2 Unix SMB/CIFS implementation.
4 Main SMB server routines
6 Copyright (C) Andrew Tridgell 1992-2005
7 Copyright (C) Martin Pool 2002
8 Copyright (C) Jelmer Vernooij 2002
9 Copyright (C) James J Myers 2003 <myersjj@samba.org>
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "lib/events/events.h"
28 #include "lib/cmdline/popt_common.h"
29 #include "system/dir.h"
30 #include "system/filesys.h"
31 #include "auth/gensec/gensec.h"
32 #include "libcli/auth/schannel.h"
33 #include "smbd/process_model.h"
34 #include "param/secrets.h"
35 #include "lib/util/pidfile.h"
36 #include "param/param.h"
37 #include "dsdb/samdb/samdb.h"
38 #include "auth/session.h"
39 #include "lib/messaging/irpc.h"
40 #include "librpc/gen_ndr/ndr_irpc.h"
41 #include "cluster/cluster.h"
42 #include "dynconfig/dynconfig.h"
43 #include "lib/util/samba_modules.h"
44 #include "nsswitch/winbind_client.h"
45 #include "libds/common/roles.h"
46 #include "lib/util/tfork.h"
53 struct tevent_context *event_ctx;
54 const char *binary_name;
58 recursively delete a directory tree
60 static void recursive_delete(const char *path)
70 for (de=readdir(dir);de;de=readdir(dir)) {
74 if (ISDOT(de->d_name) || ISDOTDOT(de->d_name)) {
78 fname = talloc_asprintf(path, "%s/%s", path, de->d_name);
79 if (stat(fname, &st) != 0) {
82 if (S_ISDIR(st.st_mode)) {
83 recursive_delete(fname);
87 if (unlink(fname) != 0) {
88 DBG_ERR("Unabled to delete '%s' - %s\n",
89 fname, strerror(errno));
90 smb_panic("unable to cleanup tmp files");
98 cleanup temporary files. This is the new alternative to
99 TDB_CLEAR_IF_FIRST. Unfortunately TDB_CLEAR_IF_FIRST is not
100 efficient on unix systems due to the lack of scaling of the byte
101 range locking system. So instead of putting the burden on tdb to
102 cleanup tmp files, this function deletes them.
104 static void cleanup_tmp_files(struct loadparm_context *lp_ctx)
107 TALLOC_CTX *mem_ctx = talloc_new(NULL);
108 if (mem_ctx == NULL) {
109 exit_daemon("Failed to create memory context",
113 path = smbd_tmp_path(mem_ctx, lp_ctx, NULL);
115 exit_daemon("Failed to cleanup temporary files",
119 recursive_delete(path);
120 talloc_free(mem_ctx);
123 static void sig_hup(int sig)
125 debug_schedule_reopen_logs();
128 static void sig_term(int sig)
131 if (getpgrp() == getpid()) {
133 * We're the process group leader, send
134 * SIGTERM to our process group.
136 DBG_ERR("SIGTERM: killing children\n");
137 kill(-getpgrp(), SIGTERM);
140 DBG_ERR("Exiting pid %d on SIGTERM\n", (int)getpid());
144 static void sigterm_signal_handler(struct tevent_context *ev,
145 struct tevent_signal *se,
146 int signum, int count, void *siginfo,
149 struct server_state *state = talloc_get_type_abort(
150 private_data, struct server_state);
152 DBG_DEBUG("Process %s got SIGTERM\n", state->binary_name);
160 static void setup_signals(void)
162 /* we are never interested in SIGPIPE */
163 BlockSignals(true,SIGPIPE);
166 /* we are never interested in SIGFPE */
167 BlockSignals(true,SIGFPE);
170 /* We are no longer interested in USR1 */
171 BlockSignals(true, SIGUSR1);
174 /* We are no longer interested in USR2 */
175 BlockSignals(true,SIGUSR2);
178 /* POSIX demands that signals are inherited. If the invoking process has
179 * these signals masked, we will have problems,
180 * as we won't receive them. */
181 BlockSignals(false, SIGHUP);
182 BlockSignals(false, SIGTERM);
184 CatchSignal(SIGHUP, sig_hup);
185 CatchSignal(SIGTERM, sig_term);
191 static void server_stdin_handler(struct tevent_context *event_ctx,
192 struct tevent_fd *fde,
196 struct server_state *state = talloc_get_type_abort(
197 private_data, struct server_state);
199 if (read(0, &c, 1) == 0) {
200 DBG_ERR("%s: EOF on stdin - PID %d terminating\n",
