Print this page
NEX-17457 kernel share list fails to be updated after fs import
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Yuri Pankov <yuripv@yuripv.net>
NEX-10098 Disabling SMB server service does not change the sharestate of a smb share to “offline”.
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Rob Gittins <rob.gittins@nexenta.com>
NEX-3550 Replace smb2_enable with max_protocol (fix fksmbd noise)
NEX-4083 Upstream changes from illumos 5917 and 5995
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
NEX-3611 CLONE NEX-3550 Replace smb2_enable with max_protocol
Reviewed by: Yuri Pankov <Yuri.Pankov@nexenta.com>
NEX-2346 SMB server debug logging cleanup after NEX-2314
NEX-2314 SMB server debug logging needs improvement
NEX-2188 Browsing top level share produces RPC error 1728
NEX-1810 extended security Kerberos (inbound)
SMB-72 Improve startup/shudown debug features
SMB-70 Hang during boot after SMB-50 (fix elfchk noise)
SMB-70 Hang during boot after SMB-50
SMB-50 User-mode SMB server (missed some things)
SMB-56 extended security NTLMSSP, inbound
SMB-39 Use AF_UNIX pipes for RPC
SMB-50 User-mode SMB server
Includes work by these authors:
Thomas Keiser <thomas.keiser@nexenta.com>
Albert Lee <trisk@nexenta.com>
SMB-65 SMB server in non-global zones (data structure changes)
Many things move to the smb_server_t object, and
many functions gain an sv arg (which server).
re #6812 rb1753 backport illumos 1604 smbd print_enable doesn't really work
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/smbsrv/smbd/smbd_main.c
+++ new/usr/src/cmd/smbsrv/smbd/smbd_main.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
|
↓ open down ↓ |
12 lines elided |
↑ open up ↑ |
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23 - * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
23 + * Copyright 2018 Nexenta Systems, Inc. All rights reserved.
24 24 */
25 25
26 26 #include <sys/types.h>
27 27 #include <sys/stat.h>
28 28 #include <sys/ioccom.h>
29 29 #include <sys/corectl.h>
30 30 #include <stdio.h>
31 31 #include <string.h>
32 32 #include <strings.h>
33 33 #include <stdlib.h>
34 34 #include <unistd.h>
35 35 #include <stdarg.h>
36 36 #include <fcntl.h>
37 37 #include <wait.h>
38 38 #include <signal.h>
39 39 #include <atomic.h>
40 40 #include <libscf.h>
41 41 #include <limits.h>
42 42 #include <priv_utils.h>
43 43 #include <door.h>
44 44 #include <errno.h>
45 45 #include <pthread.h>
46 46 #include <time.h>
47 47 #include <libscf.h>
48 48 #include <zone.h>
49 49 #include <libgen.h>
50 50 #include <pwd.h>
51 51 #include <grp.h>
52 52
53 53 #include <smbsrv/smb_door.h>
54 54 #include <smbsrv/smb_ioctl.h>
55 55 #include <smbsrv/string.h>
56 56 #include <smbsrv/libsmb.h>
57 57 #include <smbsrv/libsmbns.h>
58 58 #include <smbsrv/libmlsvc.h>
59 59 #include "smbd.h"
60 60
61 61 #define SECSPERMIN 60
62 62 #define SMBD_ONLINE_WAIT_INTERVAL 10
63 63 #define SMBD_REFRESH_INTERVAL 10
64 64 #define SMB_DBDIR "/var/smb"
65 65
66 66 static int smbd_daemonize_init(void);
67 67 static void smbd_daemonize_fini(int, int);
68 68 static int smb_init_daemon_priv(int, uid_t, gid_t);
69 69
70 70 static int smbd_kernel_bind(void);
71 71 static void smbd_kernel_unbind(void);
72 72 static int smbd_already_running(void);
73 73
74 74 static int smbd_service_init(void);
75 75 static void smbd_service_fini(void);
76 76
77 77 static int smbd_setup_options(int argc, char *argv[]);
78 78 static void smbd_usage(FILE *fp);
79 79
80 80 static int32_t smbd_gmtoff(void);
81 81 static void smbd_localtime_init(void);
82 82 static void *smbd_localtime_monitor(void *arg);
83 83
84 84 static void smbd_dyndns_init(void);
85 85 static void smbd_load_shares(void);
86 86 static void *smbd_share_loader(void *);
87 87
88 88 static void smbd_refresh_handler(void);
89 89
90 90 static int smbd_kernel_start(void);
91 91
92 92 smbd_t smbd;
93 93
94 94 /*
95 95 * Use SMF error codes only on return or exit.
