From e696afd2d810fef403c6e5d35a44cc0f22128310 Mon Sep 17 00:00:00 2001 From: Gary Lockyer Date: Mon, 21 Aug 2017 15:12:04 +1200 Subject: [PATCH 1/4] s4/smbd: set the process group. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Set the process group in the samba daemon, the --no-process-group option allows this to be disabled. The no-process-group option needs to be disabled in self test. Signed-off-by: Gary Lockyer Reviewed-by: Andrew Bartlett Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Sep 18 04:39:50 CEST 2017 on sn-devel-144 --- selftest/target/Samba4.pm | 2 +- source4/smbd/server.c | 18 +++++++++++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 772f982cb9d..6a1856ef642 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -158,7 +158,7 @@ sub check_or_start($$$) close($env_vars->{STDIN_PIPE}); open STDIN, ">&", $STDIN_READER or die "can't dup STDIN_READER to STDIN: $!"; - exec(@preargs, Samba::bindir_path($self, "samba"), "-M", $process_model, "-i", "--maximum-runtime=$self->{server_maxtime}", $env_vars->{CONFIGURATION}, @optargs) or die("Unable to start samba: $!"); + exec(@preargs, Samba::bindir_path($self, "samba"), "-M", $process_model, "-i", "--no-process-group", "--maximum-runtime=$self->{server_maxtime}", $env_vars->{CONFIGURATION}, @optargs) or die("Unable to start samba: $!"); } $env_vars->{SAMBA_PID} = $pid; print "DONE ($pid)\n"; diff --git a/source4/smbd/server.c b/source4/smbd/server.c index a8bad06bed3..ba520e0a8f5 100644 --- a/source4/smbd/server.c +++ b/source4/smbd/server.c @@ -341,6 +341,7 @@ static int binary_smbd_main(const char *binary_name, { bool opt_daemon = false; bool opt_interactive = false; + bool opt_no_process_group = false; int opt; poptContext pc; #define _MODULE_PROTO(init) extern NTSTATUS init(TALLOC_CTX *); @@ -356,7 +357,8 @@ static int binary_smbd_main(const char *binary_name, OPT_DAEMON = 1000, OPT_INTERACTIVE, OPT_PROCESS_MODEL, - OPT_SHOW_BUILD + OPT_SHOW_BUILD, + OPT_NO_PROCESS_GROUP, }; struct poptOption long_options[] = { POPT_AUTOHELP @@ -371,6 +373,8 @@ static int binary_smbd_main(const char *binary_name, "till autotermination", "seconds"}, {"show-build", 'b', POPT_ARG_NONE, NULL, OPT_SHOW_BUILD, "show build info", NULL }, + {"no-process-group", '\0', POPT_ARG_NONE, NULL, + OPT_NO_PROCESS_GROUP, "Don't create a new process group" }, POPT_COMMON_SAMBA POPT_COMMON_VERSION { NULL } @@ -393,6 +397,9 @@ static int binary_smbd_main(const char *binary_name, case OPT_SHOW_BUILD: show_build(); break; + case OPT_NO_PROCESS_GROUP: + opt_no_process_group = true; + break; default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); @@ -508,6 +515,15 @@ static int binary_smbd_main(const char *binary_name, stdin_event_flags = 0; } +#if HAVE_SETPGID + /* + * If we're interactive we want to set our own process group for + * signal management, unless --no-process-group specified. + */ + if (opt_interactive && !opt_no_process_group) + setpgid((pid_t)0, (pid_t)0); +#endif + /* catch EOF on stdin */ #ifdef SIGTTIN signal(SIGTTIN, SIG_IGN); -- 2.15.0 From 1e3f38e58d52c7424831855c8db63c391e0b4b75 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 15 Nov 2017 10:00:52 +0100 Subject: [PATCH 2/4] s4:samba: Do not segfault if we run into issues Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit bfafabfb942668328401a3c89fc55b50dc56c209) --- source4/smbd/server.