %d at %llu, current ts: %llu\n",
225 state->binary_name,
226 (int)getpid(),
227 (unsigned long long)t.tv_sec,
228 (unsigned long long)time(NULL));
229 TALLOC_FREE(state);
230 exit(0);
231 }
232
233 /*
234 pre-open the key databases. This saves a lot of time in child
235 processes
236 */
237 static void prime_ldb_databases(struct tevent_context *event_ctx)
238 {
239 TALLOC_CTX *db_context;
240 db_context = talloc_new(event_ctx);
241
242 samdb_connect(db_context,
243 event_ctx,
244 cmdline_lp_ctx,
245 system_session(cmdline_lp_ctx),
246 0);
247 privilege_connect(db_context, cmdline_lp_ctx);
248
249 /* we deliberately leave these open, which allows them to be
250 * re-used in ldb_wrap_connect() */
251 }
252
253
254 /*
255 called when a fatal condition occurs in a child task
256 */
257 static NTSTATUS samba_terminate(struct irpc_message *msg,
258 struct samba_terminate *r)
259 {
260 struct server_state *state = talloc_get_type(msg->private_data,
261 struct server_state);
262 DBG_ERR("samba_terminate of %s %d: %s\n",
263 state->binary_name, (int)getpid(), r->in.reason);
264 TALLOC_FREE(state);
265 exit(1);
266 }
267
268 /*
269 setup messaging for the top level samba (parent) task
270 */
271 static NTSTATUS setup_parent_messaging(struct server_state *state,
272 struct loadparm_context *lp_ctx)
273 {
274 struct imessaging_context *msg;
275 NTSTATUS status;
276
277 msg = imessaging_init(state->event_ctx,
278 lp_ctx,
279 cluster_id(0, SAMBA_PARENT_TASKID),
280 state->event_ctx);
281 NT_STATUS_HAVE_NO_MEMORY(msg);
282
283 status = irpc_add_name(msg, "samba");
284 if (!NT_STATUS_IS_OK(status)) {
285 return status;
286 }
287
288 status = IRPC_REGISTER(msg, irpc, SAMBA_TERMINATE,
289 samba_terminate, state);
290
291 return status;
292 }
293
294
295 /*
296 show build info
297 */
298 static void show_build(void)
299 {
300 #define CONFIG_OPTION(n) { #n, dyn_ ## n }
301 struct {
302 const char *name;
303 const char *value;
304 } config_options[] = {
305 CONFIG_OPTION(BINDIR),
306 CONFIG_OPTION(SBINDIR),
307 CONFIG_OPTION(CONFIGFILE),
308 CONFIG_OPTION(NCALRPCDIR),
309 CONFIG_OPTION(LOGFILEBASE),
310 CONFIG_OPTION(LMHOSTSFILE),
311 CONFIG_OPTION(DATADIR),
312 CONFIG_OPTION(MODULESDIR),
313 CONFIG_OPTION(LOCKDIR),
314 CONFIG_OPTION(STATEDIR),
315 CONFIG_OPTION(CACHEDIR),
316 CONFIG_OPTION(PIDDIR),
317 CONFIG_OPTION(PRIVATE_DIR),
318 CONFIG_OPTION(CODEPAGEDIR),
319 CONFIG_OPTION(SETUPDIR),
320 CONFIG_OPTION(WINBINDD_SOCKET_DIR),
321 CONFIG_OPTION(NTP_SIGND_SOCKET_DIR),
322 { NULL, NULL}
323 };
324 int i;
325
326 printf("Samba version: %s\n", SAMBA_VERSION_STRING);
327 printf("Build environment:\n");
328 #ifdef BUILD_SYSTEM
329 printf(" Build host: %s\n", BUILD_SYSTEM);
330 #endif
331
332 printf("Paths:\n");
333 for (i=0; config_options[i].name; i++) {
334 printf(" %s: %s\n",
335 config_options[i].name,
336 config_options[i].value);
337 }
338
339 exit(0);
340 }
341
342 static int event_ctx_destructor(struct tevent_context *event_ctx)
343 {
344 imessaging_dgm_unref_ev(event_ctx);
345 return 0;
346 }
347
348 #ifdef HAVE_PTHREAD
349 static int to_children_fd = -1;
350 static void atfork_prepare(void) {
351 }
352 static void atfork_parent(void) {
353 }
354 static void atfork_child(void) {
355 if (to_children_fd != -1) {
356 close(to_children_fd);
357 to_children_fd = -1;
358 }
359 }
360 #endif
361
362 /*
363 main server.
