static void terminate(bool is_parent)
{
if (is_parent) {
/* When parent goes away we should
* remove the socket file. Not so
* when children terminate.
*/
char *path = NULL;
if (asprintf(&path, "%s/%s",
lp_winbindd_socket_directory(), WINBINDD_SOCKET_NAME) > 0) {
unlink(path);
SAFE_FREE(path);
}
}
idmap_close();
trustdom_cache_shutdown();
gencache_stabilize();
#if 0
if (interactive) {
TALLOC_CTX *mem_ctx = talloc_init("end_description");
char *description = talloc_describe_all(mem_ctx);
DEBUG(3, ("tallocs left:\n%s\n", description));
talloc_destroy(mem_ctx);
}
#endif
if (is_parent) {
struct messaging_context *msg = winbind_messaging_context();
struct server_id self = messaging_server_id(msg);
serverid_deregister(self);
pidfile_unlink(lp_pid_directory(), "winbindd");
}
exit(0);
}
static struct server_id parse_dest(struct messaging_context *msg,
const char *dest)
{
struct server_id result = {-1};
pid_t pid;
/* Zero is a special return value for broadcast to all processes */
if (strequal(dest, "all")) {
return interpret_pid(MSG_BROADCAST_PID_STR);
}
/* Try self - useful for testing */
if (strequal(dest, "self")) {
return messaging_server_id(msg);
}
/* Fix winbind typo. */
if (strequal(dest, "winbind")) {
dest = "winbindd";
}
/* Check for numeric pid number */
result = interpret_pid(dest);
/* Zero isn't valid if not "all". */
if (result.pid && procid_valid(&result)) {
return result;
}
/* Look up other destinations in pidfile directory */
if ((pid = pidfile_pid(lp_pid_directory(), dest)) != 0) {
return pid_to_procid(pid);
}
fprintf(stderr,"Can't find pid for destination '%s'\n", dest);
return result;
}
static void exit_server_common(enum server_exit_reason how,
const char *reason)
{
struct smbXsrv_connection *conn = global_smbXsrv_connection;
struct smbd_server_connection *sconn = NULL;
struct messaging_context *msg_ctx = server_messaging_context();
if (conn != NULL) {
sconn = conn->sconn;
}
if (!exit_firsttime)
exit(0);
exit_firsttime = false;
change_to_root_user();
if (sconn) {
NTSTATUS status;
if (NT_STATUS_IS_OK(sconn->status)) {
switch (how) {
case SERVER_EXIT_ABNORMAL:
sconn->status = NT_STATUS_INTERNAL_ERROR;
break;
case SERVER_EXIT_NORMAL:
sconn->status = NT_STATUS_LOCAL_DISCONNECT;
break;
}
}
TALLOC_FREE(sconn->smb1.negprot.auth_context);
if (lp_log_writeable_files_on_exit()) {
bool found = false;
files_forall(sconn, log_writeable_file_fn, &found);
}
/*
* Note: this is a no-op for smb2 as
* conn->tcon_table is empty
*/
status = smb1srv_tcon_disconnect_all(conn);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("Server exit (%s)\n",
(reason ? reason : "normal exit")));
DEBUG(0, ("exit_server_common: "
"smb1srv_tcon_disconnect_all() failed (%s) - "
"triggering cleanup\n", nt_errstr(status)));
how = SERVER_EXIT_ABNORMAL;
reason = "smb1srv_tcon_disconnect_all failed";
}
status = smbXsrv_session_logoff_all(conn);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("Server exit (%s)\n",
(reason ? reason : "normal exit")));
DEBUG(0, ("exit_server_common: "
"smbXsrv_session_logoff_all() failed (%s) - "
"triggering cleanup\n", nt_errstr(status)));
how = SERVER_EXIT_ABNORMAL;
reason = "smbXsrv_session_logoff_all failed";
}
change_to_root_user();
}
/* 3 second timeout. */
print_notify_send_messages(msg_ctx, 3);
/* delete our entry in the serverid database. */
if (am_parent) {
/*
* For children the parent takes care of cleaning up
*/
serverid_deregister(messaging_server_id(msg_ctx));
}
#ifdef WITH_DFS
if (dcelogin_atmost_once) {
dfs_unlogin();
}
#endif
#ifdef USE_DMAPI
/* Destroy Samba DMAPI session only if we are master smbd process */
if (am_parent) {
if (!dmapi_destroy_session()) {
DEBUG(0,("Unable to close Samba DMAPI session\n"));
}
}
#endif
if (am_parent) {
rpc_wkssvc_shutdown();
rpc_dssetup_shutdown();
#ifdef DEVELOPER
rpc_rpcecho_shutdown();
#endif
rpc_netdfs_shutdown();
rpc_initshutdown_shutdown();
rpc_eventlog_shutdown();
rpc_ntsvcs_shutdown();
rpc_svcctl_shutdown();
rpc_spoolss_shutdown();
rpc_srvsvc_shutdown();
rpc_winreg_shutdown();
rpc_netlogon_shutdown();
rpc_samr_shutdown();
rpc_lsarpc_shutdown();
}
/*
* we need to force the order of freeing the following,
* because smbd_msg_ctx is not a talloc child of smbd_server_conn.
