2 Unix SMB/CIFS implementation.
4 Main SMB server routines
6 Copyright (C) Andrew Tridgell 1992-2005
7 Copyright (C) Martin Pool 2002
8 Copyright (C) Jelmer Vernooij 2002
9 Copyright (C) James J Myers 2003 <myersjj@samba.org>
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "lib/events/events.h"
28 #include "lib/cmdline/popt_common.h"
29 #include "system/dir.h"
30 #include "system/filesys.h"
31 #include "auth/gensec/gensec.h"
32 #include "libcli/auth/schannel.h"
33 #include "smbd/process_model.h"
34 #include "param/secrets.h"
35 #include "lib/util/pidfile.h"
36 #include "param/param.h"
37 #include "dsdb/samdb/samdb.h"
38 #include "auth/session.h"
39 #include "lib/messaging/irpc.h"
40 #include "librpc/gen_ndr/ndr_irpc.h"
41 #include "cluster/cluster.h"
42 #include "dynconfig/dynconfig.h"
43 #include "lib/util/samba_modules.h"
44 #include "nsswitch/winbind_client.h"
45 #include "libds/common/roles.h"
48 recursively delete a directory tree
50 static void recursive_delete(const char *path)
60 for (de=readdir(dir);de;de=readdir(dir)) {
64 if (ISDOT(de->d_name) || ISDOTDOT(de->d_name)) {
68 fname = talloc_asprintf(path, "%s/%s", path, de->d_name);
69 if (stat(fname, &st) != 0) {
72 if (S_ISDIR(st.st_mode)) {
73 recursive_delete(fname);
77 if (unlink(fname) != 0) {
78 DEBUG(0,("Unabled to delete '%s' - %s\n",
79 fname, strerror(errno)));
80 smb_panic("unable to cleanup tmp files");
88 cleanup temporary files. This is the new alternative to
89 TDB_CLEAR_IF_FIRST. Unfortunately TDB_CLEAR_IF_FIRST is not
90 efficient on unix systems due to the lack of scaling of the byte
91 range locking system. So instead of putting the burden on tdb to
92 cleanup tmp files, this function deletes them.
94 static void cleanup_tmp_files(struct loadparm_context *lp_ctx)
97 TALLOC_CTX *mem_ctx = talloc_new(NULL);
99 path = smbd_tmp_path(mem_ctx, lp_ctx, NULL);
101 recursive_delete(path);
102 talloc_free(mem_ctx);
105 static void sig_hup(int sig)
107 debug_schedule_reopen_logs();
110 static void sig_term(int sig)
113 static int done_sigterm;
114 if (done_sigterm == 0 && getpgrp() == getpid()) {
115 DEBUG(0,("SIGTERM: killing children\n"));
117 kill(-getpgrp(), SIGTERM);
120 DEBUG(0,("Exiting pid %d on SIGTERM\n", (int)getpid()));
127 static void setup_signals(void)
129 /* we are never interested in SIGPIPE */
130 BlockSignals(true,SIGPIPE);
133 /* we are never interested in SIGFPE */
134 BlockSignals(true,SIGFPE);
137 /* We are no longer interested in USR1 */
138 BlockSignals(true, SIGUSR1);
141 /* We are no longer interested in USR2 */
142 BlockSignals(true,SIGUSR2);
145 /* POSIX demands that signals are inherited. If the invoking process has
146 * these signals masked, we will have problems, as we won't receive them. */
147 BlockSignals(false, SIGHUP);
148 BlockSignals(false, SIGTERM);
150 CatchSignal(SIGHUP, sig_hup);
151 CatchSignal(SIGTERM, sig_term);
157 static void server_stdin_handler(struct tevent_context *event_ctx, struct tevent_fd *fde,
158 uint16_t flags, void *private_data)
160 const char *binary_name = (const char *)private_data;
162 if (read(0, &c, 1) == 0) {
163 DEBUG(0,("%s: EOF on stdin - PID %d terminating\n", binary_name, (int)getpid()));
165 if (getpgrp() == getpid()) {
166 DEBUG(0,("Sending SIGTERM from pid %d\n", (int)getpid()));
167 kill(-getpgrp(), SIGTERM);
175 die if the user selected maximum runtime is exceeded
177 _NORETURN_ static void max_runtime_handler(struct tevent_context *ev,
178 struct tevent_timer *te,
179 struct timeval t, void *private_data)
181 const char *binary_name = (const char *)private_data;
182 DEBUG(0,("%s: maximum runtime exceeded - terminating PID %d at %llu, current ts: %llu\n",
183 binary_name, (int)getpid(), (unsigned long long)t.tv_sec, (unsigned long long) time(NULL)));
188 pre-open the key databases. This saves a lot of time in child
191 static void prime_ldb_databases(struct tevent_context *event_ctx)
193 TALLOC_CTX *db_context;
194 db_context = talloc_new(event_ctx);
