0001-01-01 02:30:17 +02:30
/*
Unix SMB / Netbios implementation .
Version 1.9 .
Main SMB server routines
0001-01-01 02:30:17 +02:30
Copyright ( C ) Andrew Tridgell 1992 - 1998
0001-01-01 02:30:17 +02:30
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA .
*/
# include "includes.h"
# include "trans2.h"
pstring servicesf = CONFIGFILE ;
extern pstring debugf ;
0001-01-01 02:30:17 +02:30
extern fstring global_myworkgroup ;
- group database API. oops and oh dear, the threat has been carried out:
the pre-alpha "domain group" etc parameters have disappeared.
- interactive debug detection
- re-added mem_man (andrew's memory management, detects memory corruption)
- american spellings of "initialise" replaced with english spelling of
"initialise".
- started on "lookup_name()" and "lookup_sid()" functions. proper ones.
- moved lots of functions around. created some modules of commonly used
code. e.g the password file locking code, which is used in groupfile.c
and aliasfile.c and smbpass.c
- moved RID_TYPE_MASK up another bit. this is really unfortunate, but
there is no other "fast" way to identify users from groups from aliases.
i do not believe that this code saves us anything (the multipliers)
and puts us at a disadvantage (reduces the useable rid space).
the designers of NT aren't silly: if they can get away with a user-
interface-speed LsaLookupNames / LsaLookupSids, then so can we. i
spoke with isaac at the cifs conference, the only time for example that
they do a security context check is on file create. certainly not on
individual file reads / writes, which would drastically hit their
performance and ours, too.
- renamed myworkgroup to global_sam_name, amongst other things, when used
in the rpc code. there is also a global_member_name, as we are always
responsible for a SAM database, the scope of which is limited by the role
of the machine (e.g if a member of a workgroup, your SAM is for _local_
logins only, and its name is the name of your server. you even still
have a SID. see LsaQueryInfoPolicy, levels 3 and 5).
- updated functionality of groupname.c to be able to cope with names
like DOMAIN\group and SERVER\alias. used this code to be able to
do aliases as well as groups. this code may actually be better
off being used in username mapping, too.
- created a connect to serverlist function in clientgen.c and used it
in password.c
- initialisation in server.c depends on the role of the server. well,
it does now.
- rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
0001-01-01 02:30:17 +02:30
extern fstring global_sam_name ;
0001-01-01 02:30:17 +02:30
extern pstring global_myname ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
int am_parent = 1 ;
0001-01-01 02:30:17 +02:30
/* the last message the was processed */
int last_message = - 1 ;
/* a useful macro to debug the last message processed */
# define LAST_MESSAGE() smb_fn_name(last_message)
extern pstring scope ;
extern int DEBUGLEVEL ;
extern pstring user_socket_options ;
0001-01-01 02:30:17 +02:30
# ifdef WITH_DFS
0001-01-01 02:30:17 +02:30
extern int dcelogin_atmost_once ;
0001-01-01 02:30:17 +02:30
# endif /* WITH_DFS */
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
extern fstring remote_machine ;
0001-01-01 02:30:17 +02:30
extern pstring OriginalDir ;
0001-01-01 02:30:17 +02:30
extern pstring myhostname ;
0001-01-01 02:30:17 +02:30
/****************************************************************************
when exiting , take the whole family
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
0001-01-01 02:30:17 +02:30
static void * dflt_sig ( void )
0001-01-01 02:30:17 +02:30
{
0001-01-01 02:30:17 +02:30
exit_server ( " caught signal " ) ;
return NULL ;
0001-01-01 02:30:17 +02:30
}
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
/****************************************************************************
Send a SIGTERM to our process group .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
0001-01-01 02:30:17 +02:30
static void killkids ( void )
0001-01-01 02:30:17 +02:30
{
0001-01-01 02:30:17 +02:30
if ( am_parent ) kill ( 0 , SIGTERM ) ;
0001-01-01 02:30:17 +02:30
}
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
/****************************************************************************
0001-01-01 02:30:17 +02:30
open the socket communication
0001-01-01 02:30:17 +02:30
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
0001-01-01 02:30:17 +02:30
static BOOL open_sockets_inetd ( void )
0001-01-01 02:30:17 +02:30
{
0001-01-01 02:30:17 +02:30
extern int Client ;
/* Started from inetd. fd 0 is the socket. */
/* We will abort gracefully when the client or remote system
goes away */
Client = dup ( 0 ) ;
/* close our standard file descriptors */
close_low_fds ( ) ;
set_socket_options ( Client , " SO_KEEPALIVE " ) ;
set_socket_options ( Client , user_socket_options ) ;
return True ;
}
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
/****************************************************************************
open the socket communication
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static BOOL open_sockets ( BOOL is_daemon , int port )
{
extern int Client ;
int num_interfaces = iface_count ( ) ;
int fd_listenset [ FD_SETSIZE ] ;
fd_set listen_set ;
int s ;
int i ;
if ( ! is_daemon ) {
return open_sockets_inetd ( ) ;
}
0001-01-01 02:30:17 +02:30
# ifdef HAVE_ATEXIT
0001-01-01 02:30:17 +02:30
{
static int atexit_set ;
if ( atexit_set = = 0 ) {
atexit_set = 1 ;
atexit ( killkids ) ;
}
}
0001-01-01 02:30:17 +02:30
# endif
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
/* Stop zombies */
CatchChild ( ) ;
FD_ZERO ( & listen_set ) ;
if ( lp_interfaces ( ) & & lp_bind_interfaces_only ( ) ) {
/* We have been given an interfaces line, and been
told to only bind to those interfaces . Create a
socket per interface and bind to only these .
