1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
samba-mirror/source/smbd/server.c

744 lines
16 KiB
C
Raw Normal View History

0001-01-01 02:30:17 +02:30
/*
Unix SMB/Netbios implementation.
Version 1.9.
Main SMB server routines
Copyright (C) Andrew Tridgell 1992-1998
0001-01-01 02:30:17 +02:30
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
#include "trans2.h"
pstring servicesf = CONFIGFILE;
extern pstring debugf;
extern fstring global_myworkgroup;
- group database API. oops and oh dear, the threat has been carried out: the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
0001-01-01 02:30:17 +02:30
extern fstring global_sam_name;
extern pstring global_myname;
0001-01-01 02:30:17 +02:30
int am_parent = 1;
0001-01-01 02:30:17 +02:30
/* the last message the was processed */
int last_message = -1;
/* a useful macro to debug the last message processed */
#define LAST_MESSAGE() smb_fn_name(last_message)
extern pstring scope;
extern int DEBUGLEVEL;
extern pstring user_socket_options;
#ifdef WITH_DFS
extern int dcelogin_atmost_once;
#endif /* WITH_DFS */
0001-01-01 02:30:17 +02:30
extern fstring remote_machine;
extern pstring OriginalDir;
0001-01-01 02:30:17 +02:30
extern pstring myhostname;
/****************************************************************************
when exiting, take the whole family
****************************************************************************/
static void *dflt_sig(void)
{
exit_server("caught signal");
return NULL;
}
/****************************************************************************
Send a SIGTERM to our process group.
*****************************************************************************/
static void killkids(void)
{
if(am_parent) kill(0,SIGTERM);
}
0001-01-01 02:30:17 +02:30
/****************************************************************************
open the socket communication
****************************************************************************/
static BOOL open_sockets_inetd(void)
{
extern int Client;
/* Started from inetd. fd 0 is the socket. */
/* We will abort gracefully when the client or remote system
goes away */
Client = dup(0);
/* close our standard file descriptors */
close_low_fds();
set_socket_options(Client,"SO_KEEPALIVE");
set_socket_options(Client,user_socket_options);
return True;
}
/****************************************************************************
open the socket communication
****************************************************************************/
static BOOL open_sockets(BOOL is_daemon,int port)
{
extern int Client;
int num_interfaces = iface_count();
int fd_listenset[FD_SETSIZE];
fd_set listen_set;
int s;
int i;
if (!is_daemon) {
return open_sockets_inetd();
}
#ifdef HAVE_ATEXIT
{
static int atexit_set;
if(atexit_set == 0) {
atexit_set=1;
atexit(killkids);
}
}
#endif
/* Stop zombies */
CatchChild();
FD_ZERO(&listen_set);
if(lp_interfaces() && lp_bind_interfaces_only()) {
/* We have been given an interfaces line, and been
told to only bind to those interfaces. Create a
socket per interface and bind to only these.
*/
if(num_interfaces > FD_SETSIZE) {
DEBUG(0,("open_sockets: Too many interfaces specified to bind to. Number was %d \
max can be %d\n",
num_interfaces, FD_SETSIZE));
return False;
}
/* Now open a listen socket for each of the
interfaces. */
for(i = 0; i < num_interfaces; i++) {
struct in_addr *ifip = iface_n_ip(i);
if(ifip == NULL) {
DEBUG(0,("open_sockets: interface %d has NULL IP address !\n", i));
continue;
}
s = fd_listenset[i] = open_socket_in(SOCK_STREAM, port, 0, ifip->s_addr);
if(s == -1)
return False;
/* ready to listen */
if (listen(s, 5) == -1) {
DEBUG(0,("listen: %s\n",strerror(errno)));
