2 Unix SMB/CIFS implementation.
4 Main SMB server routines
6 Copyright (C) Andrew Tridgell 1992-2005
7 Copyright (C) Martin Pool 2002
8 Copyright (C) Jelmer Vernooij 2002
9 Copyright (C) James J Myers 2003 <myersjj@samba.org>
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "lib/events/events.h"
28 #include "lib/cmdline/popt_common.h"
29 #include "system/dir.h"
30 #include "system/filesys.h"
31 #include "ntvfs/ntvfs.h"
32 #include "ntptr/ntptr.h"
33 #include "auth/gensec/gensec.h"
34 #include "libcli/auth/schannel.h"
35 #include "smbd/process_model.h"
36 #include "param/secrets.h"
37 #include "lib/util/pidfile.h"
38 #include "param/param.h"
39 #include "dsdb/samdb/samdb.h"
40 #include "auth/session.h"
41 #include "lib/messaging/irpc.h"
42 #include "librpc/gen_ndr/ndr_irpc.h"
43 #include "cluster/cluster.h"
44 #include "dynconfig/dynconfig.h"
45 #include "lib/util/samba_modules.h"
46 #include "nsswitch/winbind_client.h"
47 #include "libds/common/roles.h"
50 recursively delete a directory tree
52 static void recursive_delete(const char *path)
62 for (de=readdir(dir);de;de=readdir(dir)) {
66 if (ISDOT(de->d_name) || ISDOTDOT(de->d_name)) {
70 fname = talloc_asprintf(path, "%s/%s", path, de->d_name);
71 if (stat(fname, &st) != 0) {
74 if (S_ISDIR(st.st_mode)) {
75 recursive_delete(fname);
79 if (unlink(fname) != 0) {
80 DEBUG(0,("Unabled to delete '%s' - %s\n",
81 fname, strerror(errno)));
82 smb_panic("unable to cleanup tmp files");
90 cleanup temporary files. This is the new alternative to
91 TDB_CLEAR_IF_FIRST. Unfortunately TDB_CLEAR_IF_FIRST is not
92 efficient on unix systems due to the lack of scaling of the byte
93 range locking system. So instead of putting the burden on tdb to
94 cleanup tmp files, this function deletes them.
96 static void cleanup_tmp_files(struct loadparm_context *lp_ctx)
99 TALLOC_CTX *mem_ctx = talloc_new(NULL);
101 path = smbd_tmp_path(mem_ctx, lp_ctx, NULL);
103 recursive_delete(path);
104 talloc_free(mem_ctx);
107 static void sig_hup(int sig)
109 debug_schedule_reopen_logs();
112 static void sig_term(int sig)
115 static int done_sigterm;
116 if (done_sigterm == 0 && getpgrp() == getpid()) {
117 DEBUG(0,("SIGTERM: killing children\n"));
119 kill(-getpgrp(), SIGTERM);
122 DEBUG(0,("Exiting pid %d on SIGTERM\n", (int)getpid()));
129 static void setup_signals(void)
131 /* we are never interested in SIGPIPE */
132 BlockSignals(true,SIGPIPE);
135 /* we are never interested in SIGFPE */
136 BlockSignals(true,SIGFPE);
139 /* We are no longer interested in USR1 */
140 BlockSignals(true, SIGUSR1);
143 /* We are no longer interested in USR2 */
144 BlockSignals(true,SIGUSR2);
147 /* POSIX demands that signals are inherited. If the invoking process has
148 * these signals masked, we will have problems, as we won't receive them. */
149 BlockSignals(false, SIGHUP);
150 BlockSignals(false, SIGTERM);
152 CatchSignal(SIGHUP, sig_hup);
153 CatchSignal(SIGTERM, sig_term);
159 static void server_stdin_handler(struct tevent_context *event_ctx, struct tevent_fd *fde,
160 uint16_t flags, void *private_data)