96 96 */
97 97 int
98 98 main(int argc, char *argv[])
99 99 {
100 100 sigset_t set;
101 101 uid_t uid;
102 102 int pfd = -1;
103 103 int sigval;
104 104 struct rlimit rl;
105 105 int orig_limit;
106 106
107 107 #ifdef FKSMBD
108 108 fksmbd_init();
109 109 #endif
110 110 smbd.s_pname = basename(argv[0]);
111 111 openlog(smbd.s_pname, LOG_PID | LOG_NOWAIT, LOG_DAEMON);
112 112
113 113 if (smbd_setup_options(argc, argv) != 0)
114 114 return (SMF_EXIT_ERR_FATAL);
115 115
116 116 if ((uid = getuid()) != smbd.s_uid) {
117 117 #ifdef FKSMBD
118 118 /* Can't manipulate privileges in daemonize. */
119 119 if (smbd.s_fg == 0) {
120 120 smbd.s_fg = 1;
121 121 smbd_report("user %d (forced -f)", uid);
122 122 }
123 123 #else /* FKSMBD */
124 124 smbd_report("user %d: %s", uid, strerror(EPERM));
125 125 return (SMF_EXIT_ERR_FATAL);
126 126 #endif /* FKSMBD */
127 127 }
128 128
129 129 if (is_system_labeled()) {
130 130 smbd_report("Trusted Extensions not supported");
131 131 return (SMF_EXIT_ERR_FATAL);
132 132 }
133 133
134 134 if (smbd_already_running())
135 135 return (SMF_EXIT_OK);
136 136
137 137 /*
138 138 * Raise the file descriptor limit to accommodate simultaneous user
139 139 * authentications/file access.
140 140 */
141 141 if ((getrlimit(RLIMIT_NOFILE, &rl) == 0) &&
142 142 (rl.rlim_cur < rl.rlim_max)) {
143 143 orig_limit = rl.rlim_cur;
144 144 rl.rlim_cur = rl.rlim_max;
145 145 if (setrlimit(RLIMIT_NOFILE, &rl) != 0)
146 146 smbd_report("Failed to raise file descriptor limit"
147 147 " from %d to %d", orig_limit, rl.rlim_cur);
148 148 }
149 149
150 150 /*
151 151 * Block async signals in all threads.
152 152 */
153 153 (void) sigemptyset(&set);
154 154
155 155 (void) sigaddset(&set, SIGHUP);
156 156 (void) sigaddset(&set, SIGINT);
157 157 (void) sigaddset(&set, SIGQUIT);
158 158 (void) sigaddset(&set, SIGPIPE);
159 159 (void) sigaddset(&set, SIGTERM);
160 160 (void) sigaddset(&set, SIGUSR1);
161 161 (void) sigaddset(&set, SIGUSR2);
162 162
163 163 (void) sigprocmask(SIG_SETMASK, &set, NULL);
164 164
165 165 if (smbd.s_fg) {
166 166 if (smbd_service_init() != 0) {
167 167 smbd_report("service initialization failed");
168 168 exit(SMF_EXIT_ERR_FATAL);
169 169 }
170 170 } else {
171 171 /*
172 172 * "pfd" is a pipe descriptor -- any fatal errors
173 173 * during subsequent initialization of the child
174 174 * process should be written to this pipe and the
175 175 * parent will report this error as the exit status.
176 176 */
177 177 pfd = smbd_daemonize_init();
178 178
179 179 if (smbd_service_init() != 0) {
180 180 smbd_report("daemon initialization failed");
181 181 exit(SMF_EXIT_ERR_FATAL);
182 182 }
183 183
184 184 smbd_daemonize_fini(pfd, SMF_EXIT_OK);
185 185 }
186 186
187 187 while (!smbd.s_shutting_down) {
188 188 sigval = sigwait(&set);
189 189
190 190 switch (sigval) {
191 191 case -1:
192 192 syslog(LOG_DEBUG, "sigwait failed: %s",
193 193 strerror(errno));
194 194 break;
195 195 case SIGPIPE:
196 196 break;
197 197
198 198 case SIGHUP:
199 199 syslog(LOG_DEBUG, "refresh requested");
200 200 smbd_refresh_handler();
201 201 break;
202 202
203 203 case SIGUSR1:
204 204 syslog(LOG_DEBUG, "SIGUSR1 ignored");
205 205 break;
206 206
207 207 default:
208 208 /*
209 209 * Typically SIGINT or SIGTERM.
210 210 */
211 211 smbd.s_shutting_down = B_TRUE;
212 212 break;
213 213 }
214 214 }
215 215
216 216 /*
217 217 * Allow termination signals while shutting down.
218 218 */
219 219 (void) sigemptyset(&set);
220 220
221 221 if (smbd.s_fg) {
222 222 (void) sigaddset(&set, SIGHUP);
223 223 (void) sigaddset(&set, SIGINT);
224 224 }
225 225 (void) sigaddset(&set, SIGTERM);
226 226
227 227 (void) sigprocmask(SIG_UNBLOCK, &set, NULL);
228 228
229 229 smbd_service_fini();
230 230 return ((smbd.s_fatal_error) ? SMF_EXIT_ERR_FATAL : SMF_EXIT_OK);
231 231 }
232 232
233 233 /*
234 234 * This function will fork off a child process,
235 235 * from which only the child will return.
