/**
The main(). It parses the command line, setup the parms, ask the scheduler
for signal to proceed, and then starts skysim to do sky coverage.
*/
int main(int argc, const char *argv[]){
dirstart=mygetcwd();
char *scmd=argv2str(argc, argv, " ");
ARG_S* arg=parse_args(argc,argv);
/*In detach mode send to background and disable drawing*/
if(arg->detach){
daemonize();
}else{
redirect();
}
info2("%s\n", scmd);
info2("Output folder is '%s'. %d threads\n",arg->dirout, arg->nthread);
skyc_version();
/*register signal handler */
register_signal_handler(skyc_signal_handler);
/*
Ask job scheduler for permission to proceed. If no CPUs are available,
will block until ones are available. if arg->force==1, will run
immediately.
*/
scheduler_start(scmd,arg->nthread,0,!arg->force);
/*setting up parameters before asking scheduler to check for any errors. */
dirsetup=stradd("setup",NULL);
PARMS_S * parms=setup_parms(arg);
if(parms->skyc.dbg){
mymkdir("%s",dirsetup);
}
if(!arg->force){
info2("Waiting start signal from the scheduler ...\n");
/*Failed to wait. fall back to own checking.*/
int count=0;
while(scheduler_wait()&& count<60){
warning_time("failed to get reply from scheduler. retry\n");
sleep(10);
count++;
scheduler_start(scmd,arg->nthread,0,!arg->force);
}
if(count>=60){
warning_time("fall back to own checker\n");
wait_cpu(arg->nthread);
}
}
info2("Simulation started at %s in %s.\n",myasctime(),myhostname());
free(scmd);
free(arg->dirout);
free(arg);
THREAD_POOL_INIT(parms->skyc.nthread);
/*Loads the main software*/
OMPTASK_SINGLE skysim(parms);
free_parms(parms);
free(dirsetup);
free(dirstart);
rename_file(0);
scheduler_finish(0);
info2("End:\t%.2f MiB\n",get_job_mem()/1024.);
info2("Simulation finished at %s in %s.\n",myasctime(),myhostname());
return 0;
}
static int user_match(char *tok, struct login_info *item)
{
char *string = item->user->pw_name;
struct login_info fake_item;
struct group *group;
int i;
char *at;
/*
* If a token has the magic value "ALL" the match always succeeds.
* Otherwise, return YES if the token fully matches the username, if the
* token is a group that contains the username, or if the token is the
* name of the user's primary group.
*/
if ((at = strchr(tok + 1, '@')) != 0) { /* split user@host pattern */
*at = 0;
fake_item.from = myhostname();
return (user_match(tok, item) && from_match(at + 1, &fake_item));
} else if (tok[0] == '@') { /* netgroup */
return (netgroup_match(tok + 1, (char *) 0, string));
} else if (string_match(tok, string)) { /* ALL or exact match */
return (YES);
} else if ((group = getgrnam(tok))) { /* try group membership */
if (item->user->pw_gid == group->gr_gid)
return (YES);
for (i = 0; group->gr_mem[i]; i++)
if (strcasecmp(string, group->gr_mem[i]) == 0)
return (YES);
}
return (NO);
}
/* user_match - match a username against one token */
static bool user_match (const char *tok, const char *string)
{
struct group *group;
#ifdef PRIMARY_GROUP_MATCH
struct passwd *userinf;
#endif
char *at;
/*
* If a token has the magic value "ALL" the match always succeeds.
* Otherwise, return true if the token fully matches the username, or if
* the token is a group that contains the username.
*/
at = strchr (tok + 1, '@');
if (NULL != at) { /* split user@host pattern */
*at = '\0';
return ( user_match (tok, string)
&& from_match (at + 1, myhostname ()));
#if HAVE_INNETGR
} else if (tok[0] == '@') { /* netgroup */
return (netgroup_match (tok + 1, (char *) 0, string));
#endif
} else if (string_match (tok, string)) { /* ALL or exact match */
return true;
/* local, no need for xgetgrnam */
} else if ((group = getgrnam (tok)) != NULL) { /* try group membership */
int i;
for (i = 0; NULL != group->gr_mem[i]; i++) {
if (strcasecmp (string, group->gr_mem[i]) == 0) {
return true;
}
}
#ifdef PRIMARY_GROUP_MATCH
/*
* If the string is an user whose initial GID matches the token,
* accept it. May avoid excessively long lines in /etc/group.