close(s);
return False;
}
FD_SET(s,&listen_set);
}
} else {
/* Just bind to 0.0.0.0 - accept connections
from anywhere. */
num_interfaces = 1;
/* open an incoming socket */
s = open_socket_in(SOCK_STREAM, port, 0,
interpret_addr(lp_socket_address()));
if (s == -1)
return(False);
/* ready to listen */
if (listen(s, 5) == -1) {
DEBUG(0,("open_sockets: listen: %s\n",
strerror(errno)));
close(s);
return False;
}
fd_listenset[0] = s;
FD_SET(s,&listen_set);
}
/* now accept incoming connections - forking a new process
for each incoming connection */
DEBUG(2,("waiting for a connection\n"));
while (1) {
fd_set lfds;
int num;
memcpy((char *)&lfds, (char *)&listen_set,
sizeof(listen_set));
num = sys_select(256,&lfds,NULL);
if (num == -1 && errno == EINTR)
continue;
/* Find the sockets that are read-ready -
accept on these. */
for( ; num > 0; num--) {
struct sockaddr addr;
int in_addrlen = sizeof(addr);
s = -1;
for(i = 0; i < num_interfaces; i++) {
if(FD_ISSET(fd_listenset[i],&lfds)) {
s = fd_listenset[i];
/* Clear this so we don't look
at it again. */
FD_CLR(fd_listenset[i],&lfds);
break;
}
}
Client = accept(s,&addr,&in_addrlen);
if (Client == -1 && errno == EINTR)
continue;
if (Client == -1) {
DEBUG(0,("open_sockets: accept: %s\n",
strerror(errno)));
continue;
}
if (Client != -1 && fork()==0) {
/* Child code ... */
/* close the listening socket(s) */
for(i = 0; i < num_interfaces; i++)
close(fd_listenset[i]);
/* close our standard file
descriptors */
close_low_fds();
am_parent = 0;
set_socket_options(Client,"SO_KEEPALIVE");
set_socket_options(Client,user_socket_options);
/* Reset global variables in util.c so
that client substitutions will be
done correctly in the process. */
reset_globals_after_fork();
Makefile.in: Fixed bug with continuation line causing proto to fail. Added $(PROGS) $(SPROGS) as targets for make clean. acconfig.h: Added HAVE_IRIX_SPECIFIC_CAPABILITIES. configure.in: Added sys/capability.h header check. Added function checks for srandom random srand rand. Added HAVE_IRIX_SPECIFIC_CAPABILITIES test. includes.h: Added #include <sys/capability.h>. ntdomain.h: Moved struct acct_info into here from smb.h smb.h: Added KERNEL_OPLOCK_CAPABILITY define. Moved enum action_type into rpcclient.h Moved struct cli_state into client.h Moved struct nt_client_info, struct tar_client_info, struct client_info into rpcclient.h lib/genrand.c: Changed to use sys_random() & friends. lib/smbrun.c: Lose capabilities after fork. lib/system.c: Added set_process_capability(), set_inherited_process_capability() sys_random(), sys_srandom(). lib/util.c: Added Ander's EFBIG lock check to fcntl_lock for 64 bit access to an 32 bit mounted NFS filesystem. nmbd/nmbd.c: Changed to use sys_random() & friends. nmbd/nmbd_browsesync.c: Changed to use sys_random() & friends. passdb/ldap.c: Missed one pdb_encode_acct_ctrl call. passdb/passdb.c: Changed to Ander's code for ' ' characters. passdb/smbpass.c: Added Ander's code to reset ACB_PWNOTREQ. script/mkproto.awk: Added 'long' to prototypes. smbd/chgpasswd.c: Lose capabilities after fork. smbd/open.c: Do the mmap *after* the kernel oplock. smbd/oplock.c: Removed stub code from kernel oplock path. Added set_process_capability(), set_inherited_process_capability() calls. smbd/reply.c: Initialize count = 0, offset = 0. smbd/server.c: Added set_process_capability(), set_inherited_process_capability() calls. tests/summary.c: Ensure we have RANDOM or RAND. utils/smbpasswd.c: Added Ander's code to reset ACB_PWNOTREQ. utils/torture.c: Changed to use sys_random() & friends. Jeremy.
0001-01-01 02:30:17 +02:30
/*
* Ensure this child has kernel oplock
* capabilities, but not it's children.
