/*

 * CDDL HEADER START

 *

 * The contents of this file are subject to the terms of the

 * Common Development and Distribution License (the "License").

 * You may not use this file except in compliance with the License.

 *

 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE

 * or http://www.opensolaris.org/os/licensing.

 * See the License for the specific language governing permissions

 * and limitations under the License.

 *

 * When distributing Covered Code, include this CDDL HEADER in each

 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.

 * If applicable, add the following below this CDDL HEADER, with the

 * fields enclosed by brackets "[]" replaced with your own identifying

 * information: Portions Copyright [yyyy] [name of copyright owner]

 *

 * CDDL HEADER END

 */

/*

 * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.

 * Use is subject to license terms.

 */

#pragma ident	"%Z%%M%	%I%	%E% SMI"

#include <sys/types.h>

#include <sys/stat.h>

#include <sys/ioccom.h>

#include <stdio.h>

#include <string.h>

#include <strings.h>

#include <stdlib.h>

#include <unistd.h>

#include <stdarg.h>

#include <fcntl.h>

#include <wait.h>

#include <signal.h>

#include <libscf.h>

#include <limits.h>

#include <priv_utils.h>

#include <door.h>

#include <errno.h>

#include <syslog.h>

#include <pthread.h>

#include <time.h>

#include <libscf.h>

#include <zone.h>

#include <tzfile.h>

#include <libgen.h>

#include <pwd.h>

#include <grp.h>

#include <smbsrv/smb_door_svc.h>

#include <smbsrv/smb_ioctl.h>

#include <smbsrv/libsmb.h>

#include <smbsrv/libsmbns.h>

#include <smbsrv/libsmbrdr.h>

#include <smbsrv/libmlsvc.h>

#include "smbd.h"

#define	DRV_DEVICE_PATH	"/devices/pseudo/smbsrv@0:smbsrv"

#define	SMB_DBDIR "/var/smb"

extern void *smbd_nbt_listener(void *);

extern void *smbd_tcp_listener(void *);

static int smbd_daemonize_init(void);

static void smbd_daemonize_fini(int, int);

static int smbd_kernel_bind(void);

static void smbd_kernel_unbind(void);

static int smbd_already_running(void);

static int smbd_service_init(void);

static void smbd_service_fini(void);

static int smbd_setup_options(int argc, char *argv[]);

static void smbd_usage(FILE *fp);

static void smbd_report(const char *fmt, ...);

static void smbd_sig_handler(int sig);

static int smbd_localtime_init(void);

static void *smbd_localtime_monitor(void *arg);

static pthread_t localtime_thr;

static int smbd_refresh_init(void);

static void smbd_refresh_fini(void);

static void *smbd_refresh_monitor(void *);

static pthread_t nbt_listener;

static pthread_t tcp_listener;

static pthread_t refresh_thr;

static pthread_cond_t refresh_cond;

static pthread_mutex_t refresh_mutex;

smbd_t smbd;

/*

 * smbd user land daemon

 *

 * Use SMF error codes only on return or exit.

 */

int

main(int argc, char *argv[])

{

	struct sigaction	act;

	sigset_t		set;

	uid_t			uid;

	int			pfd = -1;

	smbd.s_pname = basename(argv[0]);

	openlog(smbd.s_pname, LOG_PID | LOG_NOWAIT, LOG_DAEMON);

	if (smbd_setup_options(argc, argv) != 0)

		return (SMF_EXIT_ERR_FATAL);

	if ((uid = getuid()) != smbd.s_uid) {

		smbd_report("user %d: %s", uid, strerror(EPERM));

		return (SMF_EXIT_ERR_FATAL);

	}

	if (getzoneid() != GLOBAL_ZONEID) {

		smbd_report("non-global zones are not supported");

		return (SMF_EXIT_ERR_FATAL);

	}

	if (is_system_labeled()) {

		smbd_report("Trusted Extensions not supported");

		return (SMF_EXIT_ERR_FATAL);

	}

	if (smbd_already_running())

		return (SMF_EXIT_OK);

	(void) sigfillset(&set);

	(void) sigdelset(&set, SIGABRT);

	(void) sigfillset(&act.sa_mask);

	act.sa_handler = smbd_sig_handler;

	act.sa_flags = 0;

	(void) sigaction(SIGTERM, &act, NULL);

	(void) sigaction(SIGHUP, &act, NULL);

	(void) sigaction(SIGINT, &act, NULL);

	(void) sigaction(SIGPIPE, &act, NULL);

	(void) sigdelset(&set, SIGTERM);

	(void) sigdelset(&set, SIGHUP);

	(void) sigdelset(&set, SIGINT);

	(void) sigdelset(&set, SIGPIPE);

	if (smbd.s_fg) {

		(void) sigdelset(&set, SIGTSTP);

		(void) sigdelset(&set, SIGTTIN);

		(void) sigdelset(&set, SIGTTOU);

		if (smbd_service_init() != 0) {

			smbd_report("service initialization failed");

			exit(SMF_EXIT_ERR_FATAL);

		}

	} else {

		/*

		 * "pfd" is a pipe descriptor -- any fatal errors

		 * during subsequent initialization of the child

		 * process should be written to this pipe and the

		 * parent will report this error as the exit status.