* Radu-Adrian Feurdean <*****@*****.**>
*
* XXX - disabled by default for now. Need to verify that
* getpwnam() doesn't have some nasty side effects. --marekm
*/
/* local, no need for xgetpwnam */
userinf = getpwnam (string);
if (NULL != userinf) {
if (userinf->pw_gid == group->gr_gid) {
return true;
}
}
#endif
}
return false;
}
void skyc_version(void){
info2("Skyc Version %s. Compiled on %s %s by %s, %d bit", PACKAGE_VERSION, __DATE__, __TIME__, __VERSION__, (int)sizeof(long)*8);
#ifdef __OPTIMIZE__
info2(", w/t optimization.\n");
#else
info2(", w/o optimization\n");
#endif
info2("Source: %s %s\n", SRCDIR, GIT_VERSION);
info2("BUILD: %s\n", BUILDDIR);
info2("Launched at %s in %s with PID %ld.\n",myasctime(),myhostname(), (long)getpid());
#if HAS_LWS
extern uint16_t PORT;
info2("The web based job monitor can be accessed at http://localhost:%d\n", 1+PORT);
#endif
}
const char *login_returnaddr()
{
const char *p=getenv("AUTHADDR");
const char *domain=myhostname();
static char *addrbuf=0;
if (!p) p="";
if (addrbuf) free(addrbuf);
addrbuf=malloc(strlen(domain)+strlen(p)+2);
if (!addrbuf) enomem();
strcpy(addrbuf, p);
if (strchr(addrbuf, '@') == 0)
strcat(strcat(addrbuf, "@"), domain);
return (addrbuf);
}
const char *login_returnaddr()
{
static char *addrbuf=0;
const char *p, *domain="";
if ((p=getenv("AUTHENTICATED")) == NULL || *p == 0)
p=getenv("AUTHADDR");
if (!p) p="";
if (strchr(p, '@') == 0)
domain=myhostname();
if (addrbuf) free(addrbuf);
addrbuf=malloc(strlen(domain)+strlen(p)+2);
if (!addrbuf) enomem();
strcpy(addrbuf, p);
if (*domain)
strcat(strcat(addrbuf, "@"), domain);
return (addrbuf);
}
static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
{
struct cli_state *cli = NULL;
char *desthost = NULL;
struct sockaddr_storage dest_ss;
const char *p;
char *pserver = NULL;
bool connected_ok = False;
struct named_mutex *mutex = NULL;
NTSTATUS status;
pserver = talloc_strdup(mem_ctx, lp_passwordserver());
p = pserver;
while(next_token_talloc(mem_ctx, &p, &desthost, LIST_SEP)) {
desthost = talloc_sub_basic(mem_ctx,
current_user_info.smb_name,
current_user_info.domain,
desthost);
if (!desthost) {
return NULL;
}
strupper_m(desthost);
if (strequal(desthost, myhostname())) {
DEBUG(1,("Password server loop - disabling "
"password server %s\n", desthost));
continue;
}
if(!resolve_name( desthost, &dest_ss, 0x20, false)) {
DEBUG(1,("server_cryptkey: Can't resolve address for %s\n",desthost));
continue;
}
if (ismyaddr((struct sockaddr *)(void *)&dest_ss)) {
DEBUG(1,("Password server loop - disabling password server %s\n",desthost));
continue;
}
/* we use a mutex to prevent two connections at once - when a
Win2k PDC get two connections where one hasn't completed a
session setup yet it will send a TCP reset to the first
connection (tridge) */
mutex = grab_named_mutex(talloc_tos(), desthost, 10);
if (mutex == NULL) {
return NULL;
}
status = cli_connect_nb(desthost, &dest_ss, 0, 0x20,
lp_netbios_name(), Undefined, &cli);
if (NT_STATUS_IS_OK(status)) {
DEBUG(3,("connected to password server %s\n",desthost));
connected_ok = True;
break;
}
DEBUG(10,("server_cryptkey: failed to connect to server %s. Error %s\n",
desthost, nt_errstr(status) ));
TALLOC_FREE(mutex);
}
if (!connected_ok) {
DEBUG(0,("password server not available\n"));
return NULL;
}
/* security = server just can't function with spnego */
cli->use_spnego = False;
DEBUG(3,("got session\n"));
status = cli_negprot(cli);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(mutex);
DEBUG(1, ("%s rejected the negprot: %s\n",
desthost, nt_errstr(status)));
cli_shutdown(cli);
return NULL;
}
if (cli->protocol < PROTOCOL_LANMAN2 ||
!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) {
TALLOC_FREE(mutex);
DEBUG(1,("%s isn't in user level security mode\n",desthost));
cli_shutdown(cli);
return NULL;
}
/* Get the first session setup done quickly, to avoid silly
Win2k bugs. (The next connection to the server will kill
this one...