236 236 *
237 237 * Use SMF error codes only on exit.
238 238 */
239 239 static int
240 240 smbd_daemonize_init(void)
241 241 {
242 242 int status, pfds[2];
243 243 sigset_t set, oset;
244 244 pid_t pid;
245 245 int rc;
246 246
247 247 /*
248 248 * Reset privileges to the minimum set required. We continue
249 249 * to run as root to create and access files in /var.
250 250 */
251 251 rc = smb_init_daemon_priv(PU_RESETGROUPS, smbd.s_uid, smbd.s_gid);
252 252
253 253 if (rc != 0) {
254 254 smbd_report("insufficient privileges");
255 255 exit(SMF_EXIT_ERR_FATAL);
256 256 }
257 257
258 258 /*
259 259 * Block all signals prior to the fork and leave them blocked in the
260 260 * parent so we don't get in a situation where the parent gets SIGINT
261 261 * and returns non-zero exit status and the child is actually running.
262 262 * In the child, restore the signal mask once we've done our setsid().
263 263 */
264 264 (void) sigfillset(&set);
265 265 (void) sigdelset(&set, SIGABRT);
266 266 (void) sigprocmask(SIG_BLOCK, &set, &oset);
267 267
268 268 if (pipe(pfds) == -1) {
269 269 smbd_report("unable to create pipe");
270 270 exit(SMF_EXIT_ERR_FATAL);
271 271 }
272 272
273 273 closelog();
274 274
275 275 if ((pid = fork()) == -1) {
276 276 openlog(smbd.s_pname, LOG_PID | LOG_NOWAIT, LOG_DAEMON);
277 277 smbd_report("unable to fork");
278 278 closelog();
279 279 exit(SMF_EXIT_ERR_FATAL);
280 280 }
281 281
282 282 /*
283 283 * If we're the parent process, wait for either the child to send us
284 284 * the appropriate exit status over the pipe or for the read to fail
285 285 * (presumably with 0 for EOF if our child terminated abnormally).
286 286 * If the read fails, exit with either the child's exit status if it
287 287 * exited or with SMF_EXIT_ERR_FATAL if it died from a fatal signal.
288 288 */
289 289 if (pid != 0) {
290 290 (void) close(pfds[1]);
291 291
292 292 if (read(pfds[0], &status, sizeof (status)) == sizeof (status))
293 293 _exit(status);
294 294
295 295 if (waitpid(pid, &status, 0) == pid && WIFEXITED(status))
296 296 _exit(WEXITSTATUS(status));
297 297
298 298 _exit(SMF_EXIT_ERR_FATAL);
299 299 }
300 300
301 301 openlog(smbd.s_pname, LOG_PID | LOG_NOWAIT, LOG_DAEMON);
302 302 (void) setsid();
303 303 (void) sigprocmask(SIG_SETMASK, &oset, NULL);
304 304 (void) chdir("/");
305 305 (void) umask(022);
306 306 (void) close(pfds[0]);
307 307
308 308 return (pfds[1]);
309 309 }
310 310
311 311 /*
312 312 * This function is based on __init_daemon_priv() and replaces
313 313 * __init_daemon_priv() since we want smbd to have all privileges so that it
314 314 * can execute map/unmap commands with all privileges during share
315 315 * connection/disconnection. Unused privileges are disabled until command
316 316 * execution. The permitted and the limit set contains all privileges. The
317 317 * inheritable set contains no privileges.
318 318 */
319 319
320 320 static const char root_cp[] = "/core.%f.%t";
321 321 static const char daemon_cp[] = "/var/tmp/core.%f.%t";
322 322
323 323 static int
324 324 smb_init_daemon_priv(int flags, uid_t uid, gid_t gid)
325 325 {
326 326 priv_set_t *perm = NULL;
327 327 int ret = -1;
328 328 char buf[1024];
329 329
330 330 /*
331 331 * This is not a significant failure: it allows us to start programs
332 332 * with sufficient privileges and with the proper uid. We don't
333 333 * care enough about the extra groups in that case.