*/
set_process_capability(KERNEL_OPLOCK_CAPABILITY, True);
set_inherited_process_capability(KERNEL_OPLOCK_CAPABILITY, False);
return True;
}
/* The parent doesn't need this socket */
close(Client);
/* Force parent to check log size after
* spawning child. Fix from
* klausr@ITAP.Physik.Uni-Stuttgart.De. The
* parent smbd will log to logserver.smb. It
* writes only two messages for each child
* started/finished. But each child writes,
* say, 50 messages also in logserver.smb,
* begining with the debug_count of the
* parent, before the child opens its own log
* file logserver.client. In a worst case
* scenario the size of logserver.smb would be
* checked after about 50*50=2500 messages
* (ca. 100kb).
* */
force_check_log_size();
} /* end for num */
} /* end while 1 */
/* NOTREACHED return True; */
}
0001-01-01 02:30:17 +02:30
/****************************************************************************
reload the services file
**************************************************************************/
BOOL reload_services(BOOL test)
{
BOOL ret;
if (lp_loaded()) {
pstring fname;
pstrcpy(fname,lp_configfile());
if (file_exist(fname,NULL) && !strcsequal(fname,servicesf)) {
pstrcpy(servicesf,fname);
test = False;
}
}
0001-01-01 02:30:17 +02:30
reopen_logs();
0001-01-01 02:30:17 +02:30
if (test && !lp_file_list_changed())
return(True);
0001-01-01 02:30:17 +02:30
lp_killunused(conn_snum_used);
0001-01-01 02:30:17 +02:30
ret = lp_load(servicesf,False,False,True);
0001-01-01 02:30:17 +02:30
load_printers();
0001-01-01 02:30:17 +02:30
/* perhaps the config filename is now set */
if (!test)
reload_services(True);
reopen_logs();
0001-01-01 02:30:17 +02:30
load_interfaces();
0001-01-01 02:30:17 +02:30
{
extern int Client;
if (Client != -1) {
set_socket_options(Client,"SO_KEEPALIVE");
set_socket_options(Client,user_socket_options);
}
}
reset_mangled_cache();
/* this forces service parameters to be flushed */
become_service(NULL,True);
return(ret);
}
0001-01-01 02:30:17 +02:30
/****************************************************************************
this prevents zombie child processes
0001-01-01 02:30:17 +02:30
****************************************************************************/
BOOL reload_after_sighup = False;
0001-01-01 02:30:17 +02:30
static void sig_hup(int sig)
{
BlockSignals(True,SIGHUP);
DEBUG(0,("Got SIGHUP\n"));
0001-01-01 02:30:17 +02:30
/*
* Fix from <branko.cibej@hermes.si> here.
* We used to reload in the signal handler - this
* is a *BIG* no-no.
*/
0001-01-01 02:30:17 +02:30
reload_after_sighup = True;
BlockSignals(False,SIGHUP);
0001-01-01 02:30:17 +02:30
}
#if DUMP_CORE
/*******************************************************************
prepare to dump a core file - carefully!
********************************************************************/
static BOOL dump_core(void)
{
char *p;
pstring dname;
pstrcpy(dname,debugf);
if ((p=strrchr(dname,'/'))) *p=0;
pstrcat(dname,"/corefiles");
mkdir(dname,0700);
sys_chown(dname,getuid(),getgid());
chmod(dname,0700);
if (chdir(dname)) return(False);
umask(~(0700));
0001-01-01 02:30:17 +02:30
#ifdef HAVE_GETRLIMIT
0001-01-01 02:30:17 +02:30
#ifdef RLIMIT_CORE
{
struct rlimit rlp;
getrlimit(RLIMIT_CORE, &rlp);