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/source4/smbd/server.c b/source4/smbd/server.c index ba520e0a8f5..406f79593b9 100644 --- a/source4/smbd/server.c +++ b/source4/smbd/server.c @@ -100,8 +100,16 @@ static void cleanup_tmp_files(struct loadparm_context *lp_ctx) { char *path; TALLOC_CTX *mem_ctx = talloc_new(NULL); + if (mem_ctx == NULL) { + exit_daemon("Failed to create memory context", + ENOMEM); + } path = smbd_tmp_path(mem_ctx, lp_ctx, NULL); + if (path == NULL) { + exit_daemon("Failed to cleanup temporary files", + EINVAL); + } recursive_delete(path); talloc_free(mem_ctx); -- 2.15.0 From b7d08eda158ba540dc7ca8755a6a8fdf34e52501 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 10 Nov 2017 09:18:18 +0100 Subject: [PATCH 3/4] s4:samba: Allow samba daemon to run in foreground We are passing the no_process_group to become_daemon() that setsid() is not called. In case we are double forking, we run in SysV daemon mode, setsid() should be called! See: https://www.freedesktop.org/software/systemd/man/daemon.html BUG: https://bugzilla.samba.org/show_bug.cgi?id=13129 Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit 8736013dc42c5755b75bbb2e843a290bcd545909) --- source3/smbd/server.c | 2 +- source4/smbd/server.c | 13 ++++++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 181bcd1e123..252b43190d7 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -1592,7 +1592,7 @@ extern void build_options(bool screen); struct poptOption long_options[] = { POPT_AUTOHELP {"daemon", 'D', POPT_ARG_NONE, NULL, OPT_DAEMON, "Become a daemon (default)" }, - {"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE, "Run interactive (not a daemon)"}, + {"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE, "Run interactive (not a daemon) and log to stdout"}, {"foreground", 'F', POPT_ARG_NONE, NULL, OPT_FORK, "Run daemon in foreground (for daemontools, etc.)" }, {"no-process-group", '\0', POPT_ARG_NONE, NULL, OPT_NO_PROCESS_GROUP, "Don't create a new process group" }, {"log-stdout", 'S', POPT_ARG_NONE, NULL, OPT_LOG_STDOUT, "Log to stdout" }, diff --git a/source4/smbd/server.c b/source4/smbd/server.c index 406f79593b9..2349d5c7fa0 100644 --- a/source4/smbd/server.c +++ b/source4/smbd/server.c @@ -348,6 +348,7 @@ static int binary_smbd_main(const char *binary_name, const char *argv[]) { bool opt_daemon = false; + bool opt_fork = true; bool opt_interactive = false; bool opt_no_process_group = false; int opt; @@ -363,6 +364,7 @@ static int binary_smbd_main(const char *binary_name, struct stat st; enum { OPT_DAEMON = 1000, + OPT_FOREGROUND, OPT_INTERACTIVE, OPT_PROCESS_MODEL, OPT_SHOW_BUILD, @@ -372,6 +374,8 @@ static int binary_smbd_main(const char *binary_name, POPT_AUTOHELP {"daemon", 'D', POPT_ARG_NONE, NULL, OPT_DAEMON, "Become a daemon (default)", NULL }, + {"foreground", 'F', POPT_ARG_NONE, NULL, OPT_FOREGROUND, + "Run the daemon in foreground", NULL }, {"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE, "Run interactive (not a daemon)", NULL}, {"model", 'M', POPT_ARG_STRING, NULL, OPT_PROCESS_MODEL, @@ -396,6 +400,9 @@ static int binary_smbd_main(const char *binary_name, case OPT_DAEMON: opt_daemon = true; break; + case OPT_FOREGROUND: + opt_fork = false; + break; case OPT_INTERACTIVE: opt_interactive = true; break; @@ -422,7 +429,7 @@ static int binary_smbd_main(const char *binary_name, "not allowed together with -D|--daemon\n\n"); poptPrintUsage(pc, stderr, 0); return 1; - } else if (!opt_interactive) { + } else if (!opt_interactive && !opt_fork) { /* default is --daemon */ opt_daemon = true; } @@ -458,8 +465,8 @@ static int binary_smbd_main(const char *binary_name, } if (opt_daemon) { - DEBUG(3,("Becoming a daemon.