*/
status = cli_session_setup(cli, "", "", 0, "", 0, "");
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(mutex);
DEBUG(0,("%s rejected the initial session setup (%s)\n",
desthost, nt_errstr(status)));
cli_shutdown(cli);
return NULL;
}
TALLOC_FREE(mutex);
DEBUG(3,("password server OK\n"));
return cli;
}
static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
{
struct cli_state *cli = NULL;
fstring desthost;
struct in_addr dest_ip;
const char *p;
char *pserver;
BOOL connected_ok = False;
if (!(cli = cli_initialise()))
return NULL;
/* security = server just can't function with spnego */
cli->use_spnego = False;
pserver = talloc_strdup(mem_ctx, lp_passwordserver());
p = pserver;
while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) {
standard_sub_basic(current_user_info.smb_name, current_user_info.domain,
desthost, sizeof(desthost));
strupper_m(desthost);
if(!resolve_name( desthost, &dest_ip, 0x20)) {
DEBUG(1,("server_cryptkey: Can't resolve address for %s\n",desthost));
continue;
}
if (ismyip(dest_ip)) {
DEBUG(1,("Password server loop - disabling password server %s\n",desthost));
continue;
}
/* we use a mutex to prevent two connections at once - when a
Win2k PDC get two connections where one hasn't completed a
session setup yet it will send a TCP reset to the first
connection (tridge) */
if (!grab_server_mutex(desthost)) {
return NULL;
}
if (cli_connect(cli, desthost, &dest_ip)) {
DEBUG(3,("connected to password server %s\n",desthost));
connected_ok = True;
break;
}
}
if (!connected_ok) {
release_server_mutex();
DEBUG(0,("password server not available\n"));
cli_shutdown(cli);
return NULL;
}
if (!attempt_netbios_session_request(&cli, global_myname(),
desthost, &dest_ip)) {
release_server_mutex();
DEBUG(1,("password server fails session request\n"));
cli_shutdown(cli);
return NULL;
}
if (strequal(desthost,myhostname())) {
exit_server_cleanly("Password server loop!");
}
DEBUG(3,("got session\n"));
if (!cli_negprot(cli)) {
DEBUG(1,("%s rejected the negprot\n",desthost));
release_server_mutex();
cli_shutdown(cli);
return NULL;
}
if (cli->protocol < PROTOCOL_LANMAN2 ||
!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) {
DEBUG(1,("%s isn't in user level security mode\n",desthost));
release_server_mutex();
cli_shutdown(cli);
return NULL;
}
/* Get the first session setup done quickly, to avoid silly
Win2k bugs. (The next connection to the server will kill
this one...