rlp.rlim_cur = MAX(4*1024*1024,rlp.rlim_cur);
setrlimit(RLIMIT_CORE, &rlp);
getrlimit(RLIMIT_CORE, &rlp);
DEBUG(3,("Core limits now %d %d\n",
(int)rlp.rlim_cur,(int)rlp.rlim_max));
}
0001-01-01 02:30:17 +02:30
#endif
#endif
DEBUG(0,("Dumping core in %s\n",dname));
abort();
return(True);
0001-01-01 02:30:17 +02:30
}
#endif
0001-01-01 02:30:17 +02:30
/****************************************************************************
exit the server
****************************************************************************/
void exit_server(char *reason)
{
static int firsttime=1;
extern char *last_inbuf;
0001-01-01 02:30:17 +02:30
if (!firsttime) exit(0);
firsttime = 0;
unbecome_user();
DEBUG(2,("Closing connections\n"));
conn_close_all();
#ifdef WITH_DFS
if (dcelogin_atmost_once) {
dfs_unlogin();
}
0001-01-01 02:30:17 +02:30
#endif
if (!reason) {
int oldlevel = DEBUGLEVEL;
DEBUGLEVEL = 10;
DEBUG(0,("Last message was %s\n",smb_fn_name(last_message)));
if (last_inbuf)
show_msg(last_inbuf);
DEBUGLEVEL = oldlevel;
DEBUG(0,("===============================================================\n"));
0001-01-01 02:30:17 +02:30
#if DUMP_CORE
if (dump_core()) return;
0001-01-01 02:30:17 +02:30
#endif
}
Makefile: Changes to split Solaris into Solaris2.3 and previous, and 2.4 and after from Paul Eggert. Makefile: Added AMIGA changes from Rask Ingemann Lambertsen <rask@k4315.kampsax.dtu.dk>. charset.c: Patch for Western European Languages from Josef Hinteregger <joehtg@joehtg.co.at> charset.h: Patch for Western European Languages from Josef Hinteregger <joehtg@joehtg.co.at> clitar.c: Patch to re-sync after read fail from (lost contributor name, sorry). includes.h: Patch for AMIGA from Rask Ingemann Lambertsen <rask@k4315.kampsax.dtu.dk> includes.h: Patch for SunOS atexit by Jeremy (jra@cygnus.com) interface.c: Patch for AMIGA from Rask Ingemann Lambertsen <rask@k4315.kampsax.dtu.dk> kanji.h: Patch for Western European Languages from Josef Hinteregger <joehtg@joehtg.co.at> locking.c: Patch to fix file locking from Jeremy (jra@cygnus.com) locking.c: Patch to add granularity of lock files to usec by Jeremy (jra@cygnus.com) pipes.c: Patch to fix file locking from Jeremy (jra@cygnus.com) proto.h: Patch to fix file locking from Jeremy (jra@cygnus.com) reply.c: Patch to fix file locking from Jeremy (jra@cygnus.com) server.c: Patch to fix file locking from Jeremy (jra@cygnus.com) server.c: Patch for FAST_SHARE_MODE fix from (lost contributor name, sorry). smb.h: Patch to fix file locking from Jeremy (jra@cygnus.com) smb.h: Patch to add granularity of lock files to usec by Jeremy (jra@cygnus.com) status.c: Patch to fix file locking from Jeremy (jra@cygnus.com) statuc.c: Patch to add granularity of lock files to usec by Jeremy (jra@cygnus.com) system.c: Patch for Western European Languages from Josef Hinteregger <joehtg@joehtg.co.at> trans2.c: Patch to fix file locking from Jeremy (jra@cygnus.com) trans2.c: Patch to fix volume name reported to Win95 from Jeremy (jra@cygnus.com) util.c: Patch for Western European Languages from Josef Hinteregger <joehtg@joehtg.co.at> util.c: Patch to fix client_name from continuously returning UNKNOWN (from various contributors). version.h: Update to 1.9.16p10.