162 const char *binary_name = (const char *)private_data;
164 if (read(0, &c, 1) == 0) {
165 DEBUG(0,("%s: EOF on stdin - PID %d terminating\n", binary_name, (int)getpid()));
167 if (getpgrp() == getpid()) {
168 DEBUG(0,("Sending SIGTERM from pid %d\n", (int)getpid()));
169 kill(-getpgrp(), SIGTERM);
177 die if the user selected maximum runtime is exceeded
179 _NORETURN_ static void max_runtime_handler(struct tevent_context *ev,
180 struct tevent_timer *te,
181 struct timeval t, void *private_data)
183 const char *binary_name = (const char *)private_data;
184 DEBUG(0,("%s: maximum runtime exceeded - terminating PID %d at %llu, current ts: %llu\n",
185 binary_name, (int)getpid(), (unsigned long long)t.tv_sec, (unsigned long long) time(NULL)));
190 pre-open the key databases. This saves a lot of time in child
193 static void prime_ldb_databases(struct tevent_context *event_ctx)
195 TALLOC_CTX *db_context;
196 db_context = talloc_new(event_ctx);
198 samdb_connect(db_context, event_ctx, cmdline_lp_ctx, system_session(cmdline_lp_ctx), 0);
199 privilege_connect(db_context, cmdline_lp_ctx);
201 /* we deliberately leave these open, which allows them to be
202 * re-used in ldb_wrap_connect() */
207 called when a fatal condition occurs in a child task
209 static NTSTATUS samba_terminate(struct irpc_message *msg,
210 struct samba_terminate *r)
212 DEBUG(0,("samba_terminate of %d: %s\n",
213 (int)getpid(), r->in.reason));
218 setup messaging for the top level samba (parent) task
220 static NTSTATUS setup_parent_messaging(struct tevent_context *event_ctx,
221 struct loadparm_context *lp_ctx)
223 struct imessaging_context *msg;
226 msg = imessaging_init(talloc_autofree_context(),
228 cluster_id(0, SAMBA_PARENT_TASKID), event_ctx, false);
229 NT_STATUS_HAVE_NO_MEMORY(msg);
231 status = irpc_add_name(msg, "samba");
232 if (!NT_STATUS_IS_OK(status)) {
236 status = IRPC_REGISTER(msg, irpc, SAMBA_TERMINATE,
237 samba_terminate, NULL);
246 static void show_build(void)
248 #define CONFIG_OPTION(n) { #n, dyn_ ## n }
252 } config_options[] = {
253 CONFIG_OPTION(BINDIR),
254 CONFIG_OPTION(SBINDIR),
255 CONFIG_OPTION(CONFIGFILE),
256 CONFIG_OPTION(NCALRPCDIR),
257 CONFIG_OPTION(LOGFILEBASE),
258 CONFIG_OPTION(LMHOSTSFILE),
259 CONFIG_OPTION(DATADIR),
260 CONFIG_OPTION(MODULESDIR),
261 CONFIG_OPTION(LOCKDIR),
262 CONFIG_OPTION(STATEDIR),
263 CONFIG_OPTION(CACHEDIR),
264 CONFIG_OPTION(PIDDIR),
265 CONFIG_OPTION(PRIVATE_DIR),
266 CONFIG_OPTION(CODEPAGEDIR),
267 CONFIG_OPTION(SETUPDIR),
268 CONFIG_OPTION(WINBINDD_SOCKET_DIR),
269 CONFIG_OPTION(WINBINDD_PRIVILEGED_SOCKET_DIR),
270 CONFIG_OPTION(NTP_SIGND_SOCKET_DIR),
275 printf("Samba version: %s\n", SAMBA_VERSION_STRING);
276 printf("Build environment:\n");
278 printf(" Build host: %s\n", BUILD_SYSTEM);
282 for (i=0; config_options[i].name; i++) {
283 printf(" %s: %s\n", config_options[i].name, config_options[i].value);
292 static int binary_smbd_main(const char *binary_name, int argc, const char *argv[])
294 bool opt_daemon = false;
295 bool opt_interactive = false;
