Print this page 
NEX-17457 kernel share list fails to be updated after fs import
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Yuri Pankov <yuripv@yuripv.net>
NEX-10098 Disabling SMB server service does not change the sharestate of a smb share to “offline”.
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Rob Gittins <rob.gittins@nexenta.com>
NEX-3550 Replace smb2_enable with max_protocol (fix fksmbd noise)
NEX-4083 Upstream changes from illumos 5917 and 5995
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
NEX-3611 CLONE NEX-3550 Replace smb2_enable with max_protocol
Reviewed by: Yuri Pankov <Yuri.Pankov@nexenta.com>
NEX-2346 SMB server debug logging cleanup after NEX-2314
NEX-2314 SMB server debug logging needs improvement
NEX-2188 Browsing top level share produces RPC error 1728
NEX-1810 extended security Kerberos (inbound)
SMB-72 Improve startup/shudown debug features
SMB-70 Hang during boot after SMB-50 (fix elfchk noise)
SMB-70 Hang during boot after SMB-50
SMB-50 User-mode SMB server (missed some things)
SMB-56 extended security NTLMSSP, inbound
SMB-39 Use AF_UNIX pipes for RPC
SMB-50 User-mode SMB server
 Includes work by these authors:
 Thomas Keiser <thomas.keiser@nexenta.com>
 Albert Lee <trisk@nexenta.com>
SMB-65 SMB server in non-global zones (data structure changes)
Many things move to the smb_server_t object, and
many functions gain an sv arg (which server).
re #6812 rb1753 backport illumos 1604 smbd print_enable doesn't really work


   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
  23  * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
  24  */
  25 
  26 #include <sys/types.h>
  27 #include <sys/stat.h>
  28 #include <sys/ioccom.h>
  29 #include <sys/corectl.h>
  30 #include <stdio.h>
  31 #include <string.h>
  32 #include <strings.h>
  33 #include <stdlib.h>
  34 #include <unistd.h>
  35 #include <stdarg.h>
  36 #include <fcntl.h>
  37 #include <wait.h>
  38 #include <signal.h>
  39 #include <atomic.h>
  40 #include <libscf.h>
  41 #include <limits.h>
  42 #include <priv_utils.h>
  43 #include <door.h>


 385         /*
 386          * Now that we're running, if a pipe fd was specified, write an exit
 387          * status to it to indicate that our parent process can safely detach.
 388          * Then proceed to loading the remaining non-built-in modules.
 389          */
 390         if (fd >= 0)
 391                 (void) write(fd, &exit_status, sizeof (exit_status));
 392 
 393         (void) close(fd);
 394 
 395         pset = priv_allocset();
 396         if (pset == NULL)
 397                 return;
 398 
 399         priv_basicset(pset);
 400 
 401         /* list of privileges for smbd */
 402         (void) priv_addset(pset, PRIV_NET_MAC_AWARE);
 403         (void) priv_addset(pset, PRIV_NET_PRIVADDR);
 404         (void) priv_addset(pset, PRIV_PROC_AUDIT);

 405         (void) priv_addset(pset, PRIV_SYS_DEVICES);
 406         (void) priv_addset(pset, PRIV_SYS_SMB);
 407         (void) priv_addset(pset, PRIV_SYS_MOUNT);
 408 
 409         priv_inverse(pset);
 410 
 411         /* turn off unneeded privileges */
 412         (void) setppriv(PRIV_OFF, PRIV_EFFECTIVE, pset);
 413 
 414         priv_freeset(pset);
 415 
 416         /* reenable core dumps */
 417         __fini_daemon_priv(NULL);
 418 }
 419 
 420 /*
 421  * smbd_service_init
 422  */
 423 static int
 424 smbd_service_init(void)


 559  * Shutdown smbd and smbsrv kernel services.
 560  *
 561  * Called only by the main thread.
 562  */
 563 static void
 564 smbd_service_fini(void)
 565 {
 566 
 567         smbd.s_shutting_down = B_TRUE;
 568         smbd_report("service shutting down");
 569 
 570         smb_kmod_stop();
 571         smb_logon_abort();
 572         smb_lgrp_stop();
 573         smbd_pipesvc_stop();
 574         smbd_door_stop();
 575         smbd_authsvc_stop();
 576         smbd_spool_stop();
 577         smbd_kernel_unbind();
 578         smbd_share_stop();

