diff --git a/samba-4.7-fix_samba_with_systemd.patch b/samba-4.7-fix_samba_with_systemd.patch new file mode 100644 index 0000000..a12f130 --- /dev/null +++ b/samba-4.7-fix_samba_with_systemd.patch @@ -0,0 +1,313 @@ +From e696afd2d810fef403c6e5d35a44cc0f22128310 Mon Sep 17 00:00:00 2001 +From: Gary Lockyer +Date: Mon, 21 Aug 2017 15:12:04 +1200 +Subject: [PATCH 1/4] s4/smbd: set the process group. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Set the process group in the samba daemon, the --no-process-group option +allows this to be disabled. The no-process-group option needs to be +disabled in self test. + +Signed-off-by: Gary Lockyer +Reviewed-by: Andrew Bartlett +Reviewed-by: Ralph Boehme + +Autobuild-User(master): Ralph Böhme +Autobuild-Date(master): Mon Sep 18 04:39:50 CEST 2017 on sn-devel-144 +--- + selftest/target/Samba4.pm | 2 +- + source4/smbd/server.c | 18 +++++++++++++++++- + 2 files changed, 18 insertions(+), 2 deletions(-) + +diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm +index 772f982cb9d..6a1856ef642 100755 +--- a/selftest/target/Samba4.pm ++++ b/selftest/target/Samba4.pm +@@ -158,7 +158,7 @@ sub check_or_start($$$) + close($env_vars->{STDIN_PIPE}); + open STDIN, ">&", $STDIN_READER or die "can't dup STDIN_READER to STDIN: $!"; + +- exec(@preargs, Samba::bindir_path($self, "samba"), "-M", $process_model, "-i", "--maximum-runtime=$self->{server_maxtime}", $env_vars->{CONFIGURATION}, @optargs) or die("Unable to start samba: $!"); ++ exec(@preargs, Samba::bindir_path($self, "samba"), "-M", $process_model, "-i", "--no-process-group", "--maximum-runtime=$self->{server_maxtime}", $env_vars->{CONFIGURATION}, @optargs) or die("Unable to start samba: $!"); + } + $env_vars->{SAMBA_PID} = $pid; + print "DONE ($pid)\n"; +diff --git a/source4/smbd/server.c b/source4/smbd/server.c +index a8bad06bed3..ba520e0a8f5 100644 +--- a/source4/smbd/server.c ++++ b/source4/smbd/server.c +@@ -341,6 +341,7 @@ static int binary_smbd_main(const char *binary_name, + { + bool opt_daemon = false; + bool opt_interactive = false; ++ bool opt_no_process_group = false; + int opt; + poptContext pc; + #define _MODULE_PROTO(init) extern NTSTATUS init(TALLOC_CTX *); +@@ -356,7 +357,8 @@ static int binary_smbd_main(const char *binary_name, + OPT_DAEMON = 1000, + OPT_INTERACTIVE, + OPT_PROCESS_MODEL, +- OPT_SHOW_BUILD ++ OPT_SHOW_BUILD, ++ OPT_NO_PROCESS_GROUP, + }; + struct poptOption long_options[] = { + POPT_AUTOHELP +@@ -371,6 +373,8 @@ static int binary_smbd_main(const char *binary_name, + "till autotermination", "seconds"}, + {"show-build", 'b', POPT_ARG_NONE, NULL, OPT_SHOW_BUILD, + "show build info", NULL }, ++ {"no-process-group", '\0', POPT_ARG_NONE, NULL, ++ OPT_NO_PROCESS_GROUP, "Don't create a new process group" }, + POPT_COMMON_SAMBA + POPT_COMMON_VERSION + { NULL } +@@ -393,6 +397,9 @@ static int binary_smbd_main(const char *binary_name, + case OPT_SHOW_BUILD: + show_build(); + break; ++ case OPT_NO_PROCESS_GROUP: ++ opt_no_process_group = true; ++ break; + default: + fprintf(stderr, "\nInvalid option %s: %s\n\n", + poptBadOption(pc, 0), poptStrerror(opt)); +@@ -508,6 +515,15 @@ static int binary_smbd_main(const char *binary_name, + stdin_event_flags = 0; + } + ++#if HAVE_SETPGID ++ /* ++ * If we're interactive we want to set our own process group for ++ * signal management, unless --no-process-group specified. ++ */ ++ if (opt_interactive && !opt_no_process_group) ++ setpgid((pid_t)0, (pid_t)0); ++#endif ++ + /* catch EOF on stdin */ + #ifdef SIGTTIN + signal(SIGTTIN, SIG_IGN); +-- +2.15.0 + + +From 1e3f38e58d52c7424831855c8db63c391e0b4b75 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Wed, 15 Nov 2017 10:00:52 +0100 +Subject: [PATCH 2/4] s4:samba: Do not segfault if we run into issues + +Signed-off-by: Andreas Schneider +Reviewed-by: Andrew Bartlett +(cherry picked from commit bfafabfb942668328401a3c89fc55b50dc56c209) +--- + source4/smbd/server.