\n")); - become_daemon(true, false, false); + DBG_NOTICE("Becoming a daemon.\n"); + become_daemon(opt_fork, opt_no_process_group, false); } /* Create the memory context to hang everything off. */ -- 2.15.0 From 90588e8d08dcf38d97249eb39d87c5eb36f1fcd3 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 10 Nov 2017 09:32:27 +0100 Subject: [PATCH 4/4] systemd: Start processes in forground and without a process group We should not double fork in notify mode or systemd think something during startup will be wrong and send SIGTERM to the process. So sometimes the daemon will not start up correctly. systemd will also handle the process group. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13129 Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit 8b6f58194da7e849cdb9d20712dff49b17a93a77) --- packaging/systemd/nmb.service | 2 +- packaging/systemd/samba.service | 2 +- packaging/systemd/smb.service | 2 +- packaging/systemd/winbind.service | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packaging/systemd/nmb.service b/packaging/systemd/nmb.service index 992c0cd9d2b..71c93d6088b 100644 --- a/packaging/systemd/nmb.service +++ b/packaging/systemd/nmb.service @@ -7,7 +7,7 @@ Type=notify NotifyAccess=all PIDFile=/run/nmbd.pid EnvironmentFile=-/etc/sysconfig/samba -ExecStart=/usr/sbin/nmbd $NMBDOPTIONS +ExecStart=/usr/sbin/nmbd --foreground --no-process-group $NMBDOPTIONS ExecReload=/usr/bin/kill -HUP $MAINPID LimitCORE=infinity diff --git a/packaging/systemd/samba.service b/packaging/systemd/samba.service index 824f89c2030..1b64c3b779d 100644 --- a/packaging/systemd/samba.service +++ b/packaging/systemd/samba.service @@ -8,7 +8,7 @@ NotifyAccess=all PIDFile=/run/samba.pid LimitNOFILE=16384 EnvironmentFile=-/etc/sysconfig/samba -ExecStart=/usr/sbin/samba $SAMBAOPTIONS +ExecStart=/usr/sbin/samba --foreground --no-process-group $SAMBAOPTIONS ExecReload=/usr/bin/kill -HUP $MAINPID [Install] diff --git a/packaging/systemd/smb.service b/packaging/systemd/smb.service index 6053a5caaa5..adf6684c7d9 100644 --- a/packaging/systemd/smb.service +++ b/packaging/systemd/smb.service @@ -8,7 +8,7 @@ NotifyAccess=all PIDFile=/run/smbd.pid LimitNOFILE=16384 EnvironmentFile=-/etc/sysconfig/samba -ExecStart=/usr/sbin/smbd $SMBDOPTIONS +ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS ExecReload=/usr/bin/kill -HUP $MAINPID LimitCORE=infinity diff --git a/packaging/systemd/winbind.service b/packaging/systemd/winbind.service index c511488166e..46b3797251d 100644 --- a/packaging/systemd/winbind.service +++ b/packaging/systemd/winbind.service @@ -7,7 +7,7 @@ Type=notify NotifyAccess=all PIDFile=/run/winbindd.pid EnvironmentFile=-/etc/sysconfig/samba -ExecStart=/usr/sbin/winbindd "$WINBINDOPTIONS" +ExecStart=/usr/sbin/winbindd --foreground --no-process-group "$WINBINDOPTIONS" ExecReload=/usr/bin/kill -HUP $MAINPID LimitCORE=infinity -- 2.15.0