		 */

		pfd = smbd_daemonize_init();

		if (smbd_service_init() != 0) {

			smbd_report("daemon initialization failed");

			exit(SMF_EXIT_ERR_FATAL);

		}

		smbd_daemonize_fini(pfd, SMF_EXIT_OK);

	}

	(void) atexit(smbd_service_fini);

	while (!smbd.s_shutdown_flag) {

		case 0:

		case SIGPIPE:

			break;

		case SIGHUP:

			/* Refresh config was triggered */

			if (smbd.s_fg)

				smbd_report("reconfiguration requested");

			(void) pthread_cond_signal(&refresh_cond);

			break;

		default:

			/*

			 * Typically SIGINT or SIGTERM.

			 */

			smbd.s_shutdown_flag = 1;

			break;

		}

	}

	smbd_service_fini();

	closelog();

	return (SMF_EXIT_OK);

}

/*

 * This function will fork off a child process,

 * from which only the child will return.

 *

 * Use SMF error codes only on exit.

 */

static int

smbd_daemonize_init(void)

{

	int status, pfds[2];

	sigset_t set, oset;

	pid_t pid;

	int rc;

	/*

	 * Reset privileges to the minimum set required. We continue

	 * to run as root to create and access files in /var.

	 */

	rc = __init_daemon_priv(PU_RESETGROUPS | PU_LIMITPRIVS,

	    smbd.s_uid, smbd.s_gid,

	    PRIV_NET_MAC_AWARE, PRIV_NET_PRIVADDR, PRIV_PROC_AUDIT,

	    PRIV_SYS_DEVICES, PRIV_SYS_SMB, NULL);

	if (rc != 0) {

		smbd_report("insufficient privileges");

		exit(SMF_EXIT_ERR_FATAL);

	}

	/*

	 * Block all signals prior to the fork and leave them blocked in the

	 * parent so we don't get in a situation where the parent gets SIGINT

	 * and returns non-zero exit status and the child is actually running.

	 * In the child, restore the signal mask once we've done our setsid().

	 */

	(void) sigfillset(&set);

	(void) sigdelset(&set, SIGABRT);

	(void) sigprocmask(SIG_BLOCK, &set, &oset);

	if (pipe(pfds) == -1) {

		smbd_report("unable to create pipe");

		exit(SMF_EXIT_ERR_FATAL);

	}

	closelog();

	if ((pid = fork()) == -1) {

		openlog(smbd.s_pname, LOG_PID | LOG_NOWAIT, LOG_DAEMON);

		smbd_report("unable to fork");

		closelog();

		exit(SMF_EXIT_ERR_FATAL);

	}

	/*

	 * If we're the parent process, wait for either the child to send us

	 * the appropriate exit status over the pipe or for the read to fail

	 * (presumably with 0 for EOF if our child terminated abnormally).

	 * If the read fails, exit with either the child's exit status if it

	 * exited or with SMF_EXIT_ERR_FATAL if it died from a fatal signal.

	 */

	if (pid != 0) {

		(void) close(pfds[1]);

		if (read(pfds[0], &status, sizeof (status)) == sizeof (status))

			_exit(status);

		if (waitpid(pid, &status, 0) == pid && WIFEXITED(status))

			_exit(WEXITSTATUS(status));

		_exit(SMF_EXIT_ERR_FATAL);

	}

	openlog(smbd.s_pname, LOG_PID | LOG_NOWAIT, LOG_DAEMON);

	smbd.s_pid = getpid();

	(void) setsid();

	(void) sigprocmask(SIG_SETMASK, &oset, NULL);

	(void) chdir("/");

	(void) umask(022);

	(void) close(pfds[0]);

	return (pfds[1]);

}

static void

smbd_daemonize_fini(int fd, int exit_status)

{

	/*

	 * Now that we're running, if a pipe fd was specified, write an exit

	 * status to it to indicate that our parent process can safely detach.

	 * Then proceed to loading the remaining non-built-in modules.

	 */

	if (fd >= 0)

		(void) write(fd, &exit_status, sizeof (exit_status));

	(void) close(fd);

	if ((fd = open("/dev/null", O_RDWR)) >= 0) {

		(void) fcntl(fd, F_DUP2FD, STDIN_FILENO);

		(void) fcntl(fd, F_DUP2FD, STDOUT_FILENO);

		(void) fcntl(fd, F_DUP2FD, STDERR_FILENO);

		(void) close(fd);

	}

	__fini_daemon_priv(PRIV_PROC_FORK, PRIV_PROC_EXEC, PRIV_PROC_SESSION,

	    PRIV_FILE_LINK_ANY, PRIV_PROC_INFO, NULL);

}

/*

 * smbd_service_init

 */

static int

smbd_service_init(void)