*/
if ( num_interfaces > FD_SETSIZE ) {
DEBUG ( 0 , ( " open_sockets: Too many interfaces specified to bind to. Number was %d \
max can be % d \ n " ,
num_interfaces , FD_SETSIZE ) ) ;
return False ;
}
/* Now open a listen socket for each of the
interfaces . */
for ( i = 0 ; i < num_interfaces ; i + + ) {
struct in_addr * ifip = iface_n_ip ( i ) ;
if ( ifip = = NULL ) {
DEBUG ( 0 , ( " open_sockets: interface %d has NULL IP address ! \n " , i ) ) ;
continue ;
}
s = fd_listenset [ i ] = open_socket_in ( SOCK_STREAM , port , 0 , ifip - > s_addr ) ;
if ( s = = - 1 )
return False ;
/* ready to listen */
if ( listen ( s , 5 ) = = - 1 ) {
DEBUG ( 0 , ( " listen: %s \n " , strerror ( errno ) ) ) ;
close ( s ) ;
return False ;
}
FD_SET ( s , & listen_set ) ;
}
} else {
/* Just bind to 0.0.0.0 - accept connections
from anywhere . */
num_interfaces = 1 ;
/* open an incoming socket */
s = open_socket_in ( SOCK_STREAM , port , 0 ,
interpret_addr ( lp_socket_address ( ) ) ) ;
if ( s = = - 1 )
return ( False ) ;
/* ready to listen */
if ( listen ( s , 5 ) = = - 1 ) {
DEBUG ( 0 , ( " open_sockets: listen: %s \n " ,
strerror ( errno ) ) ) ;
close ( s ) ;
return False ;
}
fd_listenset [ 0 ] = s ;
FD_SET ( s , & listen_set ) ;
}
/* now accept incoming connections - forking a new process
for each incoming connection */
DEBUG ( 2 , ( " waiting for a connection \n " ) ) ;
while ( 1 ) {
fd_set lfds ;
int num ;
memcpy ( ( char * ) & lfds , ( char * ) & listen_set ,
sizeof ( listen_set ) ) ;
0001-01-01 02:30:17 +02:30
num = sys_select ( 256 , & lfds , NULL ) ;
0001-01-01 02:30:17 +02:30
if ( num = = - 1 & & errno = = EINTR )
continue ;
/* Find the sockets that are read-ready -
accept on these . */
for ( ; num > 0 ; num - - ) {
struct sockaddr addr ;
int in_addrlen = sizeof ( addr ) ;
s = - 1 ;
for ( i = 0 ; i < num_interfaces ; i + + ) {
if ( FD_ISSET ( fd_listenset [ i ] , & lfds ) ) {
s = fd_listenset [ i ] ;
/* Clear this so we don't look
at it again . */
FD_CLR ( fd_listenset [ i ] , & lfds ) ;
break ;
}
}
Client = accept ( s , & addr , & in_addrlen ) ;
if ( Client = = - 1 & & errno = = EINTR )
continue ;
if ( Client = = - 1 ) {
DEBUG ( 0 , ( " open_sockets: accept: %s \n " ,
strerror ( errno ) ) ) ;
continue ;
}
if ( Client ! = - 1 & & fork ( ) = = 0 ) {
/* Child code ... */
/* close the listening socket(s) */
for ( i = 0 ; i < num_interfaces ; i + + )
close ( fd_listenset [ i ] ) ;
/* close our standard file
descriptors */
close_low_fds ( ) ;
am_parent = 0 ;
set_socket_options ( Client , " SO_KEEPALIVE " ) ;
set_socket_options ( Client , user_socket_options ) ;
/* Reset global variables in util.c so
that client substitutions will be
done correctly in the process . */
reset_globals_after_fork ( ) ;
0001-01-01 02:30:17 +02:30
/*
* Ensure this child has kernel oplock
* capabilities , but not it ' s children .