201 state->binary_name, (int)getpid());
203 if (getpgrp() == getpid()) {
204 DBG_ERR("Sending SIGTERM from pid %d\n",
206 kill(-getpgrp(), SIGTERM);
215 die if the user selected maximum runtime is exceeded
217 _NORETURN_ static void max_runtime_handler(struct tevent_context *ev,
218 struct tevent_timer *te,
219 struct timeval t, void *private_data)
221 struct server_state *state = talloc_get_type_abort(
222 private_data, struct server_state);
223 DBG_ERR("%s: maximum runtime exceeded - "
224 "terminating PID %d at %llu, current ts: %llu\n",
227 (unsigned long long)t.tv_sec,
228 (unsigned long long)time(NULL));
234 pre-open the key databases. This saves a lot of time in child
237 static void prime_ldb_databases(struct tevent_context *event_ctx)
239 TALLOC_CTX *db_context;
240 db_context = talloc_new(event_ctx);
242 samdb_connect(db_context,
245 system_session(cmdline_lp_ctx),
247 privilege_connect(db_context, cmdline_lp_ctx);
249 /* we deliberately leave these open, which allows them to be
250 * re-used in ldb_wrap_connect() */
255 called when a fatal condition occurs in a child task
257 static NTSTATUS samba_terminate(struct irpc_message *msg,
258 struct samba_terminate *r)
260 struct server_state *state = talloc_get_type(msg->private_data,
261 struct server_state);
262 DBG_ERR("samba_terminate of %s %d: %s\n",
263 state->binary_name, (int)getpid(), r->in.reason);
269 setup messaging for the top level samba (parent) task
271 static NTSTATUS setup_parent_messaging(struct server_state *state,
272 struct loadparm_context *lp_ctx)
274 struct imessaging_context *msg;
277 msg = imessaging_init(state->event_ctx,
279 cluster_id(0, SAMBA_PARENT_TASKID),
281 NT_STATUS_HAVE_NO_MEMORY(msg);
283 status = irpc_add_name(msg, "samba");
284 if (!NT_STATUS_IS_OK(status)) {
288 status = IRPC_REGISTER(msg, irpc, SAMBA_TERMINATE,
289 samba_terminate, state);
298 static void show_build(void)
300 #define CONFIG_OPTION(n) { #n, dyn_ ## n }
304 } config_options[] = {
305 CONFIG_OPTION(BINDIR),
306 CONFIG_OPTION(SBINDIR),
307 CONFIG_OPTION(CONFIGFILE),
308 CONFIG_OPTION(NCALRPCDIR),
309 CONFIG_OPTION(LOGFILEBASE),
310 CONFIG_OPTION(LMHOSTSFILE),
311 CONFIG_OPTION(DATADIR),
312 CONFIG_OPTION(MODULESDIR),
313 CONFIG_OPTION(LOCKDIR),
314 CONFIG_OPTION(STATEDIR),
315 CONFIG_OPTION(CACHEDIR),
316 CONFIG_OPTION(PIDDIR),
317 CONFIG_OPTION(PRIVATE_DIR),
318 CONFIG_OPTION(CODEPAGEDIR),
319 CONFIG_OPTION(SETUPDIR),
320 CONFIG_OPTION(WINBINDD_SOCKET_DIR),
321 CONFIG_OPTION(NTP_SIGND_SOCKET_DIR),
326 printf("Samba version: %s\n", SAMBA_VERSION_STRING);
327 printf("Build environment:\n");
329 printf(" Build host: %s\n", BUILD_SYSTEM);
333 for (i=0; config_options[i].name; i++) {
335 config_options[i].name,
336 config_options[i].value);
342 static int event_ctx_destructor(struct tevent_context *event_ctx)
344 imessaging_dgm_unref_ev(event_ctx);
349 static int to_children_fd = -1;
350 static void atfork_prepare(void) {
352 static void atfork_parent(void) {
354 static void atfork_child(void) {
355 if (to_children_fd != -1) {
356 close(to_children_fd);
365 static int binary_smbd_main(const char *binary_name,
369 bool opt_daemon = false;
370 bool opt_interactive = false;
371 bool opt_no_process_group = false;
374 #define _MODULE_PROTO(init) extern NTSTATUS init(TALLOC_CTX *);
375 STATIC_service_MODULES_PROTO;
376 init_module_fn static_init[] = { STATIC_service_MODULES };
377 init_module_fn *shared_init;
378 uint16_t stdin_event_flags;
380 const char *model = "standard";
388 OPT_NO_PROCESS_GROUP,
390 struct poptOption long_options[] = {
392 {"daemon", 'D', POPT_ARG_NONE, NULL, OPT_DAEMON,
393 "Become a daemon (default)", NULL },
394 {"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE,
395 "Run interactive (not a daemon)", NULL},