 579         smb_shr_stop();
 580         dyndns_stop();
 581         smbd_nicmon_stop();
 582         smb_ccache_remove(SMB_CCACHE_PATH);
 583         smb_pwd_fini();
 584         smb_domain_fini();
 585         mlsvc_fini();
 586         smb_netbios_stop();
 587         smbd_cups_fini();
 588 
 589         smbd.s_initialized = B_FALSE;
 590         smbd_report("service terminated");
 591         closelog();
 592 }
 593 
 594 /*
 595  * Called when SMF sends us a SIGHUP.  Update the smbd configuration
 596  * from SMF and check for changes that require service reconfiguration.
 597  */
 598 static void


 613         smbd_spool_stop();
 614         smbd_dc_monitor_refresh();
 615         smb_ccache_remove(SMB_CCACHE_PATH);
 616 
 617         /*
 618          * Clear the DNS zones for the existing interfaces
 619          * before updating the NIC interface list.
 620          */
 621         dyndns_clear_zones();
 622 
 623         if (smbd_nicmon_refresh() != 0)
 624                 smbd_report("NIC monitor refresh failed");
 625 
 626         smb_netbios_name_reconfig();
 627         smb_browser_reconfig();
 628         dyndns_update_zones();
 629 
 630         /* This reloads the in-kernel config. */
 631         (void) smbd_kernel_bind();
 632 
 633         smbd_load_shares();


 634         smbd_load_printers();
 635         smbd_spool_start();
 636 }
 637 
 638 void
 639 smbd_set_secmode(int secmode)
 640 {
 641         switch (secmode) {
 642         case SMB_SECMODE_WORKGRP:
 643         case SMB_SECMODE_DOMAIN:
 644                 (void) smb_config_set_secmode(secmode);
 645                 smbd.s_secmode = secmode;
 646                 break;
 647 
 648         default:
 649                 syslog(LOG_ERR, "invalid security mode: %d", secmode);
 650                 syslog(LOG_ERR, "entering maintenance mode");
 651                 (void) smb_smf_maintenance_mode();
 652         }
 653 }


 816 /*
 817  * Launches a thread to populate the share cache by share information
 818  * stored in sharemgr
 819  */
 820 static void
 821 smbd_load_shares(void)
 822 {
 823         pthread_t       tid;
 824         pthread_attr_t  attr;
 825         int             rc;
 826 
 827         (void) pthread_attr_init(&attr);
 828         (void) pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
 829         rc = pthread_create(&tid, &attr, smbd_share_loader, NULL);
 830         (void) pthread_attr_destroy(&attr);
 831 
 832         if (rc != 0)
 833                 smbd_report("unable to load disk shares: %s", strerror(errno));
 834 }
 835 




 836 static void *
 837 smbd_share_loader(void *args)
 838 {
 839         (void) smb_shr_load(args);
 840         return (NULL);
 841 }
 842 
 843 /*
 844  * Initialization of the localtime thread.
 845  * Returns 0 on success, an error number if thread creation fails.
 846  */
 847 
 848 static void
 849 smbd_localtime_init(void)
 850 {
 851         pthread_attr_t  attr;
 852         int             rc;
 853 
 854         (void) pthread_attr_init(&attr);
 855         (void) pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);




   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
  23  * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
  24  */
  25 
  26 #include <sys/types.h>
  27 #include <sys/stat.h>
  28 #include <sys/ioccom.h>
  29 #include <sys/corectl.h>
  30 #include <stdio.h>
  31 #include <string.h>
  32 #include <strings.h>
  33 #include <stdlib.h>
  34 #include <unistd.h>
  35 #include <stdarg.h>
  36 #include <fcntl.h>
  37 #include <wait.h>
  38 #include <signal.h>
  39 #include <atomic.h>
  40 #include <libscf.h>
  41 #include <limits.h>
  42 #include <priv_utils.h>
  43 #include <door.h>


 385         /*
 386          * Now that we're running, if a pipe fd was specified, write an exit
 387          * status to it to indicate that our parent process can safely detach.
 388          * Then proceed to loading the remaining non-built-in modules.
 389          */
 390         if (fd >= 0)
 391                 (void) write(fd, &exit_status, sizeof (exit_status));
 392 
 393         (void) close(fd);
 394 
 395         pset = priv_allocset();
 396         if (pset == NULL)
 397                 return;
 398 
 399         priv_basicset(pset);
 400 
 401         /* list of privileges for smbd */
 402         (void) priv_addset(pset, PRIV_NET_MAC_AWARE);
 403         (void) priv_addset(pset, PRIV_NET_PRIVADDR);
 404         (void) priv_addset(pset, PRIV_PROC_AUDIT);
 405         (void) priv_addset(pset, PRIV_SYS_CONFIG);
 406         (void) priv_addset(pset, PRIV_SYS_DEVICES);
 407         (void) priv_addset(pset, PRIV_SYS_SMB);
 408         (void) priv_addset(pset, PRIV_SYS_MOUNT);
 409 
 410         priv_inverse(pset);
 411 
 412         /* turn off unneeded privileges */
 413         (void) setppriv(PRIV_OFF, PRIV_EFFECTIVE, pset);
 414 
 415         priv_freeset(pset);
 416 
 417         /* reenable core dumps */
 418         __fini_daemon_priv(NULL);
 419 }
 420 
 421 /*
 422  * smbd_service_init
 423  */
 424 static int
 425 smbd_service_init(void)