*/
set_process_capability ( KERNEL_OPLOCK_CAPABILITY , True ) ;
set_inherited_process_capability ( KERNEL_OPLOCK_CAPABILITY , False ) ;
0001-01-01 02:30:17 +02:30
return True ;
}
/* The parent doesn't need this socket */
close ( Client ) ;
/* Force parent to check log size after
* spawning child . Fix from
* klausr @ ITAP . Physik . Uni - Stuttgart . De . The
* parent smbd will log to logserver . smb . It
* writes only two messages for each child
* started / finished . But each child writes ,
* say , 50 messages also in logserver . smb ,
* begining with the debug_count of the
* parent , before the child opens its own log
* file logserver . client . In a worst case
* scenario the size of logserver . smb would be
* checked after about 50 * 50 = 2500 messages
* ( ca . 100 kb ) .
* */
force_check_log_size ( ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
} /* end for num */
} /* end while 1 */
0001-01-01 02:30:17 +02:30
/* NOTREACHED return True; */
0001-01-01 02:30:17 +02:30
}
0001-01-01 02:30:17 +02:30
/****************************************************************************
reload the services file
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
BOOL reload_services ( BOOL test )
{
0001-01-01 02:30:17 +02:30
BOOL ret ;
if ( lp_loaded ( ) ) {
pstring fname ;
pstrcpy ( fname , lp_configfile ( ) ) ;
0001-01-01 02:30:17 +02:30
if ( file_exist ( fname , NULL ) & & ! strcsequal ( fname , servicesf ) ) {
pstrcpy ( servicesf , fname ) ;
test = False ;
0001-01-01 02:30:17 +02:30
}
}
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
reopen_logs ( ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
if ( test & & ! lp_file_list_changed ( ) )
return ( True ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
lp_killunused ( conn_snum_used ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
ret = lp_load ( servicesf , False , False , True ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
load_printers ( ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
/* perhaps the config filename is now set */
if ( ! test )
reload_services ( True ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
reopen_logs ( ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
load_interfaces ( ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
{
extern int Client ;
0001-01-01 02:30:17 +02:30
if ( Client ! = - 1 ) {
set_socket_options ( Client , " SO_KEEPALIVE " ) ;
set_socket_options ( Client , user_socket_options ) ;
}
0001-01-01 02:30:17 +02:30
}
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
reset_mangled_cache ( ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
/* this forces service parameters to be flushed */
become_service ( NULL , True ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
return ( ret ) ;
0001-01-01 02:30:17 +02:30
}
0001-01-01 02:30:17 +02:30
/****************************************************************************
0001-01-01 02:30:17 +02:30
this prevents zombie child processes
0001-01-01 02:30:17 +02:30
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
0001-01-01 02:30:17 +02:30
BOOL reload_after_sighup = False ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
static void sig_hup ( int sig )
{
0001-01-01 02:30:17 +02:30
BlockSignals ( True , SIGHUP ) ;
DEBUG ( 0 , ( " Got SIGHUP \n " ) ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
/*
* Fix from < branko . cibej @ hermes . si > here .
* We used to reload in the signal handler - this
* is a * BIG * no - no .
*/
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
reload_after_sighup = True ;
BlockSignals ( False , SIGHUP ) ;
0001-01-01 02:30:17 +02:30
}
# if DUMP_CORE
/*******************************************************************
prepare to dump a core file - carefully !