298 #define _MODULE_PROTO(init) extern NTSTATUS init(void);
299 STATIC_service_MODULES_PROTO;
300 init_module_fn static_init[] = { STATIC_service_MODULES };
301 init_module_fn *shared_init;
302 struct tevent_context *event_ctx;
303 uint16_t stdin_event_flags;
305 const char *model = "standard";
314 struct poptOption long_options[] = {
316 {"daemon", 'D', POPT_ARG_NONE, NULL, OPT_DAEMON,
317 "Become a daemon (default)", NULL },
318 {"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE,
319 "Run interactive (not a daemon)", NULL},
320 {"model", 'M', POPT_ARG_STRING, NULL, OPT_PROCESS_MODEL,
321 "Select process model", "MODEL"},
322 {"maximum-runtime",0, POPT_ARG_INT, &max_runtime, 0,
323 "set maximum runtime of the server process, till autotermination", "seconds"},
324 {"show-build", 'b', POPT_ARG_NONE, NULL, OPT_SHOW_BUILD, "show build info", NULL },
330 pc = poptGetContext(binary_name, argc, argv, long_options, 0);
331 while((opt = poptGetNextOpt(pc)) != -1) {
336 case OPT_INTERACTIVE:
337 opt_interactive = true;
339 case OPT_PROCESS_MODEL:
340 model = poptGetOptArg(pc);
346 fprintf(stderr, "\nInvalid option %s: %s\n\n",
347 poptBadOption(pc, 0), poptStrerror(opt));
348 poptPrintUsage(pc, stderr, 0);
353 if (opt_daemon && opt_interactive) {
354 fprintf(stderr,"\nERROR: "
355 "Option -i|--interactive is not allowed together with -D|--daemon\n\n");
356 poptPrintUsage(pc, stderr, 0);
358 } else if (!opt_interactive) {
359 /* default is --daemon */
365 talloc_enable_null_tracking();
367 setup_logging(binary_name, opt_interactive?DEBUG_STDOUT:DEBUG_FILE);
370 /* we want total control over the permissions on created files,
371 so set our umask to 0 */
374 DEBUG(0,("%s version %s started.\n", binary_name, SAMBA_VERSION_STRING));
375 DEBUGADD(0,("Copyright Andrew Tridgell and the Samba Team 1992-2016\n"));
377 if (sizeof(uint16_t) < 2 || sizeof(uint32_t) < 4 || sizeof(uint64_t) < 8) {
378 DEBUG(0,("ERROR: Samba is not configured correctly for the word size on your machine\n"));
379 DEBUGADD(0,("sizeof(uint16_t) = %u, sizeof(uint32_t) %u, sizeof(uint64_t) = %u\n",
380 (unsigned int)sizeof(uint16_t), (unsigned int)sizeof(uint32_t), (unsigned int)sizeof(uint64_t)));
385 DEBUG(3,("Becoming a daemon.\n"));
386 become_daemon(true, false, false);
389 cleanup_tmp_files(cmdline_lp_ctx);
391 if (!directory_exist(lpcfg_lock_directory(cmdline_lp_ctx))) {
392 mkdir(lpcfg_lock_directory(cmdline_lp_ctx), 0755);
395 pidfile_create(lpcfg_pid_directory(cmdline_lp_ctx), binary_name);
397 if (lpcfg_server_role(cmdline_lp_ctx) == ROLE_ACTIVE_DIRECTORY_DC) {
398 if (!open_schannel_session_store(talloc_autofree_context(), cmdline_lp_ctx)) {
399 exit_daemon("Samba cannot open schannel store for secured NETLOGON operations.", EACCES);
403 /* make sure we won't go through nss_winbind */
404 if (!winbind_off()) {
405 exit_daemon("Samba failed to disable recusive winbindd calls.", EACCES);
408 gensec_init(); /* FIXME: */
410 ntptr_init(); /* FIXME: maybe run this in the initialization function
411 of the spoolss RPC server instead? */