*/
sconn = NULL;
conn = NULL;
TALLOC_FREE(global_smbXsrv_connection);
server_messaging_context_free();
server_event_context_free();
TALLOC_FREE(smbd_memcache_ctx);
locking_end();
printing_end();
if (how != SERVER_EXIT_NORMAL) {
smb_panic(reason);
/* Notreached. */
exit(1);
} else {
DEBUG(3,("Server exit (%s)\n",
(reason ? reason : "normal exit")));
if (am_parent) {
pidfile_unlink(lp_pid_directory(), "smbd");
}
gencache_stabilize();
}
exit(0);
}
static void exit_server_common(enum server_exit_reason how,
const char *reason)
{
struct smbXsrv_client *client = global_smbXsrv_client;
struct smbXsrv_connection *xconn = NULL;
struct smbd_server_connection *sconn = NULL;
struct messaging_context *msg_ctx = server_messaging_context();
if (client != NULL) {
sconn = client->sconn;
/*
* Here we typically have just one connection
*/
xconn = client->connections;
}
if (!exit_firsttime)
exit(0);
exit_firsttime = false;
change_to_root_user();
if (xconn != NULL) {
/*
* This is typically the disconnect for the only
* (or with multi-channel last) connection of the client
*/
if (NT_STATUS_IS_OK(xconn->transport.status)) {
switch (how) {
case SERVER_EXIT_ABNORMAL:
xconn->transport.status = NT_STATUS_INTERNAL_ERROR;
break;
case SERVER_EXIT_NORMAL:
xconn->transport.status = NT_STATUS_LOCAL_DISCONNECT;
break;
}
}
TALLOC_FREE(xconn->smb1.negprot.auth_context);
}
change_to_root_user();
if (sconn != NULL) {
if (lp_log_writeable_files_on_exit()) {
bool found = false;
files_forall(sconn, log_writeable_file_fn, &found);
}
}
change_to_root_user();
if (xconn != NULL) {
NTSTATUS status;
/*
* Note: this is a no-op for smb2 as
* conn->tcon_table is empty
*/
status = smb1srv_tcon_disconnect_all(xconn);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("Server exit (%s)\n",
(reason ? reason : "normal exit")));
DEBUG(0, ("exit_server_common: "
"smb1srv_tcon_disconnect_all() failed (%s) - "
"triggering cleanup\n", nt_errstr(status)));
}
status = smbXsrv_session_logoff_all(xconn);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("Server exit (%s)\n",
(reason ? reason : "normal exit")));
DEBUG(0, ("exit_server_common: "
"smbXsrv_session_logoff_all() failed (%s) - "
"triggering cleanup\n", nt_errstr(status)));
}
}
change_to_root_user();
/* 3 second timeout. */
print_notify_send_messages(msg_ctx, 3);
#ifdef USE_DMAPI
/* Destroy Samba DMAPI session only if we are master smbd process */
if (am_parent) {
if (!dmapi_destroy_session()) {
DEBUG(0,("Unable to close Samba DMAPI session\n"));
}
}
#endif
if (am_parent) {
rpc_wkssvc_shutdown();
rpc_dssetup_shutdown();
#ifdef DEVELOPER
rpc_rpcecho_shutdown();
#endif
rpc_netdfs_shutdown();
rpc_initshutdown_shutdown();
rpc_eventlog_shutdown();
rpc_ntsvcs_shutdown();
rpc_svcctl_shutdown();
rpc_spoolss_shutdown();
rpc_srvsvc_shutdown();
rpc_winreg_shutdown();
rpc_netlogon_shutdown();
rpc_samr_shutdown();
rpc_lsarpc_shutdown();
}
/*
* we need to force the order of freeing the following,
* because smbd_msg_ctx is not a talloc child of smbd_server_conn.