*/
if (!NT_STATUS_IS_OK(cli_session_setup(cli, "", "", 0, "", 0,
""))) {
DEBUG(0,("%s rejected the initial session setup (%s)\n",
desthost, cli_errstr(cli)));
release_server_mutex();
cli_shutdown(cli);
return NULL;
}
release_server_mutex();
DEBUG(3,("password server OK\n"));
return cli;
}
int vscan_send_warning_message(const char *filename, const char *virname, const char *ipaddr) {
struct in_addr ip;
struct sockaddr_storage ss;
struct nmb_name called, calling;
pstring myname;
pstring message;
pstring shortfilename;
char* lastslash;
static pstring lastfile;
static pstring lastip;
#if SAMBA_VERSION_MAJOR==3
fstrcpy(remote_machine, get_remote_machine_name());
DEBUG(5, ("remote machine is: %s\n", remote_machine));
#endif
/* Only notify once for a given virus/ip combo - otherwise the
* scanner will go crazy reaccessing the file and sending
* messages once the user hits the "okay" button */
if (strncmp(lastfile,filename,sizeof(pstring)) == 0) {
if (strncmp(lastip,ipaddr,sizeof(pstring)) == 0) {
DEBUG(5,("Both IP and Filename are the same, not notifying\n"));
return 0;
}
}
ZERO_ARRAY(lastfile);
ZERO_ARRAY(lastip);
pstrcpy(lastfile,filename);
pstrcpy(lastip,ipaddr);
ZERO_ARRAY(myname);
pstrcpy(myname,myhostname());
ZERO_ARRAY(username);
/* could make this configurable */
snprintf(username,sizeof(pstring)-1,"%s VIRUS SCANNER",myname);
/* We need to get the real ip structure from the ip string
* is this info already available somewhere else in samba? */
zero_ip_v4(&ip);
if (inet_aton(ipaddr,&ip) == 0) {
DEBUG(5,("Cannot resolve ip address %s\n", ipaddr));
return 1;
}
in_addr_to_sockaddr_storage(&ss, ip);
make_nmb_name(&calling, myname, 0x0);
make_nmb_name(&called , remote_machine, name_type);
if (!(cli=cli_initialise())) {
DEBUG(5,("Connection to %s failed\n", remote_machine));
return 1;
}
cli_set_port(cli, port);
if (!NT_STATUS_IS_OK(cli_connect(cli, remote_machine, &ss))) {
DEBUG(5,("Connection to %s failed\n", remote_machine));
return 1;
}
if (!cli_session_request(cli, &calling, &called)) {
DEBUG(5,("session request failed\n"));
cli_shutdown(cli);
return 1;
}
ZERO_ARRAY(shortfilename);
/* we don't want the entire filename, otherwise the message service may choke
* so we chop off the path up to the very last forward-slash
* assumption: unix-style pathnames in filename (don't know if there's a
* portable file-separator variable... */
lastslash = strrchr(filename,'/');
if (lastslash != NULL && lastslash != filename) {
pstrcpy(shortfilename,lastslash+1);
} else {
pstrcpy(shortfilename,filename);
}
ZERO_ARRAY(message);
/* could make the message configurable and language specific? */
snprintf(message,sizeof(pstring)-1,
"%s IS INFECTED WITH VIRUS %s.\r\n\r\nAccess will be denied.\r\nPlease contact your system administrator",
shortfilename, virname);
/* actually send the message... */
send_message(message);
cli_shutdown(cli);
return 0;
}
/**
Write the time stamp as header into current location in the file.