413 ntvfs_init(cmdline_lp_ctx); /* FIXME: maybe run this in the initialization functions
414 of the SMB[,2] server instead? */
416 process_model_init(cmdline_lp_ctx);
418 shared_init = load_samba_modules(NULL, "service");
420 run_init_functions(static_init);
421 run_init_functions(shared_init);
423 talloc_free(shared_init);
425 /* the event context is the top level structure in smbd. Everything else
426 should hang off that */
427 event_ctx = s4_event_context_init(talloc_autofree_context());
429 if (event_ctx == NULL) {
430 exit_daemon("Initializing event context failed", EACCES);
433 if (opt_interactive) {
434 /* terminate when stdin goes away */
435 stdin_event_flags = TEVENT_FD_READ;
437 /* stay alive forever */
438 stdin_event_flags = 0;
441 /* catch EOF on stdin */
443 signal(SIGTTIN, SIG_IGN);
446 if (fstat(0, &st) != 0) {
447 exit_daemon("Samba failed to set standard input handler", ENOTTY);
450 if (S_ISFIFO(st.st_mode) || S_ISSOCK(st.st_mode)) {
451 tevent_add_fd(event_ctx,
455 server_stdin_handler,
456 discard_const(binary_name));
460 DEBUG(0,("%s PID %d was called with maxruntime %d - current ts %llu\n",
461 binary_name, (int)getpid(),
462 max_runtime, (unsigned long long) time(NULL)));
463 tevent_add_timer(event_ctx, event_ctx,
464 timeval_current_ofs(max_runtime, 0),
466 discard_const(binary_name));
469 if (lpcfg_server_role(cmdline_lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC
470 && !lpcfg_parm_bool(cmdline_lp_ctx, NULL, "server role check", "inhibit", false)
471 && !str_list_check_ci(lpcfg_server_services(cmdline_lp_ctx), "smb")
472 && !str_list_check_ci(lpcfg_dcerpc_endpoint_servers(cmdline_lp_ctx), "remote")
473 && !str_list_check_ci(lpcfg_dcerpc_endpoint_servers(cmdline_lp_ctx), "mapiproxy")) {
474 DEBUG(0, ("At this time the 'samba' binary should only be used for either:\n"));
475 DEBUGADD(0, ("'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +smb' or the rpc proxy with 'dcerpc endpoint servers = remote'\n"));
476 DEBUGADD(0, ("You should start smbd/nmbd/winbindd instead for domain member and standalone file server tasks\n"));
477 exit_daemon("Samba detected misconfigured 'server role' and exited. Check logs for details", EINVAL);
480 prime_ldb_databases(event_ctx);
482 status = setup_parent_messaging(event_ctx, cmdline_lp_ctx);
483 if (!NT_STATUS_IS_OK(status)) {
484 exit_daemon("Samba failed to setup parent messaging", NT_STATUS_V(status));
487 DEBUG(0,("%s: using '%s' process model\n", binary_name, model));
489 status = server_service_startup(event_ctx, cmdline_lp_ctx, model,
490 lpcfg_server_services(cmdline_lp_ctx));
491 if (!NT_STATUS_IS_OK(status)) {
492 exit_daemon("Samba failed to start services", NT_STATUS_V(status));
496 daemon_ready("samba");
499 /* wait for events - this is where smbd sits for most of its
501 tevent_loop_wait(event_ctx);
503 /* as everything hangs off this event context, freeing it
504 should initiate a clean shutdown of all services */
505 talloc_free(event_ctx);
510 int main(int argc, const char *argv[])
512 return binary_smbd_main("samba", argc, argv);