*/
if (client != NULL) {
struct smbXsrv_connection *next;
for (; xconn != NULL; xconn = next) {
next = xconn->next;
DLIST_REMOVE(client->connections, xconn);
talloc_free(xconn);
DO_PROFILE_INC(disconnect);
}
TALLOC_FREE(client->sconn);
}
sconn = NULL;
xconn = NULL;
client = NULL;
netlogon_creds_cli_close_global_db();
TALLOC_FREE(global_smbXsrv_client);
smbprofile_dump();
server_messaging_context_free();
server_event_context_free();
TALLOC_FREE(smbd_memcache_ctx);
locking_end();
printing_end();
if (how != SERVER_EXIT_NORMAL) {
smb_panic(reason);
/* Notreached. */
exit(1);
} else {
DEBUG(3,("Server exit (%s)\n",
(reason ? reason : "normal exit")));
if (am_parent) {
pidfile_unlink(lp_pid_directory(), "smbd");
}
gencache_stabilize();
}
exit(0);
}
static int do_global_checks(void)
{
int ret = 0;
SMB_STRUCT_STAT st;
const char *socket_options;
if (lp_security() >= SEC_DOMAIN && !lp_encrypt_passwords()) {
fprintf(stderr, "ERROR: in 'security=domain' mode the "
"'encrypt passwords' parameter must always be "
"set to 'true'.\n\n");
ret = 1;
}
if (lp_we_are_a_wins_server() && lp_wins_server_list()) {
fprintf(stderr, "ERROR: both 'wins support = true' and "
"'wins server = <server list>' cannot be set in "
"the smb.conf file. nmbd will abort with this "
"setting.\n\n");
ret = 1;
}
if (strequal(lp_workgroup(), lp_netbios_name())) {
fprintf(stderr, "WARNING: 'workgroup' and 'netbios name' "
"must differ.\n\n");
}
if (!directory_exist_stat(lp_lock_directory(), &st)) {
fprintf(stderr, "ERROR: lock directory %s does not exist\n\n",
lp_lock_directory());
ret = 1;
} else if ((st.st_ex_mode & 0777) != 0755) {
fprintf(stderr, "WARNING: lock directory %s should have "
"permissions 0755 for browsing to work\n\n",
lp_lock_directory());
}
if (!directory_exist_stat(lp_state_directory(), &st)) {
fprintf(stderr, "ERROR: state directory %s does not exist\n\n",
lp_state_directory());
ret = 1;
} else if ((st.st_ex_mode & 0777) != 0755) {
fprintf(stderr, "WARNING: state directory %s should have "
"permissions 0755 for browsing to work\n\n",
lp_state_directory());
}
if (!directory_exist_stat(lp_cache_directory(), &st)) {
fprintf(stderr, "ERROR: cache directory %s does not exist\n\n",
lp_cache_directory());
ret = 1;
} else if ((st.st_ex_mode & 0777) != 0755) {
fprintf(stderr, "WARNING: cache directory %s should have "
"permissions 0755 for browsing to work\n\n",
lp_cache_directory());
}
if (!directory_exist_stat(lp_pid_directory(), &st)) {
fprintf(stderr, "ERROR: pid directory %s does not exist\n\n",
lp_pid_directory());
ret = 1;
}
if (lp_passdb_expand_explicit()) {
fprintf(stderr, "WARNING: passdb expand explicit = yes is "
"deprecated\n\n");
}
/*
* Socket options.
*/
socket_options = lp_socket_options();
if (socket_options != NULL &&
(strstr(socket_options, "SO_SNDBUF") ||
strstr(socket_options, "SO_RCVBUF") ||
strstr(socket_options, "SO_SNDLOWAT") ||
strstr(socket_options, "SO_RCVLOWAT")))
{
fprintf(stderr,
"WARNING: socket options = %s\n"
"This warning is printed because you set one of the\n"
"following options: SO_SNDBUF, SO_RCVBUF, SO_SNDLOWAT,\n"
"SO_RCVLOWAT\n"
"Modern server operating systems are tuned for\n"
"high network performance in the majority of situations;\n"
"when you set 'socket options' you are overriding those\n"
"settings.\n"
"Linux in particular has an auto-tuning mechanism for\n"
"buffer sizes (SO_SNDBUF, SO_RCVBUF) that will be\n"
"disabled if you specify a socket buffer size. This can\n"
"potentially cripple your TCP/IP stack.\n\n"
"Getting the 'socket options' correct can make a big\n"
"difference to your performance, but getting them wrong\n"
"can degrade it by just as much. As with any other low\n"
"level setting, if you must make changes to it, make\n "
"small changes and test the effect before making any\n"
"large changes.\n\n",
socket_options);
}
/*
* Password server sanity checks.