0001-01-01 02:30:17 +02:30
locking_end();
Makefile: Changes to split Solaris into Solaris2.3 and previous, and 2.4 and after from Paul Eggert. Makefile: Added AMIGA changes from Rask Ingemann Lambertsen <rask@k4315.kampsax.dtu.dk>. charset.c: Patch for Western European Languages from Josef Hinteregger <joehtg@joehtg.co.at> charset.h: Patch for Western European Languages from Josef Hinteregger <joehtg@joehtg.co.at> clitar.c: Patch to re-sync after read fail from (lost contributor name, sorry). includes.h: Patch for AMIGA from Rask Ingemann Lambertsen <rask@k4315.kampsax.dtu.dk> includes.h: Patch for SunOS atexit by Jeremy (jra@cygnus.com) interface.c: Patch for AMIGA from Rask Ingemann Lambertsen <rask@k4315.kampsax.dtu.dk> kanji.h: Patch for Western European Languages from Josef Hinteregger <joehtg@joehtg.co.at> locking.c: Patch to fix file locking from Jeremy (jra@cygnus.com) locking.c: Patch to add granularity of lock files to usec by Jeremy (jra@cygnus.com) pipes.c: Patch to fix file locking from Jeremy (jra@cygnus.com) proto.h: Patch to fix file locking from Jeremy (jra@cygnus.com) reply.c: Patch to fix file locking from Jeremy (jra@cygnus.com) server.c: Patch to fix file locking from Jeremy (jra@cygnus.com) server.c: Patch for FAST_SHARE_MODE fix from (lost contributor name, sorry). smb.h: Patch to fix file locking from Jeremy (jra@cygnus.com) smb.h: Patch to add granularity of lock files to usec by Jeremy (jra@cygnus.com) status.c: Patch to fix file locking from Jeremy (jra@cygnus.com) statuc.c: Patch to add granularity of lock files to usec by Jeremy (jra@cygnus.com) system.c: Patch for Western European Languages from Josef Hinteregger <joehtg@joehtg.co.at> trans2.c: Patch to fix file locking from Jeremy (jra@cygnus.com) trans2.c: Patch to fix volume name reported to Win95 from Jeremy (jra@cygnus.com) util.c: Patch for Western European Languages from Josef Hinteregger <joehtg@joehtg.co.at> util.c: Patch to fix client_name from continuously returning UNKNOWN (from various contributors). version.h: Update to 1.9.16p10.
0001-01-01 02:30:17 +02:30
DEBUG(3,("Server exit (%s)\n", (reason ? reason : "")));
- group database API. oops and oh dear, the threat has been carried out: the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
0001-01-01 02:30:17 +02:30
#ifdef MEM_MAN
{
extern FILE *dbf;
smb_mem_write_verbose(dbf);
dbgflush();
}
#endif
exit(0);
0001-01-01 02:30:17 +02:30
}
/****************************************************************************
initialise connect, service and file structs
****************************************************************************/
static void init_structs(void)
0001-01-01 02:30:17 +02:30
{
conn_init();
file_init();
init_rpc_pipe_hnd(); /* for RPC pipes */
init_lsa_policy_hnd(); /* for LSA handles */
init_dptrs();
0001-01-01 02:30:17 +02:30
}
/****************************************************************************
usage on the program
****************************************************************************/
static void usage(char *pname)
0001-01-01 02:30:17 +02:30
{
DEBUG(0,("Incorrect program usage - are you sure the command line is correct?\n"));
printf("Usage: %s [-D] [-p port] [-d debuglevel] ", pname);
printf("[-l log basename] [-s services file]\n" );
printf("Version %s\n",VERSION);
printf("\t-D become a daemon\n");
printf("\t-p port listen on the specified port\n");
printf("\t-d debuglevel set the debuglevel\n");
printf("\t-l log basename. Basename for log/debug files\n");
printf("\t-s services file. Filename of services file\n");
printf("\t-P passive only\n");
printf("\t-a append to log file (default)\n");
printf("\t-o overwrite log file, don't append\n");