334 334 */
335 335 if (flags & PU_RESETGROUPS)
336 336 (void) setgroups(0, NULL);
337 337
338 338 if (gid != (gid_t)-1 && setgid(gid) != 0)
339 339 goto end;
340 340
341 341 perm = priv_allocset();
342 342 if (perm == NULL)
343 343 goto end;
344 344
345 345 /* E = P */
346 346 (void) getppriv(PRIV_PERMITTED, perm);
347 347 (void) setppriv(PRIV_SET, PRIV_EFFECTIVE, perm);
348 348
349 349 /* Now reset suid and euid */
350 350 if (uid != (uid_t)-1 && setreuid(uid, uid) != 0)
351 351 goto end;
352 352
353 353 /* I = 0 */
354 354 priv_emptyset(perm);
355 355 ret = setppriv(PRIV_SET, PRIV_INHERITABLE, perm);
356 356 end:
357 357 priv_freeset(perm);
358 358
359 359 if (core_get_process_path(buf, sizeof (buf), getpid()) == 0 &&
360 360 strcmp(buf, "core") == 0) {
361 361
362 362 if ((uid == (uid_t)-1 ? geteuid() : uid) == 0) {
363 363 (void) core_set_process_path(root_cp, sizeof (root_cp),
364 364 getpid());
365 365 } else {
366 366 (void) core_set_process_path(daemon_cp,
367 367 sizeof (daemon_cp), getpid());
368 368 }
369 369 }
370 370 (void) setpflags(__PROC_PROTECT, 0);
371 371
372 372 return (ret);
373 373 }
374 374
375 375 /*
376 376 * Most privileges, except the ones that are required for smbd, are turn off
377 377 * in the effective set. They will be turn on when needed for command
378 378 * execution during share connection/disconnection.
379 379 */
380 380 static void
381 381 smbd_daemonize_fini(int fd, int exit_status)
382 382 {
383 383 priv_set_t *pset;
384 384
385 385 /*
386 386 * Now that we're running, if a pipe fd was specified, write an exit
387 387 * status to it to indicate that our parent process can safely detach.
388 388 * Then proceed to loading the remaining non-built-in modules.
389 389 */
390 390 if (fd >= 0)
391 391 (void) write(fd, &exit_status, sizeof (exit_status));
392 392
393 393 (void) close(fd);
394 394
|
↓ open down ↓ |
361 lines elided |
↑ open up ↑ |
395 395 pset = priv_allocset();
396 396 if (pset == NULL)
397 397 return;
398 398
399 399 priv_basicset(pset);
400 400
401 401 /* list of privileges for smbd */
402 402 (void) priv_addset(pset, PRIV_NET_MAC_AWARE);
403 403 (void) priv_addset(pset, PRIV_NET_PRIVADDR);
404 404 (void) priv_addset(pset, PRIV_PROC_AUDIT);
405 + (void) priv_addset(pset, PRIV_SYS_CONFIG);
405 406 (void) priv_addset(pset, PRIV_SYS_DEVICES);
406 407 (void) priv_addset(pset, PRIV_SYS_SMB);
407 408 (void) priv_addset(pset, PRIV_SYS_MOUNT);
408 409
409 410 priv_inverse(pset);
410 411
411 412 /* turn off unneeded privileges */
412 413 (void) setppriv(PRIV_OFF, PRIV_EFFECTIVE, pset);
413 414
414 415 priv_freeset(pset);
415 416
416 417 /* reenable core dumps */
417 418 __fini_daemon_priv(NULL);
418 419 }
419 420
420 421 /*
421 422 * smbd_service_init
422 423 */
423 424 static int
424 425 smbd_service_init(void)
425 426 {
426 427 static struct dir {
427 428 char *name;
428 429 int perm;
429 430 } dir[] = {
430 431 { SMB_DBDIR, 0700 },
431 432 { SMB_CVOL, 0755 },
432 433 { SMB_SYSROOT, 0755 },
433 434 { SMB_SYSTEM32, 0755 },
434 435 { SMB_VSS, 0755 },
435 436 { SMB_PIPE_DIR, 0755 },
436 437 { "/var/smb/lipc", 0755 },
437 438 };
438 439 int rc, i;
439 440
440 441 smbd.s_pid = getpid();
441 442
442 443 /*
443 444 * Stop for a debugger attach here, which is after the
444 445 * fork() etc. in smb_daemonize_init()
445 446 */
446 447 if (smbd.s_dbg_stop) {
447 448 smbd_report("pid %d stop for debugger attach", smbd.s_pid);
448 449 (void) kill(smbd.s_pid, SIGSTOP);
449 450 }
450 451 smbd_report("smbd starting, pid %d", smbd.s_pid);
451 452
452 453 for (i = 0; i < sizeof (dir)/sizeof (dir[0]); ++i) {
453 454 if ((mkdir(dir[i].name, dir[i].perm) < 0) &&
454 455 (errno != EEXIST)) {
455 456 smbd_report("mkdir %s: %s", dir[i].name,
456 457 strerror(errno));
457 458 return (-1);
458 459 }
459 460 }
460 461
461 462 /*
462 463 * This environment variable tells mech_krb5 to give us
463 464 * MS-compatible behavior.