*/
void write_timestamp(file_t *fp) {
char header[128];
snprintf(header,128, "Created by MAOS Version %s on %s in %s\n",
PACKAGE_VERSION, myasctime(), myhostname());
write_bin_headerstr(header, fp);
}
char *alloc_sub_basic(const char *smb_name, const char *str)
{
char *b, *p, *s, *t, *r, *a_string;
fstring pidstr;
struct passwd *pass;
const char *local_machine_name = get_local_machine_name();
/* workaround to prevent a crash while lookinf at bug #687 */
if ( !str ) {
DEBUG(0,("alloc_sub_basic: NULL source string! This should not happen\n"));
return NULL;
}
a_string = strdup(str);
if (a_string == NULL) {
DEBUG(0, ("alloc_sub_specified: Out of memory!\n"));
return NULL;
}
for (b = s = a_string; (p = strchr_m(s, '%')); s = a_string + (p - b)) {
r = NULL;
b = t = a_string;
switch (*(p+1)) {
case 'U' :
r = strdup_lower(smb_name);
if (r == NULL) goto error;
t = realloc_string_sub(t, "%U", r);
break;
case 'G' :
r = strdup(smb_name);
if (r == NULL) goto error;
if ((pass = Get_Pwnam(r))!=NULL) {
t = realloc_string_sub(t, "%G", gidtoname(pass->pw_gid));
}
break;
case 'D' :
r = strdup_upper(current_user_info.domain);
if (r == NULL) goto error;
t = realloc_string_sub(t, "%D", r);
break;
case 'I' :
t = realloc_string_sub(t, "%I", client_addr());
break;
case 'L' :
if (local_machine_name && *local_machine_name)
t = realloc_string_sub(t, "%L", local_machine_name);
else
t = realloc_string_sub(t, "%L", global_myname());
break;
case 'N':
t = realloc_string_sub(t, "%N", automount_server(smb_name));
break;
case 'M' :
t = realloc_string_sub(t, "%M", client_name());
break;
case 'R' :
t = realloc_string_sub(t, "%R", remote_proto);
break;
case 'T' :
t = realloc_string_sub(t, "%T", timestring(False));
break;
case 'a' :
t = realloc_string_sub(t, "%a", remote_arch);
break;
case 'd' :
slprintf(pidstr,sizeof(pidstr)-1, "%d",(int)sys_getpid());
t = realloc_string_sub(t, "%d", pidstr);
break;
case 'h' :
t = realloc_string_sub(t, "%h", myhostname());
break;
case 'm' :
t = realloc_string_sub(t, "%m", remote_machine);
break;
case 'v' :
t = realloc_string_sub(t, "%v", SAMBA_VERSION_STRING);
break;
case '$' :
t = realloc_expand_env_var(t, p); /* Expand environment variables */
break;
default:
break;
}
p++;
SAFE_FREE(r);
if (t == NULL) goto error;
a_string = t;
}
return a_string;
error:
SAFE_FREE(a_string);
return NULL;
}
void standard_sub_basic(const char *smb_name, char *str,size_t len)
{
char *p, *s;
fstring pidstr;
struct passwd *pass;
const char *local_machine_name = get_local_machine_name();
for (s=str; (p=strchr_m(s, '%'));s=p) {
fstring tmp_str;
int l = (int)len - (int)(p-str);
if (l < 0)
l = 0;
switch (*(p+1)) {
case 'U' :
fstrcpy(tmp_str, smb_name);
strlower_m(tmp_str);
string_sub(p,"%U",tmp_str,l);
break;
case 'G' :
fstrcpy(tmp_str, smb_name);
if ((pass = Get_Pwnam(tmp_str))!=NULL) {
string_sub(p,"%G",gidtoname(pass->pw_gid),l);
} else {
p += 2;
}
break;
case 'D' :
fstrcpy(tmp_str, current_user_info.domain);
strupper_m(tmp_str);
string_sub(p,"%D", tmp_str,l);
break;
case 'I' :
string_sub(p,"%I", client_addr(),l);
break;
case 'i' :
string_sub(p,"%i", client_socket_addr(),l);
break;
case 'L' :
if (local_machine_name && *local_machine_name)
string_sub(p,"%L", local_machine_name,l);
else {
pstring temp_name;
pstrcpy(temp_name, global_myname());
strlower_m(temp_name);
string_sub(p,"%L", temp_name,l);
}
break;
case 'M' :
string_sub(p,"%M", client_name(),l);
break;
case 'R' :
string_sub(p,"%R", remote_proto,l);
break;
case 'T' :
string_sub(p,"%T", timestring(False),l);
break;
case 'a' :
string_sub(p,"%a", remote_arch,l);
break;
case 'd' :
slprintf(pidstr,sizeof(pidstr)-1, "%d",(int)sys_getpid());
string_sub(p,"%d", pidstr,l);
break;
case 'h' :
string_sub(p,"%h", myhostname(),l);
break;
case 'm' :
string_sub(p,"%m", get_remote_machine_name(),l);
break;
case 'v' :
string_sub(p,"%v", SAMBA_VERSION_STRING,l);
break;
case '$' :
p += expand_env_var(p,l);
break; /* Expand environment variables */
case '\0':
p++;
break; /* don't run off the end of the string */
default: p+=2;
break;
}
}
}