396 {"model", 'M', POPT_ARG_STRING, NULL, OPT_PROCESS_MODEL,
397 "Select process model", "MODEL"},
398 {"maximum-runtime",0, POPT_ARG_INT, &max_runtime, 0,
399 "set maximum runtime of the server process, "
400 "till autotermination", "seconds"},
401 {"show-build", 'b', POPT_ARG_NONE, NULL, OPT_SHOW_BUILD,
402 "show build info", NULL },
403 {"no-process-group", '\0', POPT_ARG_NONE, NULL,
404 OPT_NO_PROCESS_GROUP, "Don't create a new process group" },
409 struct server_state *state = NULL;
410 struct tevent_signal *se = NULL;
412 setproctitle("root process");
414 pc = poptGetContext(binary_name, argc, argv, long_options, 0);
415 while((opt = poptGetNextOpt(pc)) != -1) {
420 case OPT_INTERACTIVE:
421 opt_interactive = true;
423 case OPT_PROCESS_MODEL:
424 model = poptGetOptArg(pc);
429 case OPT_NO_PROCESS_GROUP:
430 opt_no_process_group = true;
433 fprintf(stderr, "\nInvalid option %s: %s\n\n",
434 poptBadOption(pc, 0), poptStrerror(opt));
435 poptPrintUsage(pc, stderr, 0);
440 if (opt_daemon && opt_interactive) {
441 fprintf(stderr,"\nERROR: "
442 "Option -i|--interactive is "
443 "not allowed together with -D|--daemon\n\n");
444 poptPrintUsage(pc, stderr, 0);
446 } else if (!opt_interactive) {
447 /* default is --daemon */
453 talloc_enable_null_tracking();
455 setup_logging(binary_name, opt_interactive?DEBUG_STDOUT:DEBUG_FILE);
458 /* we want total control over the permissions on created files,
459 so set our umask to 0 */
462 DEBUG(0,("%s version %s started.\n",
464 SAMBA_VERSION_STRING));
465 DEBUGADD(0,("Copyright Andrew Tridgell and the Samba Team"
468 if (sizeof(uint16_t) < 2 ||
469 sizeof(uint32_t) < 4 ||
470 sizeof(uint64_t) < 8) {
471 DEBUG(0,("ERROR: Samba is not configured correctly "
472 "for the word size on your machine\n"));
473 DEBUGADD(0,("sizeof(uint16_t) = %u, sizeof(uint32_t) %u, "
474 "sizeof(uint64_t) = %u\n",
475 (unsigned int)sizeof(uint16_t),
476 (unsigned int)sizeof(uint32_t),
477 (unsigned int)sizeof(uint64_t)));
482 DBG_NOTICE("Becoming a daemon.\n");
483 become_daemon(true, false, false);
486 /* Create the memory context to hang everything off. */
487 state = talloc_zero(NULL, struct server_state);
489 exit_daemon("Samba cannot create server state", ENOMEM);
491 state->binary_name = binary_name;
493 cleanup_tmp_files(cmdline_lp_ctx);
495 if (!directory_exist(lpcfg_lock_directory(cmdline_lp_ctx))) {
496 mkdir(lpcfg_lock_directory(cmdline_lp_ctx), 0755);
499 pidfile_create(lpcfg_pid_directory(cmdline_lp_ctx), binary_name);
501 if (lpcfg_server_role(cmdline_lp_ctx) == ROLE_ACTIVE_DIRECTORY_DC) {
502 if (!open_schannel_session_store(state,
505 exit_daemon("Samba cannot open schannel store "
506 "for secured NETLOGON operations.", EACCES);
510 /* make sure we won't go through nss_winbind */
511 if (!winbind_off()) {
513 exit_daemon("Samba failed to disable recusive "
514 "winbindd calls.", EACCES);
517 gensec_init(); /* FIXME: */
519 process_model_init(cmdline_lp_ctx);
521 shared_init = load_samba_modules(NULL, "service");
523 run_init_functions(NULL, static_init);
524 run_init_functions(NULL, shared_init);
526 talloc_free(shared_init);
528 /* the event context is the top level structure in smbd. Everything else
529 should hang off that */
530 state->event_ctx = s4_event_context_init(state);
532 if (state->event_ctx == NULL) {
534 exit_daemon("Initializing event context failed", EACCES);
537 talloc_set_destructor(state->event_ctx, event_ctx_destructor);
539 if (opt_interactive) {
540 /* terminate when stdin goes away */
541 stdin_event_flags = TEVENT_FD_READ;
543 /* stay alive forever */
544 stdin_event_flags = 0;
549 * If we're interactive we want to set our own process group for
550 * signal management, unless --no-process-group specified.