196 samdb_connect(db_context, event_ctx, cmdline_lp_ctx, system_session(cmdline_lp_ctx), 0);
197 privilege_connect(db_context, cmdline_lp_ctx);
199 /* we deliberately leave these open, which allows them to be
200 * re-used in ldb_wrap_connect() */
205 called when a fatal condition occurs in a child task
207 static NTSTATUS samba_terminate(struct irpc_message *msg,
208 struct samba_terminate *r)
210 DEBUG(0,("samba_terminate of %d: %s\n",
211 (int)getpid(), r->in.reason));
216 setup messaging for the top level samba (parent) task
218 static NTSTATUS setup_parent_messaging(struct tevent_context *event_ctx,
219 struct loadparm_context *lp_ctx)
221 struct imessaging_context *msg;
224 msg = imessaging_init(talloc_autofree_context(),
226 cluster_id(0, SAMBA_PARENT_TASKID), event_ctx);
227 NT_STATUS_HAVE_NO_MEMORY(msg);
229 status = irpc_add_name(msg, "samba");
230 if (!NT_STATUS_IS_OK(status)) {
234 status = IRPC_REGISTER(msg, irpc, SAMBA_TERMINATE,
235 samba_terminate, NULL);
244 static void show_build(void)
246 #define CONFIG_OPTION(n) { #n, dyn_ ## n }
250 } config_options[] = {
251 CONFIG_OPTION(BINDIR),
252 CONFIG_OPTION(SBINDIR),
253 CONFIG_OPTION(CONFIGFILE),
254 CONFIG_OPTION(NCALRPCDIR),
255 CONFIG_OPTION(LOGFILEBASE),
256 CONFIG_OPTION(LMHOSTSFILE),
257 CONFIG_OPTION(DATADIR),
258 CONFIG_OPTION(MODULESDIR),
259 CONFIG_OPTION(LOCKDIR),
260 CONFIG_OPTION(STATEDIR),
261 CONFIG_OPTION(CACHEDIR),
262 CONFIG_OPTION(PIDDIR),
263 CONFIG_OPTION(PRIVATE_DIR),
264 CONFIG_OPTION(CODEPAGEDIR),
265 CONFIG_OPTION(SETUPDIR),
266 CONFIG_OPTION(WINBINDD_SOCKET_DIR),
267 CONFIG_OPTION(NTP_SIGND_SOCKET_DIR),
272 printf("Samba version: %s\n", SAMBA_VERSION_STRING);
273 printf("Build environment:\n");
275 printf(" Build host: %s\n", BUILD_SYSTEM);
279 for (i=0; config_options[i].name; i++) {
280 printf(" %s: %s\n", config_options[i].name, config_options[i].value);
286 static int event_ctx_destructor(struct tevent_context *event_ctx)
288 imessaging_dgm_unref_all();
295 static int binary_smbd_main(const char *binary_name, int argc, const char *argv[])
297 bool opt_daemon = false;
298 bool opt_interactive = false;
301 #define _MODULE_PROTO(init) extern NTSTATUS init(void);
302 STATIC_service_MODULES_PROTO;
303 init_module_fn static_init[] = { STATIC_service_MODULES };
304 init_module_fn *shared_init;
305 struct tevent_context *event_ctx;
306 uint16_t stdin_event_flags;
308 const char *model = "standard";
317 struct poptOption long_options[] = {
319 {"daemon", 'D', POPT_ARG_NONE, NULL, OPT_DAEMON,
320 "Become a daemon (default)", NULL },
321 {"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE,
322 "Run interactive (not a daemon)", NULL},
323 {"model", 'M', POPT_ARG_STRING, NULL, OPT_PROCESS_MODEL,
324 "Select process model", "MODEL"},
325 {"maximum-runtime",0, POPT_ARG_INT, &max_runtime, 0,
326 "set maximum runtime of the server process, till autotermination", "seconds"},
327 {"show-build", 'b', POPT_ARG_NONE, NULL, OPT_SHOW_BUILD, "show build info", NULL },
333 pc = poptGetContext(binary_name, argc, argv, long_options, 0);
334 while((opt = poptGetNextOpt(pc)) != -1) {
339 case OPT_INTERACTIVE:
340 opt_interactive = true;
342 case OPT_PROCESS_MODEL:
343 model = poptGetOptArg(pc);
349 fprintf(stderr, "\nInvalid option %s: %s\n\n",
350 poptBadOption(pc, 0), poptStrerror(opt));
351 poptPrintUsage(pc, stderr, 0);
356 if (opt_daemon && opt_interactive) {
357 fprintf(stderr,"\nERROR: "
358 "Option -i|--interactive is not allowed together with -D|--daemon\n\n");
359 poptPrintUsage(pc, stderr, 0);
361 } else if (!opt_interactive) {
362 /* default is --daemon */
368 talloc_enable_null_tracking();
370 setup_logging(binary_name, opt_interactive?DEBUG_STDOUT:DEBUG_FILE);
373 /* we want total control over the permissions on created files,
374 so set our umask to 0 */
377 DEBUG(0,("%s version %s started.\n", binary_name, SAMBA_VERSION_STRING));
378 DEBUGADD(0,("Copyright Andrew Tridgell and the Samba Team 1992-2017\n"));
380 if (sizeof(uint16_t) < 2 || sizeof(uint32_t) < 4 || sizeof(uint64_t) < 8) {