*/
if((lp_security() >= SEC_DOMAIN) && !*lp_password_server()) {
const char *sec_setting;
if(lp_security() == SEC_DOMAIN)
sec_setting = "domain";
else if(lp_security() == SEC_ADS)
sec_setting = "ads";
else
sec_setting = "";
fprintf(stderr, "ERROR: The setting 'security=%s' requires the "
"'password server' parameter be set to the "
"default value * or a valid password server.\n\n",
sec_setting );
ret = 1;
}
if((lp_security() >= SEC_DOMAIN) && (strcmp(lp_password_server(), "*") != 0)) {
const char *sec_setting;
if(lp_security() == SEC_DOMAIN)
sec_setting = "domain";
else if(lp_security() == SEC_ADS)
sec_setting = "ads";
else
sec_setting = "";
fprintf(stderr, "WARNING: The setting 'security=%s' should NOT "
"be combined with the 'password server' "
"parameter.\n"
"(by default Samba will discover the correct DC "
"to contact automatically).\n\n",
sec_setting );
}
/*
* Password chat sanity checks.
*/
if(lp_security() == SEC_USER && lp_unix_password_sync()) {
/*
* Check that we have a valid lp_passwd_program() if not using pam.
*/
#ifdef WITH_PAM
if (!lp_pam_password_change()) {
#endif
if((lp_passwd_program(talloc_tos()) == NULL) ||
(strlen(lp_passwd_program(talloc_tos())) == 0))
{
fprintf(stderr,
"ERROR: the 'unix password sync' "
"parameter is set and there is no valid "
"'passwd program' parameter.\n\n");
ret = 1;
} else {
const char *passwd_prog;
char *truncated_prog = NULL;
const char *p;
passwd_prog = lp_passwd_program(talloc_tos());
p = passwd_prog;
next_token_talloc(talloc_tos(),
&p,
&truncated_prog, NULL);
if (truncated_prog && access(truncated_prog, F_OK) == -1) {
fprintf(stderr,
"ERROR: the 'unix password sync' "
"parameter is set and the "
"'passwd program' (%s) cannot be "
"executed (error was %s).\n\n",
truncated_prog,
strerror(errno));
ret = 1;
}
}
#ifdef WITH_PAM
}
#endif
if(lp_passwd_chat(talloc_tos()) == NULL) {
fprintf(stderr,
"ERROR: the 'unix password sync' parameter is "
"set and there is no valid 'passwd chat' "
"parameter.\n\n");
ret = 1;
}
if ((lp_passwd_program(talloc_tos()) != NULL) &&
(strlen(lp_passwd_program(talloc_tos())) > 0))
{
/* check if there's a %u parameter present */
if(strstr_m(lp_passwd_program(talloc_tos()), "%u") == NULL) {
fprintf(stderr,
"ERROR: the 'passwd program' (%s) "
"requires a '%%u' parameter.\n\n",
lp_passwd_program(talloc_tos()));
ret = 1;
}
}
/*
* Check that we have a valid script and that it hasn't
* been written to expect the old password.
*/
if(lp_encrypt_passwords()) {
if(strstr_m( lp_passwd_chat(talloc_tos()), "%o")!=NULL) {
fprintf(stderr,
"ERROR: the 'passwd chat' script [%s] "
"expects to use the old plaintext "
"password via the %%o substitution. With "
"encrypted passwords this is not "
"possible.\n\n",
lp_passwd_chat(talloc_tos()) );
ret = 1;
}
}
}
if (strlen(lp_winbind_separator()) != 1) {
fprintf(stderr, "ERROR: the 'winbind separator' parameter must "
"be a single character.\n\n");
ret = 1;
}
if (*lp_winbind_separator() == '+') {
fprintf(stderr, "'winbind separator = +' might cause problems "
"with group membership.\n\n");
}
if (lp_algorithmic_rid_base() < BASE_RID) {
/* Try to prevent admin foot-shooting, we can't put algorithmic
rids below 1000, that's the 'well known RIDs' on NT */
fprintf(stderr, "'algorithmic rid base' must be equal to or "
"above %lu\n\n", BASE_RID);
}
if (lp_algorithmic_rid_base() & 1) {
fprintf(stderr, "'algorithmic rid base' must be even.\n\n");
}
#ifndef HAVE_DLOPEN
if (lp_preload_modules()) {
fprintf(stderr, "WARNING: 'preload modules = ' set while loading "
"plugins not supported.\n\n");
}
#endif
if (!lp_passdb_backend()) {
fprintf(stderr, "ERROR: passdb backend must have a value or be "
"left out\n\n");
}
if (lp_os_level() > 255) {