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static BOOL dump_core ( void )
{
0001-01-01 02:30:17 +02:30
char * p ;
pstring dname ;
pstrcpy ( dname , debugf ) ;
if ( ( p = strrchr ( dname , ' / ' ) ) ) * p = 0 ;
pstrcat ( dname , " /corefiles " ) ;
mkdir ( dname , 0700 ) ;
sys_chown ( dname , getuid ( ) , getgid ( ) ) ;
chmod ( dname , 0700 ) ;
if ( chdir ( dname ) ) return ( False ) ;
umask ( ~ ( 0700 ) ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
# ifdef HAVE_GETRLIMIT
0001-01-01 02:30:17 +02:30
# ifdef RLIMIT_CORE
0001-01-01 02:30:17 +02:30
{
struct rlimit rlp ;
getrlimit ( RLIMIT_CORE , & rlp ) ;
rlp . rlim_cur = MAX ( 4 * 1024 * 1024 , rlp . rlim_cur ) ;
setrlimit ( RLIMIT_CORE , & rlp ) ;
getrlimit ( RLIMIT_CORE , & rlp ) ;
DEBUG ( 3 , ( " Core limits now %d %d \n " ,
( int ) rlp . rlim_cur , ( int ) rlp . rlim_max ) ) ;
}
0001-01-01 02:30:17 +02:30
# endif
# endif
0001-01-01 02:30:17 +02:30
DEBUG ( 0 , ( " Dumping core in %s \n " , dname ) ) ;
abort ( ) ;
return ( True ) ;
0001-01-01 02:30:17 +02:30
}
# endif
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
/****************************************************************************
exit the server
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
void exit_server ( char * reason )
{
0001-01-01 02:30:17 +02:30
static int firsttime = 1 ;
extern char * last_inbuf ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
if ( ! firsttime ) exit ( 0 ) ;
firsttime = 0 ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
unbecome_user ( ) ;
DEBUG ( 2 , ( " Closing connections \n " ) ) ;
conn_close_all ( ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
# ifdef WITH_DFS
0001-01-01 02:30:17 +02:30
if ( dcelogin_atmost_once ) {
dfs_unlogin ( ) ;
}
0001-01-01 02:30:17 +02:30
# endif
0001-01-01 02:30:17 +02:30
if ( ! reason ) {
int oldlevel = DEBUGLEVEL ;
DEBUGLEVEL = 10 ;
DEBUG ( 0 , ( " Last message was %s \n " , smb_fn_name ( last_message ) ) ) ;
if ( last_inbuf )
show_msg ( last_inbuf ) ;
DEBUGLEVEL = oldlevel ;
DEBUG ( 0 , ( " =============================================================== \n " ) ) ;
0001-01-01 02:30:17 +02:30
# if DUMP_CORE
0001-01-01 02:30:17 +02:30
if ( dump_core ( ) ) return ;
0001-01-01 02:30:17 +02:30
# endif
0001-01-01 02:30:17 +02:30
}
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
locking_end ( ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
DEBUG ( 3 , ( " Server exit (%s) \n " , ( reason ? reason : " " ) ) ) ;
- group database API. oops and oh dear, the threat has been carried out:
the pre-alpha "domain group" etc parameters have disappeared.
- interactive debug detection
- re-added mem_man (andrew's memory management, detects memory corruption)
- american spellings of "initialise" replaced with english spelling of
"initialise".
- started on "lookup_name()" and "lookup_sid()" functions. proper ones.
- moved lots of functions around. created some modules of commonly used
code. e.g the password file locking code, which is used in groupfile.c
and aliasfile.c and smbpass.c
- moved RID_TYPE_MASK up another bit. this is really unfortunate, but
there is no other "fast" way to identify users from groups from aliases.
i do not believe that this code saves us anything (the multipliers)
and puts us at a disadvantage (reduces the useable rid space).
the designers of NT aren't silly: if they can get away with a user-
interface-speed LsaLookupNames / LsaLookupSids, then so can we. i
spoke with isaac at the cifs conference, the only time for example that
they do a security context check is on file create. certainly not on
individual file reads / writes, which would drastically hit their
performance and ours, too.
- renamed myworkgroup to global_sam_name, amongst other things, when used
in the rpc code. there is also a global_member_name, as we are always
responsible for a SAM database, the scope of which is limited by the role
of the machine (e.g if a member of a workgroup, your SAM is for _local_
logins only, and its name is the name of your server. you even still
have a SID. see LsaQueryInfoPolicy, levels 3 and 5).
- updated functionality of groupname.c to be able to cope with names
like DOMAIN\group and SERVER\alias. used this code to be able to
do aliases as well as groups. this code may actually be better
off being used in username mapping, too.
- created a connect to serverlist function in clientgen.c and used it
in password.c
- initialisation in server.c depends on the role of the server. well,
it does now.
- rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
0001-01-01 02:30:17 +02:30
# ifdef MEM_MAN
{
extern FILE * dbf ;
smb_mem_write_verbose ( dbf ) ;
dbgflush ( ) ;
}
# endif
0001-01-01 02:30:17 +02:30
exit ( 0 ) ;
0001-01-01 02:30:17 +02:30
}
/****************************************************************************
initialise connect , service and file structs
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
0001-01-01 02:30:17 +02:30
static void init_structs ( void )
0001-01-01 02:30:17 +02:30
{
0001-01-01 02:30:17 +02:30
conn_init ( ) ;
file_init ( ) ;
0001-01-01 02:30:17 +02:30
init_rpc_pipe_hnd ( ) ; /* for RPC pipes */
init_lsa_policy_hnd ( ) ; /* for LSA handles */
0001-01-01 02:30:17 +02:30
init_dptrs ( ) ;
0001-01-01 02:30:17 +02:30
}
/****************************************************************************
usage on the program
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
0001-01-01 02:30:17 +02:30
static void usage ( char * pname )
0001-01-01 02:30:17 +02:30
{
0001-01-01 02:30:17 +02:30
DEBUG ( 0 , ( " Incorrect program usage - are you sure the command line is correct? \n " ) ) ;
0001-01-01 02:30:17 +02:30
printf ( " Usage: %s [-D] [-p port] [-d debuglevel] " , pname ) ;
printf ( " [-l log basename] [-s services file] \n " ) ;
0001-01-01 02:30:17 +02:30
printf ( " Version %s \n " , VERSION ) ;
printf ( " \t -D become a daemon \n " ) ;
printf ( " \t -p port listen on the specified port \n " ) ;
printf ( " \t -d debuglevel set the debuglevel \n " ) ;
printf ( " \t -l log basename. Basename for log/debug files \n " ) ;
printf ( " \t -s services file. Filename of services file \n " ) ;
printf ( " \t -P passive only \n " ) ;
0001-01-01 02:30:17 +02:30
printf ( " \t -a append to log file (default) \n " ) ;
printf ( " \t -o overwrite log file, don't append \n " ) ;
0001-01-01 02:30:17 +02:30
printf ( " \t -i scope NetBIOS scope to use (default none) \n " ) ;
0001-01-01 02:30:17 +02:30
printf ( " \n " ) ;
0001-01-01 02:30:17 +02:30
}
/****************************************************************************
main program
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
0001-01-01 02:30:17 +02:30
int main ( int argc , char * argv [ ] )
0001-01-01 02:30:17 +02:30
{
0001-01-01 02:30:17 +02:30
extern BOOL append_log ;
/* shall I run as a daemon */
BOOL is_daemon = False ;
int port = SMB_PORT ;
int opt ;
extern char * optarg ;
0001-01-01 02:30:17 +02:30
# ifdef HAVE_SET_AUTH_PARAMETERS
0001-01-01 02:30:17 +02:30
set_auth_parameters ( argc , argv ) ;
0001-01-01 02:30:17 +02:30
# endif
0001-01-01 02:30:17 +02:30
# ifdef HAVE_SETLUID
0001-01-01 02:30:17 +02:30
/* needed for SecureWare on SCO */
setluid ( 0 ) ;
0001-01-01 02:30:17 +02:30
# endif
0001-01-01 02:30:17 +02:30
append_log = True ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
TimeInit ( ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
pstrcpy ( debugf , SMBLOGFILE ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
pstrcpy ( remote_machine , " smb " ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
setup_logging ( argv [ 0 ] , False ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
charset_initialise ( ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
/* make absolutely sure we run as root - to handle cases where people
are crazy enough to have it setuid */
0001-01-01 02:30:17 +02:30
# ifdef HAVE_SETRESUID
0001-01-01 02:30:17 +02:30
setresuid ( 0 , 0 , 0 ) ;
0001-01-01 02:30:17 +02:30
# else
0001-01-01 02:30:17 +02:30
setuid ( 0 ) ;
seteuid ( 0 ) ;
setuid ( 0 ) ;
seteuid ( 0 ) ;
0001-01-01 02:30:17 +02:30
# endif
0001-01-01 02:30:17 +02:30
fault_setup ( ( void ( * ) ( void * ) ) exit_server ) ;
CatchSignal ( SIGTERM , SIGNAL_CAST dflt_sig ) ;
0001-01-01 02:30:17 +02:30
/* we are never interested in SIGPIPE */
BlockSignals ( True , SIGPIPE ) ;
0001-01-01 02:30:17 +02:30
/* we want total control over the permissions on created files,
so set our umask to 0 */
umask ( 0 ) ;
0001-01-01 02:30:17 +02:30
dos_GetWd ( OriginalDir ) ;
0001-01-01 02:30:17 +02:30
init_uid ( ) ;
/* this is for people who can't start the program correctly */
while ( argc > 1 & & ( * argv [ 1 ] ! = ' - ' ) ) {
argv + + ;
argc - - ;