381 DEBUG(0,("ERROR: Samba is not configured correctly for the word size on your machine\n"));
382 DEBUGADD(0,("sizeof(uint16_t) = %u, sizeof(uint32_t) %u, sizeof(uint64_t) = %u\n",
383 (unsigned int)sizeof(uint16_t), (unsigned int)sizeof(uint32_t), (unsigned int)sizeof(uint64_t)));
388 DEBUG(3,("Becoming a daemon.\n"));
389 become_daemon(true, false, false);
392 cleanup_tmp_files(cmdline_lp_ctx);
394 if (!directory_exist(lpcfg_lock_directory(cmdline_lp_ctx))) {
395 mkdir(lpcfg_lock_directory(cmdline_lp_ctx), 0755);
398 pidfile_create(lpcfg_pid_directory(cmdline_lp_ctx), binary_name);
400 if (lpcfg_server_role(cmdline_lp_ctx) == ROLE_ACTIVE_DIRECTORY_DC) {
401 if (!open_schannel_session_store(talloc_autofree_context(), cmdline_lp_ctx)) {
402 exit_daemon("Samba cannot open schannel store for secured NETLOGON operations.", EACCES);
406 /* make sure we won't go through nss_winbind */
407 if (!winbind_off()) {
408 exit_daemon("Samba failed to disable recusive winbindd calls.", EACCES);
411 gensec_init(); /* FIXME: */
413 process_model_init(cmdline_lp_ctx);
415 shared_init = load_samba_modules(NULL, "service");
417 run_init_functions(static_init);
418 run_init_functions(shared_init);
420 talloc_free(shared_init);
422 /* the event context is the top level structure in smbd. Everything else
423 should hang off that */
424 event_ctx = s4_event_context_init(talloc_autofree_context());
426 if (event_ctx == NULL) {
427 exit_daemon("Initializing event context failed", EACCES);
430 talloc_set_destructor(event_ctx, event_ctx_destructor);
432 if (opt_interactive) {
433 /* terminate when stdin goes away */
434 stdin_event_flags = TEVENT_FD_READ;
436 /* stay alive forever */
437 stdin_event_flags = 0;
440 /* catch EOF on stdin */
442 signal(SIGTTIN, SIG_IGN);
445 if (fstat(0, &st) != 0) {
446 exit_daemon("Samba failed to set standard input handler", ENOTTY);
449 if (S_ISFIFO(st.st_mode) || S_ISSOCK(st.st_mode)) {
450 tevent_add_fd(event_ctx,
454 server_stdin_handler,
455 discard_const(binary_name));
459 DEBUG(0,("%s PID %d was called with maxruntime %d - current ts %llu\n",
460 binary_name, (int)getpid(),
461 max_runtime, (unsigned long long) time(NULL)));
462 tevent_add_timer(event_ctx, event_ctx,
463 timeval_current_ofs(max_runtime, 0),
465 discard_const(binary_name));
468 if (lpcfg_server_role(cmdline_lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC
469 && !lpcfg_parm_bool(cmdline_lp_ctx, NULL, "server role check", "inhibit", false)
470 && !str_list_check_ci(lpcfg_server_services(cmdline_lp_ctx), "smb")
471 && !str_list_check_ci(lpcfg_dcerpc_endpoint_servers(cmdline_lp_ctx), "remote")
472 && !str_list_check_ci(lpcfg_dcerpc_endpoint_servers(cmdline_lp_ctx), "mapiproxy")) {
473 DEBUG(0, ("At this time the 'samba' binary should only be used for either:\n"));
474 DEBUGADD(0, ("'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +smb' or the rpc proxy with 'dcerpc endpoint servers = remote'\n"));
475 DEBUGADD(0, ("You should start smbd/nmbd/winbindd instead for domain member and standalone file server tasks\n"));
476 exit_daemon("Samba detected misconfigured 'server role' and exited. Check logs for details", EINVAL);
479 prime_ldb_databases(event_ctx);
481 status = setup_parent_messaging(event_ctx, cmdline_lp_ctx);
482 if (!NT_STATUS_IS_OK(status)) {
483 exit_daemon("Samba failed to setup parent messaging", NT_STATUS_V(status));
486 DEBUG(0,("%s: using '%s' process model\n", binary_name, model));
488 status = server_service_startup(event_ctx, cmdline_lp_ctx, model,
489 lpcfg_server_services(cmdline_lp_ctx));
490 if (!NT_STATUS_IS_OK(status)) {
491 exit_daemon("Samba failed to start services", NT_STATUS_V(status));
495 daemon_ready("samba");
498 /* wait for events - this is where smbd sits for most of its
500 tevent_loop_wait(event_ctx);
502 /* as everything hangs off this event context, freeing it
503 should initiate a clean shutdown of all services */
504 talloc_free(event_ctx);
509 int main(int argc, const char *argv[])
511 return binary_smbd_main("samba", argc, argv);