fprintf(stderr, "WARNING: Maximum value for 'os level' is "
"255!\n\n");
}
if (strequal(lp_dos_charset(), "UTF8") || strequal(lp_dos_charset(), "UTF-8")) {
fprintf(stderr, "ERROR: 'dos charset' must not be UTF8\n\n");
ret = 1;
}
return ret;
}
int main(int argc,const char *argv[])
{
/* shall I run as a daemon */
bool is_daemon = false;
bool interactive = false;
bool Fork = true;
bool no_process_group = false;
bool log_stdout = false;
char *ports = NULL;
char *profile_level = NULL;
int opt;
poptContext pc;
bool print_build_options = False;
enum {
OPT_DAEMON = 1000,
OPT_INTERACTIVE,
OPT_FORK,
OPT_NO_PROCESS_GROUP,
OPT_LOG_STDOUT
};
struct poptOption long_options[] = {
POPT_AUTOHELP
{"daemon", 'D', POPT_ARG_NONE, NULL, OPT_DAEMON, "Become a daemon (default)" },
{"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE, "Run interactive (not a daemon)"},
{"foreground", 'F', POPT_ARG_NONE, NULL, OPT_FORK, "Run daemon in foreground (for daemontools, etc.)" },
{"no-process-group", '\0', POPT_ARG_NONE, NULL, OPT_NO_PROCESS_GROUP, "Don't create a new process group" },
{"log-stdout", 'S', POPT_ARG_NONE, NULL, OPT_LOG_STDOUT, "Log to stdout" },
{"build-options", 'b', POPT_ARG_NONE, NULL, 'b', "Print build options" },
{"port", 'p', POPT_ARG_STRING, &ports, 0, "Listen on the specified ports"},
{"profiling-level", 'P', POPT_ARG_STRING, &profile_level, 0, "Set profiling level","PROFILE_LEVEL"},
POPT_COMMON_SAMBA
POPT_TABLEEND
};
struct smbd_parent_context *parent = NULL;
TALLOC_CTX *frame;
NTSTATUS status;
struct tevent_context *ev_ctx;
struct messaging_context *msg_ctx;
struct server_id server_id;
struct tevent_signal *se;
int profiling_level;
char *np_dir = NULL;
static const struct smbd_shim smbd_shim_fns =
{
.cancel_pending_lock_requests_by_fid = smbd_cancel_pending_lock_requests_by_fid,
.send_stat_cache_delete_message = smbd_send_stat_cache_delete_message,
.change_to_root_user = smbd_change_to_root_user,
.become_authenticated_pipe_user = smbd_become_authenticated_pipe_user,
.unbecome_authenticated_pipe_user = smbd_unbecome_authenticated_pipe_user,
.contend_level2_oplocks_begin = smbd_contend_level2_oplocks_begin,
.contend_level2_oplocks_end = smbd_contend_level2_oplocks_end,
.become_root = smbd_become_root,
.unbecome_root = smbd_unbecome_root,
.exit_server = smbd_exit_server,
.exit_server_cleanly = smbd_exit_server_cleanly,
};
/*
* Do this before any other talloc operation
*/
talloc_enable_null_tracking();
frame = talloc_stackframe();
setup_logging(argv[0], DEBUG_DEFAULT_STDOUT);
smb_init_locale();
set_smbd_shim(&smbd_shim_fns);
smbd_init_globals();
TimeInit();
#ifdef HAVE_SET_AUTH_PARAMETERS
set_auth_parameters(argc,argv);
#endif
pc = poptGetContext("smbd", argc, argv, long_options, 0);
while((opt = poptGetNextOpt(pc)) != -1) {
switch (opt) {
case OPT_DAEMON:
is_daemon = true;
break;
case OPT_INTERACTIVE:
interactive = true;
break;
case OPT_FORK:
Fork = false;
break;
case OPT_NO_PROCESS_GROUP:
no_process_group = true;
break;
case OPT_LOG_STDOUT:
log_stdout = true;
break;
case 'b':
print_build_options = True;
break;
default:
d_fprintf(stderr, "\nInvalid option %s: %s\n\n",
poptBadOption(pc, 0), poptStrerror(opt));
poptPrintUsage(pc, stderr, 0);
exit(1);
}
}
poptFreeContext(pc);
if (interactive) {
Fork = False;
log_stdout = True;
}
if (log_stdout) {
setup_logging(argv[0], DEBUG_STDOUT);
} else {
setup_logging(argv[0], DEBUG_FILE);
}
if (print_build_options) {
build_options(True); /* Display output to screen as well as debug */
exit(0);
}
#ifdef HAVE_SETLUID
/* needed for SecureWare on SCO */
setluid(0);
#endif
set_remote_machine_name("smbd", False);
if (interactive && (DEBUGLEVEL >= 9)) {
talloc_enable_leak_report();
}
if (log_stdout && Fork) {