552 if (opt_interactive && !opt_no_process_group)
553 setpgid((pid_t)0, (pid_t)0);
556 /* catch EOF on stdin */
558 signal(SIGTTIN, SIG_IGN);
561 if (fstat(0, &st) != 0) {
563 exit_daemon("Samba failed to set standard input handler",
567 if (S_ISFIFO(st.st_mode) || S_ISSOCK(st.st_mode)) {
568 struct tevent_fd *fde = tevent_add_fd(state->event_ctx,
572 server_stdin_handler,
576 exit_daemon("Initializing stdin failed", ENOMEM);
581 struct tevent_timer *te;
582 DBG_ERR("%s PID %d was called with maxruntime %d - "
584 binary_name, (int)getpid(),
585 max_runtime, (unsigned long long) time(NULL));
586 te = tevent_add_timer(state->event_ctx, state->event_ctx,
587 timeval_current_ofs(max_runtime, 0),
592 exit_daemon("Maxruntime handler failed", ENOMEM);
596 se = tevent_add_signal(state->event_ctx,
600 sigterm_signal_handler,
604 exit_daemon("Initialize SIGTERM handler failed", ENOMEM);
607 if (lpcfg_server_role(cmdline_lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC
608 && !lpcfg_parm_bool(cmdline_lp_ctx, NULL,
609 "server role check", "inhibit", false)
610 && !str_list_check_ci(lpcfg_server_services(cmdline_lp_ctx), "smb")
611 && !str_list_check_ci(lpcfg_dcerpc_endpoint_servers(cmdline_lp_ctx),
613 && !str_list_check_ci(lpcfg_dcerpc_endpoint_servers(cmdline_lp_ctx),
615 DEBUG(0, ("At this time the 'samba' binary should only be used "
617 DEBUGADD(0, ("'server role = active directory domain "
618 "controller' or to access the ntvfs file server "
619 "with 'server services = +smb' or the rpc proxy "
620 "with 'dcerpc endpoint servers = remote'\n"));
621 DEBUGADD(0, ("You should start smbd/nmbd/winbindd instead for "
622 "domain member and standalone file server tasks\n"));
623 exit_daemon("Samba detected misconfigured 'server role' "
624 "and exited. Check logs for details", EINVAL);
627 prime_ldb_databases(state->event_ctx);
629 status = setup_parent_messaging(state, cmdline_lp_ctx);
630 if (!NT_STATUS_IS_OK(status)) {
632 exit_daemon("Samba failed to setup parent messaging",
633 NT_STATUS_V(status));
636 DBG_ERR("%s: using '%s' process model\n", binary_name, model);
641 bool start_services = false;
643 rc = pipe(child_pipe);
646 exit_daemon("Samba failed to open process control pipe",
649 smb_set_close_on_exec(child_pipe[0]);
650 smb_set_close_on_exec(child_pipe[1]);
653 to_children_fd = child_pipe[1];
654 pthread_atfork(atfork_prepare, atfork_parent,
656 start_services = true;
659 struct tfork *t = NULL;
663 "Samba unable to fork master process",
666 pid = tfork_child_pid(t);
668 start_services = false;
670 /* In the child process */
671 start_services = true;
672 close(child_pipe[1]);
675 if (start_services) {
676 status = server_service_startup(
677 state->event_ctx, cmdline_lp_ctx, model,
678 lpcfg_server_services(cmdline_lp_ctx),
680 if (!NT_STATUS_IS_OK(status)) {
682 exit_daemon("Samba failed to start services",
683 NT_STATUS_V(status));
689 daemon_ready("samba");
692 /* wait for events - this is where smbd sits for most of its
694 tevent_loop_wait(state->event_ctx);
696 /* as everything hangs off this state->event context, freeing state
697 will initiate a clean shutdown of all services */
703 int main(int argc, const char *argv[])
705 setproctitle_init(argc, discard_const(argv), environ);
707 return binary_smbd_main("samba", argc, argv);