0001-01-01 02:30:17 +02:30
}
0001-01-01 02:30:17 +02:30
while ( EOF ! = ( opt = getopt ( argc , argv , " O:i:l:s:d:Dp:h?Paof: " ) ) )
0001-01-01 02:30:17 +02:30
switch ( opt ) {
case ' O ' :
pstrcpy ( user_socket_options , optarg ) ;
break ;
case ' i ' :
pstrcpy ( scope , optarg ) ;
break ;
case ' P ' :
{
extern BOOL passive ;
passive = True ;
}
break ;
case ' s ' :
pstrcpy ( servicesf , optarg ) ;
break ;
case ' l ' :
pstrcpy ( debugf , optarg ) ;
break ;
case ' a ' :
0001-01-01 02:30:17 +02:30
append_log = True ;
break ;
case ' o ' :
append_log = False ;
0001-01-01 02:30:17 +02:30
break ;
case ' D ' :
is_daemon = True ;
break ;
case ' d ' :
if ( * optarg = = ' A ' )
DEBUGLEVEL = 10000 ;
else
DEBUGLEVEL = atoi ( optarg ) ;
break ;
case ' p ' :
port = atoi ( optarg ) ;
break ;
case ' h ' :
0001-01-01 02:30:17 +02:30
case ' ? ' :
0001-01-01 02:30:17 +02:30
usage ( argv [ 0 ] ) ;
exit ( 0 ) ;
break ;
default :
usage ( argv [ 0 ] ) ;
exit ( 1 ) ;
}
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
reopen_logs ( ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
DEBUG ( 1 , ( " smbd version %s started. \n " , VERSION ) ) ;
0001-01-01 02:30:17 +02:30
DEBUGADD ( 1 , ( " Copyright Andrew Tridgell 1992-1998 \n " ) ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
DEBUG ( 2 , ( " uid=%d gid=%d euid=%d egid=%d \n " ,
( int ) getuid ( ) , ( int ) getgid ( ) , ( int ) geteuid ( ) , ( int ) getegid ( ) ) ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
if ( sizeof ( uint16 ) < 2 | | sizeof ( uint32 ) < 4 ) {
DEBUG ( 0 , ( " ERROR: Samba is not configured correctly for the word size on your machine \n " ) ) ;
exit ( 1 ) ;
}
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
get_myname ( myhostname , NULL ) ;
0001-01-01 02:30:17 +02:30
if ( ! reload_services ( False ) )
return ( - 1 ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
init_structs ( ) ;
0001-01-01 02:30:17 +02:30
/*
* Set the machine NETBIOS name if not already
* set from the config file .
*/
if ( ! * global_myname )
{
fstrcpy ( global_myname , dns_to_netbios_name ( myhostname ) ) ;
}
strupper ( global_myname ) ;
0001-01-01 02:30:17 +02:30
# ifdef WITH_SSL
0001-01-01 02:30:17 +02:30
{
extern BOOL sslEnabled ;
sslEnabled = lp_ssl_enabled ( ) ;
if ( sslEnabled )
sslutil_init ( True ) ;
}
0001-01-01 02:30:17 +02:30
# endif /* WITH_SSL */
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
codepage_initialise ( lp_client_code_page ( ) ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
if ( ! pwdb_initialise ( True ) )
0001-01-01 02:30:17 +02:30
{
exit ( 1 ) ;
}
- group database API. oops and oh dear, the threat has been carried out:
the pre-alpha "domain group" etc parameters have disappeared.
- interactive debug detection
- re-added mem_man (andrew's memory management, detects memory corruption)
- american spellings of "initialise" replaced with english spelling of
"initialise".
- started on "lookup_name()" and "lookup_sid()" functions. proper ones.
- moved lots of functions around. created some modules of commonly used
code. e.g the password file locking code, which is used in groupfile.c
and aliasfile.c and smbpass.c
- moved RID_TYPE_MASK up another bit. this is really unfortunate, but
there is no other "fast" way to identify users from groups from aliases.
i do not believe that this code saves us anything (the multipliers)
and puts us at a disadvantage (reduces the useable rid space).
the designers of NT aren't silly: if they can get away with a user-
interface-speed LsaLookupNames / LsaLookupSids, then so can we. i
spoke with isaac at the cifs conference, the only time for example that
they do a security context check is on file create. certainly not on
individual file reads / writes, which would drastically hit their
performance and ours, too.
- renamed myworkgroup to global_sam_name, amongst other things, when used
in the rpc code. there is also a global_member_name, as we are always
responsible for a SAM database, the scope of which is limited by the role
of the machine (e.g if a member of a workgroup, your SAM is for _local_
logins only, and its name is the name of your server. you even still
have a SID. see LsaQueryInfoPolicy, levels 3 and 5).
