#! /bin/bash

### BEGIN INIT INFO
# Provides:          samba-ad-dc
# Required-Start:    $network $local_fs $remote_fs
# Required-Stop:     $network $local_fs $remote_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Samba daemons for the AD DC
# Description:  Meta-service to provide AD and SMB/CIFS services to clients
### END INIT INFO

NAME=samba
DAEMON=/usr/sbin/$NAME
PIDFILE=/run/samba/$NAME.pid
DESC="Samba AD DC server"
SCRIPT=samba-ad-dc

# clear conflicting settings from the environment
unset TMPDIR

test -x $DAEMON || exit 0
/usr/share/samba/is-configured $NAME || exit 0

[ -f /etc/default/samba ] && . /etc/default/samba

. /lib/lsb/init-functions

case "$1" in
	(start)
		/etc/init.d/nmbd start
		# check ucr autostart setting
		if [ -f "/usr/share/univention-config-registry/init-autostart.lib" ]; then
			. "/usr/share/univention-config-registry/init-autostart.lib"
			check_autostart samba-ad-dc samba4/autostart
		fi
		eval "$(univention-config-registry shell samba4/role)"
		if [ "$samba4_role" != "DC" ] && [ "$samba4_role" != "RODC" ]; then
			echo "Samba is not configured as AD DC."
			exit 0
		fi

		if [ -x /usr/sbin/univention-config-registry ]; then
			eval "$(/usr/sbin/univention-config-registry shell samba4/coredump/limit samba/max_open_files)"
		fi
		## three options:
		## * UCR variable unset -> default 'unlimited'
		## * UCR variable set empty -> no change in system ulimit value
		## * UCR variable set nonempty -> set system ulimit value
		ulimit_c_value="${samba4_coredump_limit-unlimited}"
		if [ -n "$ulimit_c_value" ]; then
			ulimit -c "$ulimit_c_value"
		fi

		if [ -n "$samba_max_open_files" ]; then
			ulimit -n "$samba_max_open_files"
		fi

		# CVE-2013-4475
		KEYFILE=/var/lib/samba/private/tls/key.pem
		if [ -e $KEYFILE ]
		then
				KEYPERMS=`stat -c %a $KEYFILE`
				if [ "$KEYPERMS" != "600" ]
				then
						echo "wrong permission on $KEYFILE, must be 600"
						echo "samba will not start (CVE-2013-4475)"
						echo "Removing all tls .pem files will cause an auto-regeneration with the correct permissions."
						exit 1
				fi
		fi
		log_daemon_msg "Starting $DESC" $NAME
		start-stop-daemon --start --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE -- -D $SAMBAOPTIONS >/dev/null
		log_end_msg $?
		;;
	(stop)
		log_daemon_msg "Stopping $DESC" $NAME
		## sometimes samba takes a long time to terminate,
		## which would make starting new samba processes fail.
		pid_samba=$(pgrep -F "$PIDFILE")
		pid_smbd=$(pgrep --exact 'smbd')
		pid_winbindd=$(pgrep --exact 'winbindd')
		start-stop-daemon --stop --quiet --pidfile $PIDFILE --name samba
		ret="$?"
		## Check if smbd/winbindd have been started indepently, e.g. via their .postinst script
		[ -n "$pid_smbd" ] && start-stop-daemon --stop --quiet --pid $pid_smbd --name smbd
		[ -n "$pid_winbindd" ] && start-stop-daemon --stop --quiet --pid $pid_winbindd --name winbindd
		## And check once again that all pids are actually terminated
		pids="$pid_samba $pid_smbd $pid_winbindd"
		if [ -n "${pids// /}" ]; then
			unset pgids kgids
			for pid in $pids; do
				pgids="$pgids -g $pid"
				kgids="$kgids -$pid"
			done
			TERM_TIMEOUT=60
			while [ $TERM_TIMEOUT -gt 0 ]; do
				[ -z "$(ps -o pid= $pgids)" ] && { ret=0; break; }
				sleep 1
				TERM_TIMEOUT=$((TERM_TIMEOUT-1))
			done
			if [ $TERM_TIMEOUT -eq 0 ]; then
				echo
				log_action_msg "Samba did not terminate in time. Killing remaining processes"
				ps_output=$(ps -Ho state,pid,pgrp,time,args $pgids)
				echo "$ps_output" \
					| while read line; do log_action_msg "$line"; done
				{
					echo "ERROR: Stuck process after service stop:\n$ps_output"
					echo "PIDFILE: $(cat $PIDFILE)"
				} | logger -p daemon.error -t SAMBA
				kill -9 $kgids 2>/dev/null; ret=0
			fi
		fi
		pkill samba-dcerpcd
		pkill samba-bgqd
		/etc/init.d/nmbd stop
		log_end_msg "$ret"
		;;
	(restart|force-reload)
		$0 stop && sleep 1 && $0 start
		;;
	(status)
		status_of_proc -p $PIDFILE $DAEMON $NAME
		;;
	(*)
		echo "Usage: /etc/init.d/$SCRIPT {start|stop|restart|force-reload|status}"
		exit 1
		;;
esac
