From e696afd2d810fef403c6e5d35a44cc0f22128310 Mon Sep 17 00:00:00 2001

From: Gary Lockyer <gary@catalyst.net.nz>

Date: Mon, 21 Aug 2017 15:12:04 +1200

Subject: [PATCH 1/4] s4/smbd: set the process group.

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Set the process group in the samba daemon, the --no-process-group option

allows this to be disabled.  The no-process-group option needs to be

disabled in self test.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>

Autobuild-Date(master): Mon Sep 18 04:39:50 CEST 2017 on sn-devel-144

---

 selftest/target/Samba4.pm |  2 +-

 source4/smbd/server.c     | 18 +++++++++++++++++-

 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm

index 772f982cb9d..6a1856ef642 100755

--- a/selftest/target/Samba4.pm

+++ b/selftest/target/Samba4.pm

@@ -158,7 +158,7 @@ sub check_or_start($$$)

 		close($env_vars->{STDIN_PIPE});

 		open STDIN, ">&", $STDIN_READER or die "can't dup STDIN_READER to STDIN: $!";

-		exec(@preargs, Samba::bindir_path($self, "samba"), "-M", $process_model, "-i", "--maximum-runtime=$self->{server_maxtime}", $env_vars->{CONFIGURATION}, @optargs) or die("Unable to start samba: $!");

+		exec(@preargs, Samba::bindir_path($self, "samba"), "-M", $process_model, "-i", "--no-process-group", "--maximum-runtime=$self->{server_maxtime}", $env_vars->{CONFIGURATION}, @optargs) or die("Unable to start samba: $!");

 	}

 	$env_vars->{SAMBA_PID} = $pid;

 	print "DONE ($pid)\n";

diff --git a/source4/smbd/server.c b/source4/smbd/server.c

index a8bad06bed3..ba520e0a8f5 100644

--- a/source4/smbd/server.c

+++ b/source4/smbd/server.c

@@ -341,6 +341,7 @@ static int binary_smbd_main(const char *binary_name,

 {

 	bool opt_daemon = false;

 	bool opt_interactive = false;

+	bool opt_no_process_group = false;

 	int opt;

 	poptContext pc;

 #define _MODULE_PROTO(init) extern NTSTATUS init(TALLOC_CTX *);

@@ -356,7 +357,8 @@ static int binary_smbd_main(const char *binary_name,

 		OPT_DAEMON = 1000,

 		OPT_INTERACTIVE,

 		OPT_PROCESS_MODEL,

-		OPT_SHOW_BUILD

+		OPT_SHOW_BUILD,

+		OPT_NO_PROCESS_GROUP,

 	};

 	struct poptOption long_options[] = {

 		POPT_AUTOHELP

@@ -371,6 +373,8 @@ static int binary_smbd_main(const char *binary_name,

 			"till autotermination", "seconds"},

 		{"show-build", 'b', POPT_ARG_NONE, NULL, OPT_SHOW_BUILD,

 			"show build info", NULL },

+		{"no-process-group", '\0', POPT_ARG_NONE, NULL,

+		  OPT_NO_PROCESS_GROUP, "Don't create a new process group" },

 		POPT_COMMON_SAMBA

 		POPT_COMMON_VERSION

 		{ NULL }

@@ -393,6 +397,9 @@ static int binary_smbd_main(const char *binary_name,

 		case OPT_SHOW_BUILD:

 			show_build();

 			break;

+		case OPT_NO_PROCESS_GROUP:

+			opt_no_process_group = true;

+			break;

 		default:

 			fprintf(stderr, "\nInvalid option %s: %s\n\n",

 				  poptBadOption(pc, 0), poptStrerror(opt));

@@ -508,6 +515,15 @@ static int binary_smbd_main(const char *binary_name,

 		stdin_event_flags = 0;

 	}

+#if HAVE_SETPGID

+	/*

+	 * If we're interactive we want to set our own process group for

+	 * signal management, unless --no-process-group specified.