printf("\t-i scope NetBIOS scope to use (default none)\n");
printf("\n");
0001-01-01 02:30:17 +02:30
}
/****************************************************************************
main program
****************************************************************************/
int main(int argc,char *argv[])
0001-01-01 02:30:17 +02:30
{
extern BOOL append_log;
/* shall I run as a daemon */
BOOL is_daemon = False;
int port = SMB_PORT;
int opt;
extern char *optarg;
#ifdef HAVE_SET_AUTH_PARAMETERS
set_auth_parameters(argc,argv);
0001-01-01 02:30:17 +02:30
#endif
#ifdef HAVE_SETLUID
/* needed for SecureWare on SCO */
setluid(0);
0001-01-01 02:30:17 +02:30
#endif
append_log = True;
0001-01-01 02:30:17 +02:30
TimeInit();
0001-01-01 02:30:17 +02:30
pstrcpy(debugf,SMBLOGFILE);
0001-01-01 02:30:17 +02:30
pstrcpy(remote_machine, "smb");
setup_logging(argv[0],False);
0001-01-01 02:30:17 +02:30
charset_initialise();
0001-01-01 02:30:17 +02:30
/* make absolutely sure we run as root - to handle cases where people
are crazy enough to have it setuid */
#ifdef HAVE_SETRESUID
setresuid(0,0,0);
0001-01-01 02:30:17 +02:30
#else
setuid(0);
seteuid(0);
setuid(0);
seteuid(0);
0001-01-01 02:30:17 +02:30
#endif
fault_setup((void (*)(void *))exit_server);
CatchSignal(SIGTERM , SIGNAL_CAST dflt_sig);
/* we are never interested in SIGPIPE */
BlockSignals(True,SIGPIPE);
/* we want total control over the permissions on created files,
so set our umask to 0 */
umask(0);
dos_GetWd(OriginalDir);
init_uid();
/* this is for people who can't start the program correctly */
while (argc > 1 && (*argv[1] != '-')) {
argv++;
argc--;
0001-01-01 02:30:17 +02:30
}
while ( EOF != (opt = getopt(argc, argv, "O:i:l:s:d:Dp:h?Paof:")) )
switch (opt) {
case 'O':
pstrcpy(user_socket_options,optarg);
break;
case 'i':
pstrcpy(scope,optarg);
break;
case 'P':
{
extern BOOL passive;
passive = True;
}
break;
case 's':
pstrcpy(servicesf,optarg);
break;
case 'l':
pstrcpy(debugf,optarg);
break;
case 'a':
append_log = True;
break;
case 'o':
append_log = False;
break;
case 'D':
is_daemon = True;
break;
case 'd':
if (*optarg == 'A')
DEBUGLEVEL = 10000;
else
DEBUGLEVEL = atoi(optarg);
break;
case 'p':
port = atoi(optarg);
break;
case 'h':
case '?':
usage(argv[0]);
exit(0);
break;
default:
usage(argv[0]);
exit(1);
}
0001-01-01 02:30:17 +02:30
reopen_logs();
0001-01-01 02:30:17 +02:30
DEBUG(1,( "smbd version %s started.\n", VERSION));
DEBUGADD(1,( "Copyright Andrew Tridgell 1992-1998\n"));
0001-01-01 02:30:17 +02:30
DEBUG(2,("uid=%d gid=%d euid=%d egid=%d\n",
(int)getuid(),(int)getgid(),(int)geteuid(),(int)getegid()));
0001-01-01 02:30:17 +02:30
if (sizeof(uint16) < 2 || sizeof(uint32) < 4) {
DEBUG(0,("ERROR: Samba is not configured correctly for the word size on your machine\n"));
exit(1);
}
0001-01-01 02:30:17 +02:30
get_myname(myhostname,NULL);
if (!reload_services(False))
return(-1);
0001-01-01 02:30:17 +02:30
init_structs();
/*
* Set the machine NETBIOS name if not already
* set from the config file.
*/
if (!*global_myname)
{
fstrcpy(global_myname, dns_to_netbios_name(myhostname));
}
strupper(global_myname);
#ifdef WITH_SSL
{
extern BOOL sslEnabled;
sslEnabled = lp_ssl_enabled();
if(sslEnabled)
sslutil_init(True);
}
#endif /* WITH_SSL */
codepage_initialise(lp_client_code_page());
if (!pwdb_initialise(True))
{
exit(1);
}
- group database API. oops and oh dear, the threat has been carried out: the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
0001-01-01 02:30:17 +02:30
if(!initialise_sam_password_db())
{
exit(1);
}
- group database API. oops and oh dear, the threat has been carried out: the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
0001-01-01 02:30:17 +02:30
if(!initialise_passgrp_db())
{
exit(1);
}
if(!initialise_group_db())