464 465 */
465 466 (void) putenv("MS_INTEROP=1");
466 467
467 468 if ((rc = smb_ccache_init(SMB_VARRUN_DIR, SMB_CCACHE_FILE)) != 0) {
468 469 if (rc == -1)
469 470 smbd_report("mkdir %s: %s", SMB_VARRUN_DIR,
470 471 strerror(errno));
471 472 else
472 473 smbd_report("unable to set KRB5CCNAME");
473 474 return (-1);
474 475 }
475 476
476 477 #ifndef FKSMBD
477 478 /* Upgrade SMF settings, if necessary. */
478 479 smb_config_upgrade();
479 480 #endif
480 481
481 482 smb_codepage_init();
482 483
483 484 rc = smbd_cups_init();
484 485 if (smb_config_getbool(SMB_CI_PRINT_ENABLE))
485 486 smbd_report("print service %savailable", (rc == 0) ? "" : "un");
486 487
487 488 if (smbd_nicmon_start(SMBD_DEFAULT_INSTANCE_FMRI) != 0)
488 489 smbd_report("NIC monitor failed to start");
489 490
490 491 smbd_dyndns_init();
491 492 smb_ipc_init();
492 493
493 494 if (smb_config_getbool(SMB_CI_NETBIOS_ENABLE) == 0)
494 495 smbd_report("NetBIOS services disabled");
495 496 else if (smb_netbios_start() != 0)
496 497 smbd_report("NetBIOS services failed to start");
497 498 else
498 499 smbd_report("NetBIOS services started");
499 500
500 501 smbd.s_secmode = smb_config_get_secmode();
501 502 if ((rc = smb_domain_init(smbd.s_secmode)) != 0) {
502 503 if (rc == SMB_DOMAIN_NOMACHINE_SID) {
503 504 smbd_report(
504 505 "no machine SID: check idmap configuration");
505 506 return (-1);
506 507 }
507 508 }
508 509
509 510 if (smbd_dc_monitor_init() != 0)
510 511 smbd_report("DC monitor initialization failed %s",
511 512 strerror(errno));
512 513
513 514 if (smbd_pipesvc_start() != 0) {
514 515 smbd_report("pipesvc initialization failed");
515 516 return (-1);
516 517 }
517 518
518 519 if (smbd_authsvc_start() != 0) {
519 520 smbd_report("authsvc initialization failed");
520 521 return (-1);
521 522 }
522 523
523 524 smbd.s_door_srv = smbd_door_start();
524 525 if (smbd.s_door_srv < 0) {
525 526 smbd_report("door initialization failed %s", strerror(errno));
526 527 return (-1);
527 528 }
528 529
529 530 dyndns_update_zones();
530 531 smbd_localtime_init();
531 532 (void) smb_lgrp_start();
532 533 smb_pwd_init(B_TRUE);
533 534
534 535 if (smb_shr_start() != 0) {
535 536 smbd_report("share initialization failed: %s", strerror(errno));
536 537 return (-1);
537 538 }
538 539
539 540 smbd.s_door_lmshr = smbd_share_start();
540 541 if (smbd.s_door_lmshr < 0)
541 542 smbd_report("share initialization failed");
542 543
543 544 /* Open the driver, load the kernel config. */
544 545 if (smbd_kernel_bind() != 0) {
545 546 return (-1);
546 547 }
547 548
548 549 smbd_load_shares();
549 550 smbd_load_printers();
550 551 smbd_spool_start();
551 552
552 553 smbd.s_initialized = B_TRUE;
553 554 smbd_report("service initialized");
554 555
555 556 return (0);
556 557 }
557 558
558 559 /*
559 560 * Shutdown smbd and smbsrv kernel services.
560 561 *
561 562 * Called only by the main thread.
562 563 */
563 564 static void
564 565 smbd_service_fini(void)
565 566 {
566 567
567 568 smbd.s_shutting_down = B_TRUE;
568 569 smbd_report("service shutting down");
|
↓ open down ↓ |
154 lines elided |
↑ open up ↑ |
569 570
570 571 smb_kmod_stop();
571 572 smb_logon_abort();
572 573 smb_lgrp_stop();
573 574 smbd_pipesvc_stop();
574 575 smbd_door_stop();
575 576 smbd_authsvc_stop();
576 577 smbd_spool_stop();
577 578 smbd_kernel_unbind();
578 579 smbd_share_stop();
580 + smb_shr_unload();
579 581 smb_shr_stop();
580 582 dyndns_stop();
581 583 smbd_nicmon_stop();
582 584 smb_ccache_remove(SMB_CCACHE_PATH);
583 585 smb_pwd_fini();
584 586 smb_domain_fini();
585 587 mlsvc_fini();
586 588 smb_netbios_stop();
587 589 smbd_cups_fini();
588 590
589 591 smbd.s_initialized = B_FALSE;
590 592 smbd_report("service terminated");
591 593 closelog();
592 594 }
593 595
594 596 /*
595 597 * Called when SMF sends us a SIGHUP. Update the smbd configuration
596 598 * from SMF and check for changes that require service reconfiguration.