{

	int	rc;

	char	resource_domain[SMB_PI_MAX_DOMAIN];

	char	fqdn[MAXHOSTNAMELEN];

	smbd.s_drv_fd = -1;

	if ((mkdir(SMB_DBDIR, 0700) < 0) && (errno != EEXIST)) {

		smbd_report("mkdir %s: %s", SMB_DBDIR, strerror(errno));

		return (1);

	}

	if ((rc = smb_ccache_init(SMB_VARRUN_DIR, SMB_CCACHE_FILE)) != 0) {

		if (rc == -1)

			smbd_report("mkdir %s: %s", SMB_VARRUN_DIR,

			    strerror(errno));

		else

			smbd_report("unable to set KRB5CCNAME");

		return (1);

	}

	(void) oem_language_set("english");

	if (!smb_wka_init()) {

		smbd_report("out of memory");

		return (1);

	}

	if (smb_nicmon_start(SMBD_DEFAULT_INSTANCE_FMRI) != 0)

		smbd_report("NIC monitoring failed to start");

	if (dns_msgid_init() != 0) {

		smbd_report("DNS message id initialization failed");

		return (1);

	}

	smbrdr_init();

	if (smb_netbios_start() != 0)

		smbd_report("NetBIOS services failed to start");

	else

		smbd_report("NetBIOS services started");

	if (smb_netlogon_init() != 0) {

		smbd_report("netlogon initialization failed");

		return (1);

	}

	(void) smb_getdomainname(resource_domain, SMB_PI_MAX_DOMAIN);

	(void) utf8_strupr(resource_domain);

	/* Get the ID map client handle */

	if ((rc = smb_idmap_start()) != 0) {

		smbd_report("no idmap handle");

		return (rc);

	}

	smbd.s_secmode = smb_config_get_secmode();

	if ((rc = nt_domain_init(resource_domain, smbd.s_secmode)) != 0) {

		if (rc == SMB_DOMAIN_NOMACHINE_SID) {

			smbd_report(

			    "no machine SID: check idmap configuration");

			return (rc);

		}

	}

	if ((rc = mlsvc_init()) != 0) {

		smbd_report("msrpc initialization failed");

		return (rc);

	}

	if (smbd.s_secmode == SMB_SECMODE_DOMAIN) {

		if (!smb_match_netlogon_seqnum())

			smb_set_netlogon_cred();

		else

			(void) smbd_locate_dc(resource_domain, "");

		(void) lsa_query_primary_domain_info();

	}

	smbd.s_door_lmshr = smb_share_dsrv_start();

	if (smbd.s_door_lmshr < 0) {

		smbd_report("share initialization failed");

	}

	smbd.s_door_srv = smb_door_srv_start();

	if (smbd.s_door_srv < 0)

		return (rc);

	if ((rc = smbd_refresh_init()) != 0)

		return (rc);

	if (smb_getfqdomainname(fqdn, MAXHOSTNAMELEN) == 0)

		(void) dyndns_update_core(fqdn);

	(void) smbd_localtime_init();

		    strerror(errno));

		return (rc);

	}

	(void) smb_lgrp_start();

	rc = smbd_kernel_bind();

	if (rc != 0) {

		smbd_report("kernel bind error: %s", strerror(errno));

		return (rc);

	}

}

/*

 * Close the kernel service and shutdown smbd services.

 * This function is registered with atexit(): ensure that anything

 * called from here is safe to be called multiple times.

 */

static void

smbd_service_fini(void)

{

	smb_wka_fini();

	smbd_refresh_fini();

	smbd_kernel_unbind();

	smb_door_srv_stop();

	smb_share_dsrv_stop();

	smb_nicmon_stop();

	smb_idmap_stop();

	smb_lgrp_stop();

	smb_ccache_remove(SMB_CCACHE_PATH);

	smb_pwd_fini();

}

/*

 * smbd_refresh_init()

 *

 * SMB service refresh thread initialization.  This thread waits for a

 * refresh event and updates the daemon's view of the configuration

 * before going back to sleep.

 */

static int

smbd_refresh_init()

{

	pthread_attr_t		tattr;

	pthread_condattr_t	cattr;

	int			rc;

	(void) pthread_condattr_init(&cattr);

	(void) pthread_cond_init(&refresh_cond, &cattr);

	(void) pthread_condattr_destroy(&cattr);

	(void) pthread_mutex_init(&refresh_mutex, NULL);

	(void) pthread_attr_init(&tattr);

	(void) pthread_attr_setdetachstate(&tattr, PTHREAD_CREATE_DETACHED);

	rc = pthread_create(&refresh_thr, &tattr, smbd_refresh_monitor, 0);

	(void) pthread_attr_destroy(&tattr);

	return (rc);

}

/*

 * smbd_refresh_fini()

 *

 * Stop the refresh thread.

 */

static void

smbd_refresh_fini()

{

	(void) pthread_cancel(refresh_thr);

	(void) pthread_cond_destroy(&refresh_cond);

	(void) pthread_mutex_destroy(&refresh_mutex);

}

/*

 * smbd_refresh_monitor()

 *