DEBUG(0,("ERROR: Can't log to stdout (-S) unless daemon is in foreground (-F) or interactive (-i)\n"));
exit(1);
}
/* we want to re-seed early to prevent time delays causing
client problems at a later date. (tridge) */
generate_random_buffer(NULL, 0);
/* get initial effective uid and gid */
sec_init();
/* make absolutely sure we run as root - to handle cases where people
are crazy enough to have it setuid */
gain_root_privilege();
gain_root_group_privilege();
fault_setup();
dump_core_setup("smbd", lp_logfile(talloc_tos()));
/* we are never interested in SIGPIPE */
BlockSignals(True,SIGPIPE);
#if defined(SIGFPE)
/* we are never interested in SIGFPE */
BlockSignals(True,SIGFPE);
#endif
#if defined(SIGUSR2)
/* We are no longer interested in USR2 */
BlockSignals(True,SIGUSR2);
#endif
/* POSIX demands that signals are inherited. If the invoking process has
* these signals masked, we will have problems, as we won't recieve them. */
BlockSignals(False, SIGHUP);
BlockSignals(False, SIGUSR1);
BlockSignals(False, SIGTERM);
/* Ensure we leave no zombies until we
* correctly set up child handling below. */
CatchChild();
/* we want total control over the permissions on created files,
so set our umask to 0 */
umask(0);
reopen_logs();
DEBUG(0,("smbd version %s started.\n", samba_version_string()));
DEBUGADD(0,("%s\n", COPYRIGHT_STARTUP_MESSAGE));
DEBUG(2,("uid=%d gid=%d euid=%d egid=%d\n",
(int)getuid(),(int)getgid(),(int)geteuid(),(int)getegid()));
/* Output the build options to the debug log */
build_options(False);
if (sizeof(uint16_t) < 2 || sizeof(uint32_t) < 4) {
DEBUG(0,("ERROR: Samba is not configured correctly for the word size on your machine\n"));
exit(1);
}
if (!lp_load_initial_only(get_dyn_CONFIGFILE())) {
DEBUG(0, ("error opening config file '%s'\n", get_dyn_CONFIGFILE()));
exit(1);
}
if (!cluster_probe_ok()) {
exit(1);
}
/* Init the security context and global current_user */
init_sec_ctx();
/*
* Initialize the event context. The event context needs to be
* initialized before the messaging context, cause the messaging
* context holds an event context.
* FIXME: This should be s3_tevent_context_init()
*/
ev_ctx = server_event_context();
if (ev_ctx == NULL) {
exit(1);
}
/*
* Init the messaging context
* FIXME: This should only call messaging_init()
*/
msg_ctx = server_messaging_context();
if (msg_ctx == NULL) {
exit(1);
}
/*
* Reloading of the printers will not work here as we don't have a
* server info and rpc services set up. It will be called later.
*/
if (!reload_services(NULL, NULL, false)) {
exit(1);
}
if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC
&& !lp_parm_bool(-1, "server role check", "inhibit", false)) {
DEBUG(0, ("server role = 'active directory domain controller' not compatible with running smbd standalone. \n"));
DEBUGADD(0, ("You should start 'samba' instead, and it will control starting smbd if required\n"));
exit(1);
}
/* ...NOTE... Log files are working from this point! */
DEBUG(3,("loaded services\n"));
init_structs();
if (!profile_setup(msg_ctx, False)) {
DEBUG(0,("ERROR: failed to setup profiling\n"));
return -1;
}
if (profile_level != NULL) {
profiling_level = atoi(profile_level);
} else {
profiling_level = lp_smbd_profiling_level();
}
set_profile_level(profiling_level, messaging_server_id(msg_ctx));
if (!is_daemon && !is_a_socket(0)) {
if (!interactive) {
DEBUG(3, ("Standard input is not a socket, "
"assuming -D option\n"));
}
/*
* Setting is_daemon here prevents us from eventually calling
* the open_sockets_inetd()
*/
is_daemon = True;
}
if (is_daemon && !interactive) {
DEBUG(3, ("Becoming a daemon.\n"));
become_daemon(Fork, no_process_group, log_stdout);
}
#if HAVE_SETPGID
/*
* If we're interactive we want to set our own process group for
* signal management.