364 */
365 static int binary_smbd_main(const char *binary_name,
366 int argc,
367 const char *argv[])
368 {
369 bool opt_daemon = false;
370 bool opt_interactive = false;
371 bool opt_no_process_group = false;
372 int opt;
373 poptContext pc;
374 #define _MODULE_PROTO(init) extern NTSTATUS init(TALLOC_CTX *);
375 STATIC_service_MODULES_PROTO;
376 init_module_fn static_init[] = { STATIC_service_MODULES };
377 init_module_fn *shared_init;
378 uint16_t stdin_event_flags;
379 NTSTATUS status;
380 const char *model = "standard";
381 int max_runtime = 0;
382 struct stat st;
383 enum {
384 OPT_DAEMON = 1000,
385 OPT_INTERACTIVE,
386 OPT_PROCESS_MODEL,
387 OPT_SHOW_BUILD,
388 OPT_NO_PROCESS_GROUP,
389 };
390 struct poptOption long_options[] = {
391 POPT_AUTOHELP
392 {"daemon", 'D', POPT_ARG_NONE, NULL, OPT_DAEMON,
393 "Become a daemon (default)", NULL },
394 {"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE,
395 "Run interactive (not a daemon)", NULL},
396 {"model", 'M', POPT_ARG_STRING, NULL, OPT_PROCESS_MODEL,
397 "Select process model", "MODEL"},
398 {"maximum-runtime",0, POPT_ARG_INT, &max_runtime, 0,
399 "set maximum runtime of the server process, "
400 "till autotermination", "seconds"},
401 {"show-build", 'b', POPT_ARG_NONE, NULL, OPT_SHOW_BUILD,
402 "show build info", NULL },
403 {"no-process-group", '\0', POPT_ARG_NONE, NULL,
404 OPT_NO_PROCESS_GROUP, "Don't create a new process group" },
405 POPT_COMMON_SAMBA
406 POPT_COMMON_VERSION
407 { NULL }
408 };
409 struct server_state *state = NULL;
410 struct tevent_signal *se = NULL;
411
412 setproctitle("root process");
413
414 pc = poptGetContext(binary_name, argc, argv, long_options, 0);
415 while((opt = poptGetNextOpt(pc)) != -1) {
416 switch(opt) {
417 case OPT_DAEMON:
418 opt_daemon = true;
419 break;
420 case OPT_INTERACTIVE:
421 opt_interactive = true;
422 break;
423 case OPT_PROCESS_MODEL:
424 model = poptGetOptArg(pc);
425 break;
426 case OPT_SHOW_BUILD:
427 show_build();
428 break;
429 case OPT_NO_PROCESS_GROUP:
430 opt_no_process_group = true;
431 break;
432 default:
433 fprintf(stderr, "\nInvalid option %s: %s\n\n",
434 poptBadOption(pc, 0), poptStrerror(opt));
435 poptPrintUsage(pc, stderr, 0);
436 return 1;
437 }
438 }
439
440 if (opt_daemon && opt_interactive) {
441 fprintf(stderr,"\nERROR: "
442 "Option -i|--interactive is "
443 "not allowed together with -D|--daemon\n\n");
444 poptPrintUsage(pc, stderr, 0);
445 return 1;
446 } else if (!opt_interactive) {
447 /* default is --daemon */
448 opt_daemon = true;
449 }
450
451 poptFreeContext(pc);
452
453 talloc_enable_null_tracking();
454
455 setup_logging(binary_name, opt_interactive?DEBUG_STDOUT:DEBUG_FILE);
456 setup_signals();
457