- updated functionality of groupname.c to be able to cope with names
like DOMAIN\group and SERVER\alias. used this code to be able to
do aliases as well as groups. this code may actually be better
off being used in username mapping, too.
- created a connect to serverlist function in clientgen.c and used it
in password.c
- initialisation in server.c depends on the role of the server. well,
it does now.
- rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
if ( ! initialise_sam_password_db ( ) )
{
exit ( 1 ) ;
}
- group database API. oops and oh dear, the threat has been carried out:
the pre-alpha "domain group" etc parameters have disappeared.
- interactive debug detection
- re-added mem_man (andrew's memory management, detects memory corruption)
- american spellings of "initialise" replaced with english spelling of
"initialise".
- started on "lookup_name()" and "lookup_sid()" functions. proper ones.
- moved lots of functions around. created some modules of commonly used
code. e.g the password file locking code, which is used in groupfile.c
and aliasfile.c and smbpass.c
- moved RID_TYPE_MASK up another bit. this is really unfortunate, but
there is no other "fast" way to identify users from groups from aliases.
i do not believe that this code saves us anything (the multipliers)
and puts us at a disadvantage (reduces the useable rid space).
the designers of NT aren't silly: if they can get away with a user-
interface-speed LsaLookupNames / LsaLookupSids, then so can we. i
spoke with isaac at the cifs conference, the only time for example that
they do a security context check is on file create. certainly not on
individual file reads / writes, which would drastically hit their
performance and ours, too.
- renamed myworkgroup to global_sam_name, amongst other things, when used
in the rpc code. there is also a global_member_name, as we are always
responsible for a SAM database, the scope of which is limited by the role
of the machine (e.g if a member of a workgroup, your SAM is for _local_
logins only, and its name is the name of your server. you even still
have a SID. see LsaQueryInfoPolicy, levels 3 and 5).
- updated functionality of groupname.c to be able to cope with names
like DOMAIN\group and SERVER\alias. used this code to be able to
do aliases as well as groups. this code may actually be better
off being used in username mapping, too.
- created a connect to serverlist function in clientgen.c and used it
in password.c
- initialisation in server.c depends on the role of the server. well,
it does now.
- rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
if ( ! initialise_passgrp_db ( ) )
{
exit ( 1 ) ;
}
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
if ( ! initialise_group_db ( ) )
{
exit ( 1 ) ;
}
if ( ! initialise_alias_db ( ) )
- group database API. oops and oh dear, the threat has been carried out:
the pre-alpha "domain group" etc parameters have disappeared.
- interactive debug detection
- re-added mem_man (andrew's memory management, detects memory corruption)
- american spellings of "initialise" replaced with english spelling of
"initialise".
- started on "lookup_name()" and "lookup_sid()" functions. proper ones.
- moved lots of functions around. created some modules of commonly used
code. e.g the password file locking code, which is used in groupfile.c
and aliasfile.c and smbpass.c
- moved RID_TYPE_MASK up another bit. this is really unfortunate, but
there is no other "fast" way to identify users from groups from aliases.
i do not believe that this code saves us anything (the multipliers)
and puts us at a disadvantage (reduces the useable rid space).
the designers of NT aren't silly: if they can get away with a user-
interface-speed LsaLookupNames / LsaLookupSids, then so can we. i
spoke with isaac at the cifs conference, the only time for example that
they do a security context check is on file create. certainly not on
individual file reads / writes, which would drastically hit their
performance and ours, too.
- renamed myworkgroup to global_sam_name, amongst other things, when used
in the rpc code. there is also a global_member_name, as we are always
responsible for a SAM database, the scope of which is limited by the role
of the machine (e.g if a member of a workgroup, your SAM is for _local_
logins only, and its name is the name of your server. you even still
have a SID. see LsaQueryInfoPolicy, levels 3 and 5).
- updated functionality of groupname.c to be able to cope with names
like DOMAIN\group and SERVER\alias. used this code to be able to
do aliases as well as groups. this code may actually be better
off being used in username mapping, too.
- created a connect to serverlist function in clientgen.c and used it
in password.c
- initialisation in server.c depends on the role of the server. well,
it does now.
- rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
0001-01-01 02:30:17 +02:30
{
0001-01-01 02:30:17 +02:30
exit ( 1 ) ;
}
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
if ( ! initialise_builtin_db ( ) )
{
exit ( 1 ) ;
}
0001-01-01 02:30:17 +02:30
if ( ! get_member_domain_sid ( ) )
- group database API. oops and oh dear, the threat has been carried out:
the pre-alpha "domain group" etc parameters have disappeared.