*/
if (interactive && !no_process_group)
setpgid( (pid_t)0, (pid_t)0);
#endif
if (!directory_exist(lp_lock_directory()))
mkdir(lp_lock_directory(), 0755);
if (!directory_exist(lp_pid_directory()))
mkdir(lp_pid_directory(), 0755);
if (is_daemon)
pidfile_create(lp_pid_directory(), "smbd");
status = reinit_after_fork(msg_ctx, ev_ctx, false, NULL);
if (!NT_STATUS_IS_OK(status)) {
exit_daemon("reinit_after_fork() failed", map_errno_from_nt_status(status));
}
if (!interactive) {
/*
* Do not initialize the parent-child-pipe before becoming a
* daemon: this is used to detect a died parent in the child
* process.
*/
status = init_before_fork();
if (!NT_STATUS_IS_OK(status)) {
exit_daemon(nt_errstr(status), map_errno_from_nt_status(status));
}
}
parent = talloc_zero(ev_ctx, struct smbd_parent_context);
if (!parent) {
exit_server("talloc(struct smbd_parent_context) failed");
}
parent->interactive = interactive;
parent->ev_ctx = ev_ctx;
parent->msg_ctx = msg_ctx;
am_parent = parent;
se = tevent_add_signal(parent->ev_ctx,
parent,
SIGTERM, 0,
smbd_parent_sig_term_handler,
parent);
if (!se) {
exit_server("failed to setup SIGTERM handler");
}
se = tevent_add_signal(parent->ev_ctx,
parent,
SIGHUP, 0,
smbd_parent_sig_hup_handler,
parent);
if (!se) {
exit_server("failed to setup SIGHUP handler");
}
/* Setup all the TDB's - including CLEAR_IF_FIRST tdb's. */
if (smbd_memcache() == NULL) {
exit_daemon("no memcache available", EACCES);
}
memcache_set_global(smbd_memcache());
/* Initialise the password backed before the global_sam_sid
to ensure that we fetch from ldap before we make a domain sid up */
if(!initialize_password_db(false, ev_ctx))
exit(1);
if (!secrets_init()) {
exit_daemon("smbd can not open secrets.tdb", EACCES);
}
if (lp_server_role() == ROLE_DOMAIN_BDC || lp_server_role() == ROLE_DOMAIN_PDC) {
struct loadparm_context *lp_ctx = loadparm_init_s3(NULL, loadparm_s3_helpers());
if (!open_schannel_session_store(NULL, lp_ctx)) {
exit_daemon("ERROR: Samba cannot open schannel store for secured NETLOGON operations.", EACCES);
}
TALLOC_FREE(lp_ctx);
}
if(!get_global_sam_sid()) {
exit_daemon("Samba cannot create a SAM SID", EACCES);
}
server_id = messaging_server_id(msg_ctx);
status = smbXsrv_version_global_init(&server_id);
if (!NT_STATUS_IS_OK(status)) {
exit_daemon("Samba cannot init server context", EACCES);
}
status = smbXsrv_session_global_init();
if (!NT_STATUS_IS_OK(status)) {
exit_daemon("Samba cannot init session context", EACCES);
}
status = smbXsrv_tcon_global_init();
if (!NT_STATUS_IS_OK(status)) {
exit_daemon("Samba cannot init tcon context", EACCES);
}
if (!locking_init())
exit_daemon("Samba cannot init locking", EACCES);
if (!leases_db_init(false)) {
exit_daemon("Samba cannot init leases", EACCES);
}
if (!smbd_notifyd_init(msg_ctx, interactive)) {
exit_daemon("Samba cannot init notification", EACCES);
}
if (!messaging_parent_dgm_cleanup_init(msg_ctx)) {
exit(1);
}
if (!smbd_scavenger_init(NULL, msg_ctx, ev_ctx)) {
exit_daemon("Samba cannot init scavenging", EACCES);
}
if (!serverid_parent_init(ev_ctx)) {
exit_daemon("Samba cannot init server id", EACCES);
}
if (!W_ERROR_IS_OK(registry_init_full()))
exit_daemon("Samba cannot init registry", EACCES);
/* Open the share_info.tdb here, so we don't have to open
after the fork on every single connection. This is a small
performance improvment and reduces the total number of system
fds used. */
if (!share_info_db_init()) {
exit_daemon("ERROR: failed to load share info db.", EACCES);
}
status = init_system_session_info();
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("ERROR: failed to setup system user info: %s.\n",