597 599 */
598 600 static void
599 601 smbd_refresh_handler()
600 602 {
601 603 int new_debug;
602 604
603 605 if (smbd.s_shutting_down)
604 606 return;
605 607
606 608 smbd.s_refreshes++;
607 609
608 610 new_debug = smb_config_get_debug();
609 611 if (smbd.s_debug || new_debug)
610 612 smbd_report("debug=%d", new_debug);
611 613 smbd.s_debug = new_debug;
612 614
613 615 smbd_spool_stop();
614 616 smbd_dc_monitor_refresh();
615 617 smb_ccache_remove(SMB_CCACHE_PATH);
616 618
617 619 /*
618 620 * Clear the DNS zones for the existing interfaces
619 621 * before updating the NIC interface list.
620 622 */
621 623 dyndns_clear_zones();
622 624
|
↓ open down ↓ |
34 lines elided |
↑ open up ↑ |
623 625 if (smbd_nicmon_refresh() != 0)
624 626 smbd_report("NIC monitor refresh failed");
625 627
626 628 smb_netbios_name_reconfig();
627 629 smb_browser_reconfig();
628 630 dyndns_update_zones();
629 631
630 632 /* This reloads the in-kernel config. */
631 633 (void) smbd_kernel_bind();
632 634
633 - smbd_load_shares();
635 + /* On refresh load share properties only, not the shares themselves */
636 + smb_shr_load_execinfo();
637 +
634 638 smbd_load_printers();
635 639 smbd_spool_start();
636 640 }
637 641
638 642 void
639 643 smbd_set_secmode(int secmode)
640 644 {
641 645 switch (secmode) {
642 646 case SMB_SECMODE_WORKGRP:
643 647 case SMB_SECMODE_DOMAIN:
644 648 (void) smb_config_set_secmode(secmode);
645 649 smbd.s_secmode = secmode;
646 650 break;
647 651
648 652 default:
649 653 syslog(LOG_ERR, "invalid security mode: %d", secmode);
650 654 syslog(LOG_ERR, "entering maintenance mode");
651 655 (void) smb_smf_maintenance_mode();
652 656 }
653 657 }
654 658
655 659 /*
656 660 * The service is online if initialization is complete and shutdown
657 661 * has not begun.
658 662 */
659 663 boolean_t
660 664 smbd_online(void)
661 665 {
662 666 return (smbd.s_initialized && !smbd.s_shutting_down);
663 667 }
664 668
665 669 /*
666 670 * Wait until the service is online. Provided for threads that
667 671 * should wait until the service has been fully initialized before
668 672 * they start performing operations.
669 673 */
670 674 void
671 675 smbd_online_wait(const char *text)
672 676 {
673 677 while (!smbd_online())
674 678 (void) sleep(SMBD_ONLINE_WAIT_INTERVAL);
675 679
676 680 if (text != NULL) {
677 681 syslog(LOG_DEBUG, "%s: online", text);
678 682 (void) fprintf(stderr, "%s: online\n", text);
679 683 }
680 684 }
681 685
|
↓ open down ↓ |
38 lines elided |
↑ open up ↑ |
682 686 /*
683 687 * If the door has already been opened by another process (non-zero pid
684 688 * in target), we assume that another smbd is already running. If there
685 689 * is a race here, it will be caught later when smbsrv is opened because
686 690 * only one process is allowed to open the device at a time.
687 691 */
688 692 static int
689 693 smbd_already_running(void)
690 694 {
691 695 door_info_t info;
692 - char *door_name;
696 + char *door_name;
693 697 int door;
694 698
695 699 door_name = getenv("SMBD_DOOR_NAME");
696 700 if (door_name == NULL)
697 701 door_name = SMBD_DOOR_NAME;
698 702
699 703 if ((door = open(door_name, O_RDONLY)) < 0)
700 704 return (0);
701 705
702 706 if (door_info(door, &info) < 0)
703 707 return (0);
704 708
705 709 if (info.di_target > 0) {
706 710 smbd_report("already running: pid %ld\n", info.di_target);
707 711 (void) close(door);
708 712 return (1);
709 713 }
710 714
711 715 (void) close(door);
712 716 return (0);
713 717 }
714 718
715 719 /*
716 720 * smbd_kernel_bind
717 721 *
718 722 * If smbsrv is already bound, reload the configuration and update smbsrv.
719 723 * Otherwise, open the smbsrv device and start the kernel service.