- interactive debug detection
- re-added mem_man (andrew's memory management, detects memory corruption)
- american spellings of "initialise" replaced with english spelling of
"initialise".
- started on "lookup_name()" and "lookup_sid()" functions. proper ones.
- moved lots of functions around. created some modules of commonly used
code. e.g the password file locking code, which is used in groupfile.c
and aliasfile.c and smbpass.c
- moved RID_TYPE_MASK up another bit. this is really unfortunate, but
there is no other "fast" way to identify users from groups from aliases.
i do not believe that this code saves us anything (the multipliers)
and puts us at a disadvantage (reduces the useable rid space).
the designers of NT aren't silly: if they can get away with a user-
interface-speed LsaLookupNames / LsaLookupSids, then so can we. i
spoke with isaac at the cifs conference, the only time for example that
they do a security context check is on file create. certainly not on
individual file reads / writes, which would drastically hit their
performance and ours, too.
- renamed myworkgroup to global_sam_name, amongst other things, when used
in the rpc code. there is also a global_member_name, as we are always
responsible for a SAM database, the scope of which is limited by the role
of the machine (e.g if a member of a workgroup, your SAM is for _local_
logins only, and its name is the name of your server. you even still
have a SID. see LsaQueryInfoPolicy, levels 3 and 5).
- updated functionality of groupname.c to be able to cope with names
like DOMAIN\group and SERVER\alias. used this code to be able to
do aliases as well as groups. this code may actually be better
off being used in username mapping, too.
- created a connect to serverlist function in clientgen.c and used it
in password.c
- initialisation in server.c depends on the role of the server. well,
it does now.
- rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
0001-01-01 02:30:17 +02:30
{
DEBUG ( 0 , ( " ERROR: Samba cannot obtain PDC SID from PDC(s) %s. \n " ,
lp_passwordserver ( ) ) ) ;
exit ( 1 ) ;
}
0001-01-01 02:30:17 +02:30
CatchSignal ( SIGHUP , SIGNAL_CAST sig_hup ) ;
/* Setup the signals that allow the debug log level
to by dynamically changed . */
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
/* If we are using the malloc debug code we can't use
SIGUSR1 and SIGUSR2 to do debug level changes . */
0001-01-01 02:30:17 +02:30
# ifndef MEM_MAN
0001-01-01 02:30:17 +02:30
# if defined(SIGUSR1)
0001-01-01 02:30:17 +02:30
CatchSignal ( SIGUSR1 , SIGNAL_CAST sig_usr1 ) ;
0001-01-01 02:30:17 +02:30
# endif /* SIGUSR1 */
# if defined(SIGUSR2)
0001-01-01 02:30:17 +02:30
CatchSignal ( SIGUSR2 , SIGNAL_CAST sig_usr2 ) ;
0001-01-01 02:30:17 +02:30
# endif /* SIGUSR2 */
0001-01-01 02:30:17 +02:30
# endif /* MEM_MAN */
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
DEBUG ( 3 , ( " loaded services \n " ) ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
if ( ! is_daemon & & ! is_a_socket ( 0 ) ) {
DEBUG ( 0 , ( " standard input is not a socket, assuming -D option \n " ) ) ;
is_daemon = True ;
}
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
if ( is_daemon ) {
DEBUG ( 3 , ( " Becoming a daemon. \n " ) ) ;
become_daemon ( ) ;
}
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
check_kernel_oplocks ( ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
if ( ! directory_exist ( lp_lockdir ( ) , NULL ) ) {
mkdir ( lp_lockdir ( ) , 0755 ) ;
}
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
if ( is_daemon ) {
pidfile_create ( " smbd " ) ;
}
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
if ( ! open_sockets ( is_daemon , port ) )
exit ( 1 ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
if ( ! locking_init ( 0 ) )
exit ( 1 ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
/* possibly reload the services file. */
reload_services ( True ) ;
if ( * lp_rootdir ( ) ) {
if ( sys_chroot ( lp_rootdir ( ) ) = = 0 )
DEBUG ( 2 , ( " Changed root to %s \n " , lp_rootdir ( ) ) ) ;
}
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
/* Setup the oplock IPC socket. */
if ( ! open_oplock_ipc ( ) )
exit ( 1 ) ;
0001-01-01 02:30:17 +02:30
0001-01-01 02:30:17 +02:30
smbd_process ( ) ;
close_sockets ( ) ;
exit_server ( " normal exit " ) ;
return ( 0 ) ;
0001-01-01 02:30:17 +02:30
}