 560  * Shutdown smbd and smbsrv kernel services.
 561  *
 562  * Called only by the main thread.
 563  */
 564 static void
 565 smbd_service_fini(void)
 566 {
 567 
 568         smbd.s_shutting_down = B_TRUE;
 569         smbd_report("service shutting down");
 570 
 571         smb_kmod_stop();
 572         smb_logon_abort();
 573         smb_lgrp_stop();
 574         smbd_pipesvc_stop();
 575         smbd_door_stop();
 576         smbd_authsvc_stop();
 577         smbd_spool_stop();
 578         smbd_kernel_unbind();
 579         smbd_share_stop();
 580         smb_shr_unload();
 581         smb_shr_stop();
 582         dyndns_stop();
 583         smbd_nicmon_stop();
 584         smb_ccache_remove(SMB_CCACHE_PATH);
 585         smb_pwd_fini();
 586         smb_domain_fini();
 587         mlsvc_fini();
 588         smb_netbios_stop();
 589         smbd_cups_fini();
 590 
 591         smbd.s_initialized = B_FALSE;
 592         smbd_report("service terminated");
 593         closelog();
 594 }
 595 
 596 /*
 597  * Called when SMF sends us a SIGHUP.  Update the smbd configuration
 598  * from SMF and check for changes that require service reconfiguration.
 599  */
 600 static void


 615         smbd_spool_stop();
 616         smbd_dc_monitor_refresh();
 617         smb_ccache_remove(SMB_CCACHE_PATH);
 618 
 619         /*
 620          * Clear the DNS zones for the existing interfaces
 621          * before updating the NIC interface list.
 622          */
 623         dyndns_clear_zones();
 624 
 625         if (smbd_nicmon_refresh() != 0)
 626                 smbd_report("NIC monitor refresh failed");
 627 
 628         smb_netbios_name_reconfig();
 629         smb_browser_reconfig();
 630         dyndns_update_zones();
 631 
 632         /* This reloads the in-kernel config. */
 633         (void) smbd_kernel_bind();
 634 
 635         /* On refresh load share properties only, not the shares themselves */
 636         smb_shr_load_execinfo();
 637 
 638         smbd_load_printers();
 639         smbd_spool_start();
 640 }
 641 
 642 void
 643 smbd_set_secmode(int secmode)
 644 {
 645         switch (secmode) {
 646         case SMB_SECMODE_WORKGRP:
 647         case SMB_SECMODE_DOMAIN:
 648                 (void) smb_config_set_secmode(secmode);
 649                 smbd.s_secmode = secmode;
 650                 break;
 651 
 652         default:
 653                 syslog(LOG_ERR, "invalid security mode: %d", secmode);
 654                 syslog(LOG_ERR, "entering maintenance mode");
 655                 (void) smb_smf_maintenance_mode();
 656         }
 657 }


 820 /*
 821  * Launches a thread to populate the share cache by share information
 822  * stored in sharemgr
 823  */
 824 static void
 825 smbd_load_shares(void)
 826 {
 827         pthread_t       tid;
 828         pthread_attr_t  attr;
 829         int             rc;
 830 
 831         (void) pthread_attr_init(&attr);
 832         (void) pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
 833         rc = pthread_create(&tid, &attr, smbd_share_loader, NULL);
 834         (void) pthread_attr_destroy(&attr);
 835 
 836         if (rc != 0)
 837                 smbd_report("unable to load disk shares: %s", strerror(errno));
 838 }
 839 
 840 /*
 841  * This wrapper function is used to avoid casting smb_shr_load() in
 842  * pthread_create() above. It is called very infrequently.
 843  */
 844 static void *
 845 smbd_share_loader(void *args)
 846 {
 847         (void) smb_shr_load(args);
 848         return (NULL);
 849 }
 850 
 851 /*
 852  * Initialization of the localtime thread.
 853  * Returns 0 on success, an error number if thread creation fails.
 854  */
 855 
 856 static void
 857 smbd_localtime_init(void)
 858 {
 859         pthread_attr_t  attr;
 860         int             rc;
 861 
 862         (void) pthread_attr_init(&attr);
 863         (void) pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);