+	 */

+	if (opt_interactive && !opt_no_process_group)

+		setpgid((pid_t)0, (pid_t)0);

+#endif

+

 	/* catch EOF on stdin */

 #ifdef SIGTTIN

 	signal(SIGTTIN, SIG_IGN);

-- 

2.15.0

From 1e3f38e58d52c7424831855c8db63c391e0b4b75 Mon Sep 17 00:00:00 2001

From: Andreas Schneider <asn@samba.org>

Date: Wed, 15 Nov 2017 10:00:52 +0100

Subject: [PATCH 2/4] s4:samba: Do not segfault if we run into issues

Signed-off-by: Andreas Schneider <asn@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

(cherry picked from commit bfafabfb942668328401a3c89fc55b50dc56c209)

---

 source4/smbd/server.c | 8 ++++++++

 1 file changed, 8 insertions(+)

diff --git a/source4/smbd/server.c b/source4/smbd/server.c

index ba520e0a8f5..406f79593b9 100644

--- a/source4/smbd/server.c

+++ b/source4/smbd/server.c

@@ -100,8 +100,16 @@ static void cleanup_tmp_files(struct loadparm_context *lp_ctx)

 {

 	char *path;

 	TALLOC_CTX *mem_ctx = talloc_new(NULL);

+	if (mem_ctx == NULL) {

+		exit_daemon("Failed to create memory context",

+			    ENOMEM);

+	}

 	path = smbd_tmp_path(mem_ctx, lp_ctx, NULL);

+	if (path == NULL) {

+		exit_daemon("Failed to cleanup temporary files",

+			    EINVAL);

+	}

 	recursive_delete(path);

 	talloc_free(mem_ctx);

-- 

2.15.0

From b7d08eda158ba540dc7ca8755a6a8fdf34e52501 Mon Sep 17 00:00:00 2001

From: Andreas Schneider <asn@samba.org>

Date: Fri, 10 Nov 2017 09:18:18 +0100

Subject: [PATCH 3/4] s4:samba: Allow samba daemon to run in foreground

We are passing the no_process_group to become_daemon() that setsid() is

not called. In case we are double forking, we run in SysV daemon mode,

setsid() should be called!

See:

https://www.freedesktop.org/software/systemd/man/daemon.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13129

Signed-off-by: Andreas Schneider <asn@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

(cherry picked from commit 8736013dc42c5755b75bbb2e843a290bcd545909)

---

 source3/smbd/server.c |  2 +-

 source4/smbd/server.c | 13 ++++++++++---

 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/source3/smbd/server.c b/source3/smbd/server.c

index 181bcd1e123..252b43190d7 100644

--- a/source3/smbd/server.c

+++ b/source3/smbd/server.c

@@ -1592,7 +1592,7 @@ extern void build_options(bool screen);

 	struct poptOption long_options[] = {

 	POPT_AUTOHELP

 	{"daemon", 'D', POPT_ARG_NONE, NULL, OPT_DAEMON, "Become a daemon (default)" },

-	{"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE, "Run interactive (not a daemon)"},

+	{"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE, "Run interactive (not a daemon) and log to stdout"},

 	{"foreground", 'F', POPT_ARG_NONE, NULL, OPT_FORK, "Run daemon in foreground (for daemontools, etc.)" },

 	{"no-process-group", '\0', POPT_ARG_NONE, NULL, OPT_NO_PROCESS_GROUP, "Don't create a new process group" },

 	{"log-stdout", 'S', POPT_ARG_NONE, NULL, OPT_LOG_STDOUT, "Log to stdout" },

diff --git a/source4/smbd/server.c b/source4/smbd/server.c

index 406f79593b9..2349d5c7fa0 100644

--- a/source4/smbd/server.c

+++ b/source4/smbd/server.c

@@ -348,6 +348,7 @@ static int binary_smbd_main(const char *binary_name,

 				const char *argv[])

 {

 	bool opt_daemon = false;

+	bool opt_fork = true;

 	bool opt_interactive = false;

 	bool opt_no_process_group = false;

 	int opt;

@@ -363,6 +364,7 @@ static int binary_smbd_main(const char *binary_name,

 	struct stat st;

 	enum {

 		OPT_DAEMON = 1000,

+		OPT_FOREGROUND,

 		OPT_INTERACTIVE,

 		OPT_PROCESS_MODEL,

 		OPT_SHOW_BUILD,

@@ -372,6 +374,8 @@ static int binary_smbd_main(const char *binary_name,

 		POPT_AUTOHELP

 		{"daemon", 'D', POPT_ARG_NONE, NULL, OPT_DAEMON,

 		 "Become a daemon (default)", NULL },

+		{"foreground", 'F', POPT_ARG_NONE, NULL, OPT_FOREGROUND,

+		 "Run the daemon in foreground", NULL },

 		{"interactive",	'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE,

 		 "Run interactive (not a daemon)", NULL},

 		{"model", 'M', POPT_ARG_STRING,	NULL, OPT_PROCESS_MODEL,

@@ -396,6 +400,9 @@ static int binary_smbd_main(const char *binary_name,

 		case OPT_DAEMON:

 			opt_daemon = true;

 			break;

+		case OPT_FOREGROUND:

+			opt_fork = false;

+			break;

 		case OPT_INTERACTIVE:

 			opt_interactive = true;

 			break;

@@ -422,7 +429,7 @@ static int binary_smbd_main(const char *binary_name,

 			"not allowed together with -D|--daemon\n\n");

 		poptPrintUsage(pc, stderr, 0);

 		return 1;

-	} else if (!opt_interactive) {

+	} else if (!opt_interactive && !opt_fork) {

 		/* default is --daemon */

 		opt_daemon = true;

 	}

@@ -458,8 +465,8 @@ static int binary_smbd_main(const char *binary_name,

 	}

 	if (opt_daemon) {

-		DEBUG(3,("Becoming a daemon.\n"));

-		become_daemon(true, false, false);

+		DBG_NOTICE("Becoming a daemon.\n");

+		become_daemon(opt_fork, opt_no_process_group, false);

 	}

 	/* Create the memory context to hang everything off. */

-- 

2.15.0

From 90588e8d08dcf38d97249eb39d87c5eb36f1fcd3 Mon Sep 17 00:00:00 2001

From: Andreas Schneider <asn@samba.org>

Date: Fri, 10 Nov 2017 09:32:27 +0100

Subject: [PATCH 4/4] systemd: Start processes in forground and without a

 process group

We should not double fork in notify mode or systemd think something

during startup will be wrong and send SIGTERM to the process. So

sometimes the daemon will not start up correctly.

systemd will also handle the process group.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13129

Signed-off-by: Andreas Schneider <asn@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

(cherry picked from commit 8b6f58194da7e849cdb9d20712dff49b17a93a77)

---

 packaging/systemd/nmb.service     | 2 +-

 packaging/systemd/samba.service   | 2 +-

 packaging/systemd/smb.service     | 2 +-

 packaging/systemd/winbind.service | 2 +-

 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/packaging/systemd/nmb.service b/packaging/systemd/nmb.service

index 992c0cd9d2b..71c93d6088b 100644

--- a/packaging/systemd/nmb.service

+++ b/packaging/systemd/nmb.service

@@ -7,7 +7,7 @@ Type=notify

 NotifyAccess=all

 PIDFile=/run/nmbd.pid

 EnvironmentFile=-/etc/sysconfig/samba

-ExecStart=/usr/sbin/nmbd $NMBDOPTIONS

+ExecStart=/usr/sbin/nmbd --foreground --no-process-group $NMBDOPTIONS

 ExecReload=/usr/bin/kill -HUP $MAINPID

 LimitCORE=infinity

diff --git a/packaging/systemd/samba.service b/packaging/systemd/samba.service

index 824f89c2030..1b64c3b779d 100644

--- a/packaging/systemd/samba.service

+++ b/packaging/systemd/samba.service

@@ -8,7 +8,7 @@ NotifyAccess=all

 PIDFile=/run/samba.pid

 LimitNOFILE=16384

 EnvironmentFile=-/etc/sysconfig/samba

-ExecStart=/usr/sbin/samba $SAMBAOPTIONS

+ExecStart=/usr/sbin/samba --foreground --no-process-group $SAMBAOPTIONS

 ExecReload=/usr/bin/kill -HUP $MAINPID

 [Install]

diff --git a/packaging/systemd/smb.service b/packaging/systemd/smb.service

index 6053a5caaa5..adf6684c7d9 100644

--- a/packaging/systemd/smb.service

+++ b/packaging/systemd/smb.service

@@ -8,7 +8,7 @@ NotifyAccess=all

 PIDFile=/run/smbd.pid

 LimitNOFILE=16384

 EnvironmentFile=-/etc/sysconfig/samba

-ExecStart=/usr/sbin/smbd $SMBDOPTIONS

+ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS

 ExecReload=/usr/bin/kill -HUP $MAINPID

 LimitCORE=infinity

diff --git a/packaging/systemd/winbind.service b/packaging/systemd/winbind.service

index c511488166e..46b3797251d 100644

--- a/packaging/systemd/winbind.service

+++ b/packaging/systemd/winbind.service

@@ -7,7 +7,7 @@ Type=notify

 NotifyAccess=all

 PIDFile=/run/winbindd.pid

 EnvironmentFile=-/etc/sysconfig/samba

-ExecStart=/usr/sbin/winbindd "$WINBINDOPTIONS"

+ExecStart=/usr/sbin/winbindd --foreground --no-process-group "$WINBINDOPTIONS"

 ExecReload=/usr/bin/kill -HUP $MAINPID

 LimitCORE=infinity

-- 

2.15.0