{
exit(1);
}
if(!initialise_alias_db())
- group database API. oops and oh dear, the threat has been carried out: the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
0001-01-01 02:30:17 +02:30
{
exit(1);
}
if(!initialise_builtin_db())
{
exit(1);
}
if (!get_member_domain_sid())
- group database API. oops and oh dear, the threat has been carried out: the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
0001-01-01 02:30:17 +02:30
{
DEBUG(0,("ERROR: Samba cannot obtain PDC SID from PDC(s) %s.\n",
lp_passwordserver()));
exit(1);
}
CatchSignal(SIGHUP,SIGNAL_CAST sig_hup);
/* Setup the signals that allow the debug log level
to by dynamically changed. */
/* If we are using the malloc debug code we can't use
SIGUSR1 and SIGUSR2 to do debug level changes. */
#ifndef MEM_MAN
#if defined(SIGUSR1)
CatchSignal( SIGUSR1, SIGNAL_CAST sig_usr1 );
#endif /* SIGUSR1 */
#if defined(SIGUSR2)
CatchSignal( SIGUSR2, SIGNAL_CAST sig_usr2 );
#endif /* SIGUSR2 */
#endif /* MEM_MAN */
DEBUG(3,( "loaded services\n"));
0001-01-01 02:30:17 +02:30
if (!is_daemon && !is_a_socket(0)) {
DEBUG(0,("standard input is not a socket, assuming -D option\n"));
is_daemon = True;
}
if (is_daemon) {
DEBUG( 3, ( "Becoming a daemon.\n" ) );
become_daemon();
}
check_kernel_oplocks();
Makefile.in: Fixed bug with continuation line causing proto to fail. Added $(PROGS) $(SPROGS) as targets for make clean. acconfig.h: Added HAVE_IRIX_SPECIFIC_CAPABILITIES. configure.in: Added sys/capability.h header check. Added function checks for srandom random srand rand. Added HAVE_IRIX_SPECIFIC_CAPABILITIES test. includes.h: Added #include <sys/capability.h>. ntdomain.h: Moved struct acct_info into here from smb.h smb.h: Added KERNEL_OPLOCK_CAPABILITY define. Moved enum action_type into rpcclient.h Moved struct cli_state into client.h Moved struct nt_client_info, struct tar_client_info, struct client_info into rpcclient.h lib/genrand.c: Changed to use sys_random() & friends. lib/smbrun.c: Lose capabilities after fork. lib/system.c: Added set_process_capability(), set_inherited_process_capability() sys_random(), sys_srandom(). lib/util.c: Added Ander's EFBIG lock check to fcntl_lock for 64 bit access to an 32 bit mounted NFS filesystem. nmbd/nmbd.c: Changed to use sys_random() & friends. nmbd/nmbd_browsesync.c: Changed to use sys_random() & friends. passdb/ldap.c: Missed one pdb_encode_acct_ctrl call. passdb/passdb.c: Changed to Ander's code for ' ' characters. passdb/smbpass.c: Added Ander's code to reset ACB_PWNOTREQ. script/mkproto.awk: Added 'long' to prototypes. smbd/chgpasswd.c: Lose capabilities after fork. smbd/open.c: Do the mmap *after* the kernel oplock. smbd/oplock.c: Removed stub code from kernel oplock path. Added set_process_capability(), set_inherited_process_capability() calls. smbd/reply.c: Initialize count = 0, offset = 0. smbd/server.c: Added set_process_capability(), set_inherited_process_capability() calls. tests/summary.c: Ensure we have RANDOM or RAND. utils/smbpasswd.c: Added Ander's code to reset ACB_PWNOTREQ. utils/torture.c: Changed to use sys_random() & friends. Jeremy.
0001-01-01 02:30:17 +02:30
if (!directory_exist(lp_lockdir(), NULL)) {
mkdir(lp_lockdir(), 0755);
}
0001-01-01 02:30:17 +02:30
if (is_daemon) {
pidfile_create("smbd");
}
if (!open_sockets(is_daemon,port))
exit(1);
if (!locking_init(0))
exit(1);
0001-01-01 02:30:17 +02:30
/* possibly reload the services file. */
reload_services(True);
if (*lp_rootdir()) {
if (sys_chroot(lp_rootdir()) == 0)
DEBUG(2,("Changed root to %s\n", lp_rootdir()));
}
/* Setup the oplock IPC socket. */
if( !open_oplock_ipc() )
exit(1);
smbd_process();
close_sockets();
exit_server("normal exit");
return(0);
0001-01-01 02:30:17 +02:30
}