720 724 */
721 725 static int
722 726 smbd_kernel_bind(void)
723 727 {
724 728 smb_kmod_cfg_t cfg;
725 729 int rc;
726 730
727 731 if (smbd.s_kbound) {
728 732 smb_load_kconfig(&cfg);
729 733 smbd_get_authconf(&cfg);
730 734 rc = smb_kmod_setcfg(&cfg);
731 735 if (rc < 0)
732 736 smbd_report("kernel configuration update failed: %s",
733 737 strerror(rc));
734 738 return (rc);
735 739 }
736 740
737 741 if (smb_kmod_isbound())
738 742 smbd_kernel_unbind();
739 743
740 744 if ((rc = smb_kmod_bind()) == 0) {
741 745 rc = smbd_kernel_start();
742 746 if (rc != 0)
743 747 smb_kmod_unbind();
744 748 else
745 749 smbd.s_kbound = B_TRUE;
746 750 } else {
747 751 smbd_report("kernel bind error: %s", strerror(rc));
748 752 }
749 753
750 754 return (rc);
751 755 }
752 756
753 757 static int
754 758 smbd_kernel_start(void)
755 759 {
756 760 smb_kmod_cfg_t cfg;
757 761 int rc;
758 762
759 763 smb_load_kconfig(&cfg);
760 764 smbd_get_authconf(&cfg);
761 765 rc = smb_kmod_setcfg(&cfg);
762 766 if (rc != 0) {
763 767 smbd_report("kernel config ioctl error: %s", strerror(rc));
764 768 return (rc);
765 769 }
766 770
767 771 rc = smb_kmod_setgmtoff(smbd_gmtoff());
768 772 if (rc != 0) {
769 773 smbd_report("kernel gmtoff ioctl error: %s", strerror(rc));
770 774 return (rc);
771 775 }
772 776
773 777 rc = smb_kmod_start(smbd.s_door_opipe, smbd.s_door_lmshr,
774 778 smbd.s_door_srv);
775 779
776 780 if (rc != 0) {
777 781 smbd_report("kernel start ioctl error: %s", strerror(rc));
778 782 return (rc);
779 783 }
780 784
781 785 return (0);
782 786 }
783 787
784 788 /*
785 789 * smbd_kernel_unbind
786 790 */
787 791 static void
788 792 smbd_kernel_unbind(void)
789 793 {
790 794 smb_kmod_unbind();
791 795 smbd.s_kbound = B_FALSE;
792 796 }
793 797
794 798 /*
795 799 * Create the Dynamic DNS publisher thread.
796 800 */
797 801 static void
798 802 smbd_dyndns_init(void)
799 803 {
800 804 pthread_t tid;
801 805 pthread_attr_t attr;
802 806 int rc;
803 807
804 808 dyndns_start();
805 809
806 810 (void) pthread_attr_init(&attr);
807 811 (void) pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
808 812 rc = pthread_create(&tid, &attr, dyndns_publisher, NULL);
809 813 (void) pthread_attr_destroy(&attr);
810 814
811 815 if (rc != 0)
812 816 smbd_report("unable to start dyndns publisher: %s",
813 817 strerror(errno));
814 818 }
815 819
816 820 /*
817 821 * Launches a thread to populate the share cache by share information
818 822 * stored in sharemgr
819 823 */
820 824 static void
821 825 smbd_load_shares(void)
822 826 {
823 827 pthread_t tid;
824 828 pthread_attr_t attr;
825 829 int rc;
|
↓ open down ↓ |
123 lines elided |
↑ open up ↑ |
826 830
827 831 (void) pthread_attr_init(&attr);
828 832 (void) pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
829 833 rc = pthread_create(&tid, &attr, smbd_share_loader, NULL);
830 834 (void) pthread_attr_destroy(&attr);
831 835
832 836 if (rc != 0)
833 837 smbd_report("unable to load disk shares: %s", strerror(errno));
834 838 }
835 839
840 +/*
841 + * This wrapper function is used to avoid casting smb_shr_load() in
842 + * pthread_create() above. It is called very infrequently.
843 + */
836 844 static void *
837 845 smbd_share_loader(void *args)
838 846 {
839 847 (void) smb_shr_load(args);
840 848 return (NULL);
841 849 }
842 850
843 851 /*
844 852 * Initialization of the localtime thread.
845 853 * Returns 0 on success, an error number if thread creation fails.
846 854 */
847 855
848 856 static void
849 857 smbd_localtime_init(void)
850 858 {
851 859 pthread_attr_t attr;
852 860 int rc;
853 861
854 862 (void) pthread_attr_init(&attr);
855 863 (void) pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
856 864 rc = pthread_create(&smbd.s_localtime_tid, &attr,
857 865 smbd_localtime_monitor, NULL);
858 866 (void) pthread_attr_destroy(&attr);
859 867
860 868 if (rc != 0)
861 869 smbd_report("unable to monitor localtime: %s", strerror(errno));
862 870 }
863 871
864 872 /*
865 873 * Send local gmtoff to the kernel module one time at startup and each
866 874 * time it changes (up to twice a year).
867 875 * Local gmtoff is checked once every 15 minutes since some timezones
868 876 * are aligned on half and quarter hour boundaries.