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/source4/smbd/server.c b/source4/smbd/server.c +index ba520e0a8f5..406f79593b9 100644 +--- a/source4/smbd/server.c ++++ b/source4/smbd/server.c +@@ -100,8 +100,16 @@ static void cleanup_tmp_files(struct loadparm_context *lp_ctx) + { + char *path; + TALLOC_CTX *mem_ctx = talloc_new(NULL); ++ if (mem_ctx == NULL) { ++ exit_daemon("Failed to create memory context", ++ ENOMEM); ++ } + + path = smbd_tmp_path(mem_ctx, lp_ctx, NULL); ++ if (path == NULL) { ++ exit_daemon("Failed to cleanup temporary files", ++ EINVAL); ++ } + + recursive_delete(path); + talloc_free(mem_ctx); +-- +2.15.0 + + +From b7d08eda158ba540dc7ca8755a6a8fdf34e52501 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Fri, 10 Nov 2017 09:18:18 +0100 +Subject: [PATCH 3/4] s4:samba: Allow samba daemon to run in foreground + +We are passing the no_process_group to become_daemon() that setsid() is +not called. In case we are double forking, we run in SysV daemon mode, +setsid() should be called! + +See: +https://www.freedesktop.org/software/systemd/man/daemon.html + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=13129 + +Signed-off-by: Andreas Schneider +Reviewed-by: Andrew Bartlett + +(cherry picked from commit 8736013dc42c5755b75bbb2e843a290bcd545909) +--- + source3/smbd/server.c | 2 +- + source4/smbd/server.c | 13 ++++++++++--- + 2 files changed, 11 insertions(+), 4 deletions(-) + +diff --git a/source3/smbd/server.c b/source3/smbd/server.c +index 181bcd1e123..252b43190d7 100644 +--- a/source3/smbd/server.c ++++ b/source3/smbd/server.c +@@ -1592,7 +1592,7 @@ extern void build_options(bool screen); + struct poptOption long_options[] = { + POPT_AUTOHELP + {"daemon", 'D', POPT_ARG_NONE, NULL, OPT_DAEMON, "Become a daemon (default)" }, +- {"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE, "Run interactive (not a daemon)"}, ++ {"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE, "Run interactive (not a daemon) and log to stdout"}, + {"foreground", 'F', POPT_ARG_NONE, NULL, OPT_FORK, "Run daemon in foreground (for daemontools, etc.)" }, + {"no-process-group", '\0', POPT_ARG_NONE, NULL, OPT_NO_PROCESS_GROUP, "Don't create a new process group" }, + {"log-stdout", 'S', POPT_ARG_NONE, NULL, OPT_LOG_STDOUT, "Log to stdout" }, +diff --git a/source4/smbd/server.c b/source4/smbd/server.c +index 406f79593b9..2349d5c7fa0 100644 +--- a/source4/smbd/server.c ++++ b/source4/smbd/server.c +@@ -348,6 +348,7 @@ static int binary_smbd_main(const char *binary_name, + const char *argv[]) + { + bool opt_daemon = false; ++ bool opt_fork = true; + bool opt_interactive = false; + bool opt_no_process_group = false; + int opt; +@@ -363,6 +364,7 @@ static int binary_smbd_main(const char *binary_name, + struct stat st; + enum { + OPT_DAEMON = 1000, ++ OPT_FOREGROUND, + OPT_INTERACTIVE, + OPT_PROCESS_MODEL, + OPT_SHOW_BUILD, +@@ -372,6 +374,8 @@ static int binary_smbd_main(const char *binary_name, + POPT_AUTOHELP + {"daemon", 'D', POPT_ARG_NONE, NULL, OPT_DAEMON, + "Become a daemon (default)", NULL }, ++ {"foreground", 'F', POPT_ARG_NONE, NULL, OPT_FOREGROUND, ++ "Run the daemon in foreground", NULL }, + {"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE, + "Run interactive (not a daemon)", NULL}, + {"model", 'M', POPT_ARG_STRING, NULL, OPT_PROCESS_MODEL, +@@ -396,6 +400,9 @@ static int binary_smbd_main(const char *binary_name, + case OPT_DAEMON: + opt_daemon = true; + break; ++ case OPT_FOREGROUND: ++ opt_fork = false; ++ break; + case OPT_INTERACTIVE: + opt_interactive = true; + break; +@@ -422,7 +429,7 @@ static int binary_smbd_main(const char *binary_name, + "not allowed together with -D|--daemon\n\n"); + poptPrintUsage(pc, stderr, 0); + return 1; +- } else if (!opt_interactive) { ++ } else if (!opt_interactive && !opt_fork) { + /* default is --daemon */ + opt_daemon = true; + } +@@ -458,8 +465,8 @@ static int binary_smbd_main(const char *binary_name, + } + + if (opt_daemon) { +- DEBUG(3,("Becoming a daemon.