458 /* we want total control over the permissions on created files,
459 so set our umask to 0 */
460 umask(0);
461
462 DEBUG(0,("%s version %s started.\n",
463 binary_name,
464 SAMBA_VERSION_STRING));
465 DEBUGADD(0,("Copyright Andrew Tridgell and the Samba Team"
466 " 1992-2017\n"));
467
468 if (sizeof(uint16_t) < 2 ||
469 sizeof(uint32_t) < 4 ||
470 sizeof(uint64_t) < 8) {
471 DEBUG(0,("ERROR: Samba is not configured correctly "
472 "for the word size on your machine\n"));
473 DEBUGADD(0,("sizeof(uint16_t) = %u, sizeof(uint32_t) %u, "
474 "sizeof(uint64_t) = %u\n",
475 (unsigned int)sizeof(uint16_t),
476 (unsigned int)sizeof(uint32_t),
477 (unsigned int)sizeof(uint64_t)));
478 return 1;
479 }
480
481 if (opt_daemon) {
482 DBG_NOTICE("Becoming a daemon.\n");
483 become_daemon(true, false, false);
484 }
485
486 /* Create the memory context to hang everything off. */
487 state = talloc_zero(NULL, struct server_state);
488 if (state == NULL) {
489 exit_daemon("Samba cannot create server state", ENOMEM);
490 };
491 state->binary_name = binary_name;
492
493 cleanup_tmp_files(cmdline_lp_ctx);
494
495 if (!directory_exist(lpcfg_lock_directory(cmdline_lp_ctx))) {
496 mkdir(lpcfg_lock_directory(cmdline_lp_ctx), 0755);
497 }
498
499 pidfile_create(lpcfg_pid_directory(cmdline_lp_ctx), binary_name);
500
501 if (lpcfg_server_role(cmdline_lp_ctx) == ROLE_ACTIVE_DIRECTORY_DC) {
502 if (!open_schannel_session_store(state,
503 cmdline_lp_ctx)) {
504 TALLOC_FREE(state);
505 exit_daemon("Samba cannot open schannel store "
506 "for secured NETLOGON operations.", EACCES);
507 }
508 }
509
510 /* make sure we won't go through nss_winbind */
511 if (!winbind_off()) {
512 TALLOC_FREE(state);
513 exit_daemon("Samba failed to disable recusive "
514 "winbindd calls.", EACCES);
515 }
516
517 gensec_init(); /* FIXME: */
518
519 process_model_init(cmdline_lp_ctx);
520
521 shared_init = load_samba_modules(NULL, "service");
522
523 run_init_functions(NULL, static_init);
524 run_init_functions(NULL, shared_init);
525
526 talloc_free(shared_init);
527
528 /* the event context is the top level structure in smbd. Everything else
529 should hang off that */
530 state->event_ctx = s4_event_context_init(state);
531
532 if (state->event_ctx == NULL) {
533 TALLOC_FREE(state);
534 exit_daemon("Initializing event context failed", EACCES);
535 }
536
537 talloc_set_destructor(state->event_ctx, event_ctx_destructor);
538
539 if (opt_interactive) {
540 /* terminate when stdin goes away */
541 stdin_event_flags = TEVENT_FD_READ;
542 } else {
543 /* stay alive forever */
544 stdin_event_flags = 0;
545 }
546
547 #if HAVE_SETPGID
548 /*
549 * If we're interactive we want to set our own process group for
550 * signal management, unless --no-process-group specified.
551 */
552 if (opt_interactive && !opt_no_process_group)
553 setpgid((pid_t)0, (pid_t)0);
554 #endif
555
556 /* catch EOF on stdin */
557 #ifdef SIGTTIN
558 signal(SIGTTIN, SIG_IGN);
559 #endif
560
561 if (fstat(0, &st) != 0) {
562 TALLOC_FREE(state);
563 exit_daemon("Samba failed to set standard input handler",
564 ENOTTY);
565 }
566
567 if (S_ISFIFO(st.st_mode) || S_ISSOCK(st.st_mode)) {
568 struct tevent_fd *fde = tevent_add_fd(state->event_ctx,
569 state->event_ctx,
570 0,
571 stdin_event_flags,
572 server_stdin_handler,
573 state);
574 if (fde == NULL) {
575 TALLOC_FREE(state);
576 exit_daemon("Initializing stdin failed", ENOMEM);
577 }
578 }
579
580 if (max_runtime) {
581 struct tevent_timer *te;
582 DBG_ERR("%s PID %d was called with maxruntime %d - "
583 "current ts %llu\n",
584 binary_name, (int)getpid(),
585 max_runtime, (unsigned long long) time(NULL));
586 te = tevent_add_timer(state->event_ctx, state->event_ctx,
587 timeval_current_ofs(max_runtime, 0),
588 max_runtime_handler,
589 state);
590 if (te == NULL) {
591 TALLOC_FREE(state);
592 exit_daemon("Maxruntime handler failed", ENOMEM);
593 }
594 }
595
596 se = tevent_add_signal(state->event_ctx,
597 state->event_ctx,
598 SIGTERM,
599 0,
600 sigterm_signal_handler,
601 state);
602 if (se == NULL) {
603 TALLOC_FREE(state);
604 exit_daemon("Initialize SIGTERM handler failed", ENOMEM);
605 }
606
607 if (lpcfg_server_role(cmdline_lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC
608 && !lpcfg_parm_bool(cmdline_lp_ctx, NULL,
609 "server role check", "inhibit", false)
610 && !str_list_check_ci(lpcfg_server_services(cmdline_lp_ctx), "smb")
611 && !str_list_check_ci(lpcfg_dcerpc_endpoint_servers(cmdline_lp_ctx),
612 "remote")
613 && !str_list_check_ci(lpcfg_dcerpc_endpoint_servers(cmdline_lp_ctx),
614 "mapiproxy")) {
615 DEBUG(0, ("At this time the 'samba' binary should only be used "
616 "for either:\n"));
617 DEBUGADD(0, ("'server role = active directory domain "
618 "controller' or to access the ntvfs file server "
619 "with 'server services = +smb' or the rpc proxy "
620 "with 'dcerpc endpoint servers = remote'\n"));
621 DEBUGADD(0, ("You should start smbd/nmbd/winbindd instead for "
622 "domain member and standalone file server tasks\n"));
623 exit_daemon("Samba detected misconfigured 'server role' "
624 "and exited. Check logs for details", EINVAL);
625 };
626
627 prime_ldb_databases(state->event_ctx);
628
629 status = setup_parent_messaging(state, cmdline_lp_ctx);
630 if (!NT_STATUS_IS_OK(status)) {
631 TALLOC_FREE(state);
632 exit_daemon("Samba failed to setup parent messaging",
633 NT_STATUS_V(status));
634 }
635
636 DBG_ERR("%s: using '%s' process model\n", binary_name, model);
637
638 {
639 int child_pipe[2];
640 int rc;
641 bool start_services = false;
642
643 rc = pipe(child_pipe);
644 if (rc < 0) {
645 TALLOC_FREE(state);
646 exit_daemon("Samba failed to open process control pipe",
647 errno);
648 }
649 smb_set_close_on_exec(child_pipe[0]);
650 smb_set_close_on_exec(child_pipe[1]);
651
652 #ifdef HAVE_PTHREAD
653 to_children_fd = child_pipe[1];
654 pthread_atfork(atfork_prepare, atfork_parent,
655 atfork_child);
656 start_services = true;
657 #else
658 pid_t pid;
659 struct tfork *t = NULL;
660 t = tfork_create();
661 if (t == NULL) {
662 exit_daemon(
663 "Samba unable to fork master process",
664 0);
665 }
666 pid = tfork_child_pid(t);
667 if (pid == 0) {
668 start_services = false;
669 } else {
670 /* In the child process */
671 start_services = true;
672 close(child_pipe[1]);
673 }
674 #endif
675 if (start_services) {
676 status = server_service_startup(
677 state->event_ctx, cmdline_lp_ctx, model,
678 lpcfg_server_services(cmdline_lp_ctx),
679 child_pipe[0]);
680 if (!NT_STATUS_IS_OK(status)) {
681 TALLOC_FREE(state);
682 exit_daemon("Samba failed to start services",
683 NT_STATUS_V(status));
684 }
685 }
686 }
687
688 if (opt_daemon) {
689 daemon_ready("samba");
690 }
691
692 /* wait for events - this is where smbd sits for most of its
693 life */
694 tevent_loop_wait(state->event_ctx);
695
696 /* as everything hangs off this state->event context, freeing state
697 will initiate a clean shutdown of all services */
698 TALLOC_FREE(state);
699
700 return 0;
701 }
702
703 int main(int argc, const char *argv[])
704 {
705 setproctitle_init(argc, discard_const(argv), environ);
706
707 return binary_smbd_main("samba", argc, argv);
708 }
Samba GIT mirror