nt_errstr(status)));
return -1;
}
if (!init_guest_info()) {
DEBUG(0,("ERROR: failed to setup guest info.\n"));
return -1;
}
if (!file_init_global()) {
DEBUG(0, ("ERROR: file_init_global() failed\n"));
return -1;
}
status = smbXsrv_open_global_init();
if (!NT_STATUS_IS_OK(status)) {
exit_daemon("Samba cannot init global open", map_errno_from_nt_status(status));
}
/* This MUST be done before start_epmd() because otherwise
* start_epmd() forks and races against dcesrv_ep_setup() to
* call directory_create_or_exist() */
if (!directory_create_or_exist(lp_ncalrpc_dir(), 0755)) {
DEBUG(0, ("Failed to create pipe directory %s - %s\n",
lp_ncalrpc_dir(), strerror(errno)));
return -1;
}
np_dir = talloc_asprintf(talloc_tos(), "%s/np", lp_ncalrpc_dir());
if (!np_dir) {
DEBUG(0, ("%s: Out of memory\n", __location__));
return -1;
}
if (!directory_create_or_exist_strict(np_dir, geteuid(), 0700)) {
DEBUG(0, ("Failed to create pipe directory %s - %s\n",
np_dir, strerror(errno)));
return -1;
}
if (is_daemon && !interactive) {
if (rpc_epmapper_daemon() == RPC_DAEMON_FORK) {
start_epmd(ev_ctx, msg_ctx);
}
}
if (!dcesrv_ep_setup(ev_ctx, msg_ctx)) {
exit_daemon("Samba cannot setup ep pipe", EACCES);
}
if (is_daemon && !interactive) {
daemon_ready("smbd");
}
/* only start other daemons if we are running as a daemon
* -- bad things will happen if smbd is launched via inetd
* and we fork a copy of ourselves here */
if (is_daemon && !interactive) {
if (rpc_lsasd_daemon() == RPC_DAEMON_FORK) {
start_lsasd(ev_ctx, msg_ctx);
}
if (rpc_fss_daemon() == RPC_DAEMON_FORK) {
start_fssd(ev_ctx, msg_ctx);
}
if (!lp__disable_spoolss() &&
(rpc_spoolss_daemon() != RPC_DAEMON_DISABLED)) {
bool bgq = lp_parm_bool(-1, "smbd", "backgroundqueue", true);
if (!printing_subsystem_init(ev_ctx, msg_ctx, true, bgq)) {
exit_daemon("Samba failed to init printing subsystem", EACCES);
}
}
#ifdef WITH_SPOTLIGHT
if ((rpc_mdssvc_mode() == RPC_SERVICE_MODE_EXTERNAL) &&
(rpc_mdssd_daemon() == RPC_DAEMON_FORK)) {
start_mdssd(ev_ctx, msg_ctx);
}
#endif
} else if (!lp__disable_spoolss() &&
(rpc_spoolss_daemon() != RPC_DAEMON_DISABLED)) {
if (!printing_subsystem_init(ev_ctx, msg_ctx, false, false)) {
exit(1);
}
}
if (!is_daemon) {
int sock;
/* inetd mode */
TALLOC_FREE(frame);
/* Started from inetd. fd 0 is the socket. */
/* We will abort gracefully when the client or remote system
goes away */
sock = dup(0);
/* close stdin, stdout (if not logging to it), but not stderr */
close_low_fds(true, !debug_get_output_is_stdout(), false);
#ifdef HAVE_ATEXIT
atexit(killkids);
#endif
/* Stop zombies */
smbd_setup_sig_chld_handler(parent);
smbd_process(ev_ctx, msg_ctx, sock, true);
exit_server_cleanly(NULL);
return(0);
}
if (!open_sockets_smbd(parent, ev_ctx, msg_ctx, ports))
exit_server("open_sockets_smbd() failed");
/* do a printer update now that all messaging has been set up,
* before we allow clients to start connecting */
if (!lp__disable_spoolss() &&
(rpc_spoolss_daemon() != RPC_DAEMON_DISABLED)) {
printing_subsystem_update(ev_ctx, msg_ctx, false);
}
TALLOC_FREE(frame);
/* make sure we always have a valid stackframe */
frame = talloc_stackframe();
if (!Fork) {
/* if we are running in the foreground then look for
EOF on stdin, and exit if it happens. This allows
us to die if the parent process dies
Only do this on a pipe or socket, no other device.
*/
struct stat st;
if (fstat(0, &st) != 0) {
return false;
}
if (S_ISFIFO(st.st_mode) || S_ISSOCK(st.st_mode)) {
tevent_add_fd(ev_ctx,
parent,
0,
TEVENT_FD_READ,
smbd_stdin_handler,
NULL);
}
}
smbd_parent_loop(ev_ctx, parent);
exit_server_cleanly(NULL);
TALLOC_FREE(frame);
return(0);
}