\n")); +- become_daemon(true, false, false); ++ DBG_NOTICE("Becoming a daemon.\n"); ++ become_daemon(opt_fork, opt_no_process_group, false); + } + + /* Create the memory context to hang everything off. */ +-- +2.15.0 + + +From 90588e8d08dcf38d97249eb39d87c5eb36f1fcd3 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Fri, 10 Nov 2017 09:32:27 +0100 +Subject: [PATCH 4/4] systemd: Start processes in forground and without a + process group + +We should not double fork in notify mode or systemd think something +during startup will be wrong and send SIGTERM to the process. So +sometimes the daemon will not start up correctly. + +systemd will also handle the process group. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=13129 + +Signed-off-by: Andreas Schneider +Reviewed-by: Andrew Bartlett + +(cherry picked from commit 8b6f58194da7e849cdb9d20712dff49b17a93a77) +--- + packaging/systemd/nmb.service | 2 +- + packaging/systemd/samba.service | 2 +- + packaging/systemd/smb.service | 2 +- + packaging/systemd/winbind.service | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/packaging/systemd/nmb.service b/packaging/systemd/nmb.service +index 992c0cd9d2b..71c93d6088b 100644 +--- a/packaging/systemd/nmb.service ++++ b/packaging/systemd/nmb.service +@@ -7,7 +7,7 @@ Type=notify + NotifyAccess=all + PIDFile=/run/nmbd.pid + EnvironmentFile=-/etc/sysconfig/samba +-ExecStart=/usr/sbin/nmbd $NMBDOPTIONS ++ExecStart=/usr/sbin/nmbd --foreground --no-process-group $NMBDOPTIONS + ExecReload=/usr/bin/kill -HUP $MAINPID + LimitCORE=infinity + +diff --git a/packaging/systemd/samba.service b/packaging/systemd/samba.service +index 824f89c2030..1b64c3b779d 100644 +--- a/packaging/systemd/samba.service ++++ b/packaging/systemd/samba.service +@@ -8,7 +8,7 @@ NotifyAccess=all + PIDFile=/run/samba.pid + LimitNOFILE=16384 + EnvironmentFile=-/etc/sysconfig/samba +-ExecStart=/usr/sbin/samba $SAMBAOPTIONS ++ExecStart=/usr/sbin/samba --foreground --no-process-group $SAMBAOPTIONS + ExecReload=/usr/bin/kill -HUP $MAINPID + + [Install] +diff --git a/packaging/systemd/smb.service b/packaging/systemd/smb.service +index 6053a5caaa5..adf6684c7d9 100644 +--- a/packaging/systemd/smb.service ++++ b/packaging/systemd/smb.service +@@ -8,7 +8,7 @@ NotifyAccess=all + PIDFile=/run/smbd.pid + LimitNOFILE=16384 + EnvironmentFile=-/etc/sysconfig/samba +-ExecStart=/usr/sbin/smbd $SMBDOPTIONS ++ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS + ExecReload=/usr/bin/kill -HUP $MAINPID + LimitCORE=infinity + +diff --git a/packaging/systemd/winbind.service b/packaging/systemd/winbind.service +index c511488166e..46b3797251d 100644 +--- a/packaging/systemd/winbind.service ++++ b/packaging/systemd/winbind.service +@@ -7,7 +7,7 @@ Type=notify + NotifyAccess=all + PIDFile=/run/winbindd.pid + EnvironmentFile=-/etc/sysconfig/samba +-ExecStart=/usr/sbin/winbindd "$WINBINDOPTIONS" ++ExecStart=/usr/sbin/winbindd --foreground --no-process-group "$WINBINDOPTIONS" + ExecReload=/usr/bin/kill -HUP $MAINPID + LimitCORE=infinity + +-- +2.15.0 + diff --git a/samba.spec b/samba.spec index 64165fc..9f0750b 100644 --- a/samba.spec +++ b/samba.spec @@ -6,7 +6,7 @@ # ctdb is enabled by default, you can disable it with: --without clustering %bcond_without clustering -%define main_release 1 +%define main_release 2 %define samba_version 4.7.3 %define talloc_version 2.1.10 @@ -116,6 +116,7 @@ Source201: README.downgrade Patch0: samba-4.7.0-bind_dlz.patch Patch1: samba-4.7.0-support-krb5-1.16.patch +Patch2: samba-4.7-fix_samba_with_systemd.patch Requires(pre): /usr/sbin/groupadd Requires(post): systemd @@ -3385,6 +3386,9 @@ rm -rf %{buildroot} %endif # with_clustering_support %changelog +* Thu Nov 30 2017 Andreas Schneider - 4.7.3-2 +- Fix deamon startup with systemd + * Thu Nov 23 2017 Bastien Nocera - 4.7.3-1 - Enable AES acceleration on Intel compatible CPUs by default