869 877 */
870 878 /*ARGSUSED*/
871 879 static void *
872 880 smbd_localtime_monitor(void *arg)
873 881 {
874 882 struct tm local_tm;
875 883 time_t secs;
876 884 int32_t gmtoff, last_gmtoff = -1;
877 885 int timeout;
878 886 int error;
879 887
880 888 smbd_online_wait("smbd_localtime_monitor");
881 889
882 890 for (;;) {
883 891 gmtoff = smbd_gmtoff();
884 892
885 893 if ((last_gmtoff != gmtoff) && smbd.s_kbound) {
886 894 error = smb_kmod_setgmtoff(gmtoff);
887 895 if (error != 0)
888 896 smbd_report("localtime set failed: %s",
889 897 strerror(error));
890 898 }
891 899
892 900 /*
893 901 * Align the next iteration on a fifteen minute boundary.
894 902 */
895 903 secs = time(0);
896 904 (void) localtime_r(&secs, &local_tm);
897 905 timeout = ((15 - (local_tm.tm_min % 15)) * SECSPERMIN);
898 906 (void) sleep(timeout);
899 907
900 908 last_gmtoff = gmtoff;
901 909 }
902 910
903 911 /*NOTREACHED*/
904 912 return (NULL);
905 913 }
906 914
907 915 /*
908 916 * smbd_gmtoff
909 917 *
910 918 * Determine offset from GMT. If daylight saving time use altzone,
911 919 * otherwise use timezone.
912 920 */
913 921 static int32_t
914 922 smbd_gmtoff(void)
915 923 {
916 924 time_t clock_val;
917 925 struct tm *atm;
918 926 int32_t gmtoff;
919 927
920 928 (void) time(&clock_val);
921 929 atm = localtime(&clock_val);
922 930
923 931 gmtoff = (atm->tm_isdst) ? altzone : timezone;
924 932
925 933 return (gmtoff);
926 934 }
927 935
928 936 /*
929 937 * Set up configuration options and parse the command line.
930 938 * This function will determine if we will run as a daemon
931 939 * or in the foreground.
932 940 *
933 941 * Failure to find a uid or gid results in using the default (0).
934 942 */
935 943 static int
936 944 smbd_setup_options(int argc, char *argv[])
937 945 {
938 946 struct passwd *pwd;
939 947 struct group *grp;
940 948 int c;
941 949
942 950 if ((pwd = getpwnam("root")) != NULL)
943 951 smbd.s_uid = pwd->pw_uid;
944 952
945 953 if ((grp = getgrnam("sys")) != NULL)
946 954 smbd.s_gid = grp->gr_gid;
947 955
948 956 smbd.s_debug = smb_config_get_debug();
949 957 smbd.s_fg = smb_config_get_fg_flag();
950 958
951 959 while ((c = getopt(argc, argv, ":dfs")) != -1) {
952 960 switch (c) {
953 961 case 'd':
954 962 smbd.s_debug++;
955 963 break;
956 964 case 'f':
957 965 smbd.s_fg = 1;
958 966 break;
959 967 case 's':
960 968 smbd.s_dbg_stop = 1;
961 969 break;
962 970 case ':':
963 971 case '?':
964 972 default:
965 973 smbd_usage(stderr);
966 974 return (-1);
967 975 }
968 976 }
969 977
970 978 return (0);
971 979 }
972 980
973 981 static void
974 982 smbd_usage(FILE *fp)
975 983 {
976 984 static char *help[] = {
977 985 "-d enable debug messages"
978 986 "-f run program in foreground"
979 987 };
980 988
981 989 int i;
982 990
983 991 (void) fprintf(fp, "Usage: %s [-f]\n", smbd.s_pname);
984 992
985 993 for (i = 0; i < sizeof (help)/sizeof (help[0]); ++i)
986 994 (void) fprintf(fp, " %s\n", help[i]);
987 995 }
988 996
989 997 void
990 998 smbd_report(const char *fmt, ...)
991 999 {
992 1000 char buf[128];
993 1001 va_list ap;
994 1002
995 1003 if (fmt == NULL)
996 1004 return;
997 1005
998 1006 va_start(ap, fmt);
999 1007 (void) vsnprintf(buf, 128, fmt, ap);
1000 1008 va_end(ap);
1001 1009
1002 1010 (void) fprintf(stderr, "smbd: %s\n", buf);
1003 1011 }
1004 1012
1005 1013 /*
1006 1014 * Enable libumem debugging by default on DEBUG builds.
1007 1015 */
1008 1016 #ifdef DEBUG
1009 1017 const char *
1010 1018 _umem_debug_init(void)
1011 1019 {
1012 1020 return ("default,verbose"); /* $UMEM_DEBUG setting */
1013 1021 }
1014 1022
1015 1023 const char *
1016 1024 _umem_logging_init(void)
1017 1025 {
1018 1026 return ("fail,contents"); /* $UMEM_LOGGING setting */
1019 1027 }
1020 1028 #endif
|
↓ open down ↓ |
175 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX