#! /bin/sh

### BEGIN INIT INFO
# Provides:          samba-ad-dc
# Required-Start:    $network $local_fs $remote_fs
# Required-Stop:     $network $local_fs $remote_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: start Samba daemons for the AD DC
### END INIT INFO

#
# Start/stops the Samba daemon (samba).
# Adapted from the Samba 3 packages.
#

global PIDDIR := '/var/run/samba'
global SAMBAPID := "$PIDDIR/samba.pid"

# clear conflicting settings from the environment
unset TMPDIR

# See if the daemon and the config file are there
test -x /usr/sbin/samba -a -r /etc/samba/smb.conf || exit 0

source /lib/lsb/init-functions

matchstr $1 {
	start {
		global SERVER_ROLE := $[samba-tool testparm --parameter-name="server role"  !2 >/dev/null | tail -1]
		if test $SERVER_ROLE != "active directory domain controller" {
		    exit 0
		}

		if init_is_upstart {
			exit 1
		}

		# CVE-2013-4475
		global KEYFILE := '/var/lib/samba/private/tls/key.pem'
		if test -e $KEYFILE
		{
				global KEYPERMS := $[stat -c %a $KEYFILE]
				if test $KEYPERMS != "600"
				{
						echo "wrong permission on $KEYFILE, must be 600"
						echo "samba will not start (CVE-2013-4475)"
						echo "Removing all tls .pem files will cause an auto-regeneration with the correct permissions."
						exit 1
				}
		}

		log_daemon_msg "Starting Samba AD DC daemon" "samba"
		# Make sure we have our PIDDIR, even if it's on a tmpfs
		install -o root -g root -m 755 -d $PIDDIR

		if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/samba -- -D {
			log_end_msg 1
			exit 1
		}

		log_end_msg 0
		}
	stop {
		if init_is_upstart {
			exit 0
		}
		log_daemon_msg "Stopping Samba AD DC daemon" "samba"

		start-stop-daemon --stop --quiet --pidfile $SAMBAPID
		# Wait a little and remove stale PID file
		sleep 1
		if test -f $SAMBAPID && ! ps h $[cat $SAMBAPID] > /dev/null
		{
			# Stale PID file (samba was succesfully stopped),
			# remove it (should be removed by samba itself IMHO.)
			rm -f $SAMBAPID
		}

		log_end_msg 0

		}
	restart|force-reload {
		if init_is_upstart {
			exit 1
		}
		$0 stop
		sleep 1
		$0 start
		}
	status {
		status_of_proc -p $SAMBAPID /usr/sbin/samba samba
		exit $Status
		}
	* {
		echo "Usage: /etc/init.d/samba-ad-dc {start|stop|restart|force-reload|status}"
		exit 1
		}
}

exit 0
(CommandList
  children: [
    (Assignment
      keyword: Assign_None
      pairs: [(assign_pair lhs:(LhsName name:PIDDIR) op:Equal rhs:{(/var/run/samba)} spids:[42])]
      spids: [42]
    )
    (Assignment
      keyword: Assign_None
      pairs: [
        (assign_pair
          lhs: (LhsName name:SAMBAPID)
          op: Equal
          rhs: {($ VSub_Name "$PIDDIR") (/samba.pid)}
          spids: [45]
        )
      ]
      spids: [45]
    )
    (C {(unset)} {(TMPDIR)})
    (AndOr
      children: [
        (C {(test)} {(-x)} {(/usr/sbin/samba)} {(-a)} {(-r)} {(/etc/samba/smb.conf)})
        (C {(exit)} {(0)})
      ]
      op_id: Op_DPipe
    )
    (C {(.)} {(/lib/lsb/init-functions)})
    (Case
      to_match: {(DQ ($ VSub_Number "$1"))}
      arms: [
        (case_arm
          pat_list: [{(start)}]
          action: [
            (Assignment
              keyword: Assign_None
              pairs: [
                (assign_pair
                  lhs: (LhsName name:SERVER_ROLE)
                  op: Equal
                  rhs: 
                    {
                      (CommandSubPart
                        command_list: 
                          (CommandList
                            children: [
                              (Pipeline
                                children: [
                                  (SimpleCommand
                                    words: [
                                      {(samba-tool)}
                                      {(testparm)}
                                      {(--parameter-name) (Lit_Other "=") (DQ ("server role"))}
                                    ]
                                    redirects: [
                                      (Redir
                                        op_id: Redir_Great
                                        fd: 2
                                        arg_word: {(/dev/null)}
                                        spids: [110]
                                      )
                                    ]
                                  )
                                  (C {(tail)} {(-1)})
                                ]
                                negated: False
                              )
                            ]
                          )
                        left_token: <Left_Backtick "`">
                        spids: [99 118]
                      )
                    }
                  spids: [98]
                )
              ]
              spids: [98]
            )
            (If
              arms: [
                (if_arm
                  cond: [
                    (Sentence
                      child: 
                        (C {(Lit_Other "[")} {(DQ ($ VSub_Name "$SERVER_ROLE"))} 
                          {(KW_Bang "!") (Lit_Other "=")} {(DQ ("active directory domain controller"))} {(Lit_Other "]")}
                        )
                      terminator: <Op_Semi ";">
                    )
                  ]
                  action: [(C {(exit)} {(0)})]
                  spids: [-1 139]
                )
              ]
              spids: [-1 147]
            )
            (If
              arms: [
                (if_arm
                  cond: [(Sentence child:(C {(init_is_upstart)}) terminator:<Op_Semi ";">)]
                  action: [(C {(exit)} {(1)})]
                  spids: [-1 156]
                )
              ]
              spids: [-1 164]
            )
            (Assignment
              keyword: Assign_None
              pairs: [
                (assign_pair
                  lhs: (LhsName name:KEYFILE)
                  op: Equal
                  rhs: {(/var/lib/samba/private/tls/key.pem)}
                  spids: [172]
                )
              ]
              spids: [172]
            )
            (If
              arms: [
                (if_arm
                  cond: [(C {(Lit_Other "[")} {(-e)} {($ VSub_Name "$KEYFILE")} {(Lit_Other "]")})]
                  action: [
                    (Assignment
                      keyword: Assign_None
                      pairs: [
                        (assign_pair
                          lhs: (LhsName name:KEYPERMS)
                          op: Equal
                          rhs: 
                            {
                              (CommandSubPart
                                command_list: 
                                  (CommandList
                                    children: [
                                      (C {(stat)} {(-c)} {(Lit_Other "%") (a)} {($ VSub_Name "$KEYFILE")})
                                    ]
                                  )
                                left_token: <Left_Backtick "`">
                                spids: [191 200]
                              )
                            }
                          spids: [190]
                        )
                      ]
                      spids: [190]
                    )
                    (If
                      arms: [
                        (if_arm
                          cond: [
                            (C {(Lit_Other "[")} {(DQ ($ VSub_Name "$KEYPERMS"))} 
                              {(KW_Bang "!") (Lit_Other "=")} {(DQ (600))} {(Lit_Other "]")}
                            )
                          ]
                          action: [
                            (C {(echo)} 
                              {
                                (DQ ("wrong permission on ") ($ VSub_Name "$KEYFILE") (", must be 600"))
                              }
                            )
                            (C {(echo)} {(DQ ("samba will not start (CVE-2013-4475)"))})
                            (C {(echo)} 
                              {
                                (DQ 
                                  (
"Removing all tls .pem files will cause an auto-regeneration with the correct permissions."
                                  )
                                )
                              }
                            )
                            (C {(exit)} {(1)})
                          ]
                          spids: [-1 221]
                        )
                      ]
                      spids: [-1 252]
                    )
                  ]
                  spids: [-1 187]
                )
              ]
              spids: [-1 255]
            )
            (C {(log_daemon_msg)} {(DQ ("Starting Samba AD DC daemon"))} {(DQ (samba))})
            (C {(install)} {(-o)} {(root)} {(-g)} {(root)} {(-m)} {(755)} {(-d)} {($ VSub_Name "$PIDDIR")})
            (If
              arms: [
                (if_arm
                  cond: [
                    (Sentence
                      child: 
                        (Pipeline
                          children: [
                            (C {(start-stop-daemon)} {(--start)} {(--quiet)} {(--oknodo)} {(--exec)} 
                              {(/usr/sbin/samba)} {(--)} {(-D)}
                            )
                          ]
                          negated: True
                        )
                      terminator: <Op_Semi ";">
                    )
                  ]
                  action: [(C {(log_end_msg)} {(1)}) (C {(exit)} {(1)})]
                  spids: [-1 315]
                )
              ]
              spids: [-1 328]
            )
            (C {(log_end_msg)} {(0)})
          ]
          spids: [94 95 337 -1]
        )
        (case_arm
          pat_list: [{(stop)}]
          action: [
            (If
              arms: [
                (if_arm
                  cond: [(Sentence child:(C {(init_is_upstart)}) terminator:<Op_Semi ";">)]
                  action: [(C {(exit)} {(0)})]
                  spids: [-1 349]
                )
              ]
              spids: [-1 357]
            )
            (C {(log_daemon_msg)} {(DQ ("Stopping Samba AD DC daemon"))} {(DQ (samba))})
            (C {(start-stop-daemon)} {(--stop)} {(--quiet)} {(--pidfile)} {($ VSub_Name "$SAMBAPID")})
            (C {(sleep)} {(1)})
            (If
              arms: [
                (if_arm
                  cond: [
                    (AndOr
                      children: [
                        (C {(Lit_Other "[")} {(-f)} {($ VSub_Name "$SAMBAPID")} {(Lit_Other "]")})
                        (Pipeline
                          children: [
                            (SimpleCommand
                              words: [
                                {(ps)}
                                {(h)}
                                {
                                  (CommandSubPart
                                    command_list: 
                                      (CommandList
                                        children: [(C {(cat)} {($ VSub_Name "$SAMBAPID")})]
                                      )
                                    left_token: <Left_Backtick "`">
                                    spids: [410 414]
                                  )
                                }
                              ]
                              redirects: [
                                (Redir
                                  op_id: Redir_Great
                                  fd: -1
                                  arg_word: {(/dev/null)}
                                  spids: [416]
                                )
                              ]
                            )
                          ]
                          negated: True
                        )
                      ]
                      op_id: Op_DAmp
                    )
                  ]
                  action: [(C {(rm)} {(-f)} {($ VSub_Name "$SAMBAPID")})]
                  spids: [-1 421]
                )
              ]
              spids: [-1 439]
            )
            (C {(log_end_msg)} {(0)})
          ]
          spids: [340 341 449 -1]
        )
        (case_arm
          pat_list: [{(restart)} {(force-reload)}]
          action: [
            (If
              arms: [
                (if_arm
                  cond: [(Sentence child:(C {(init_is_upstart)}) terminator:<Op_Semi ";">)]
                  action: [(C {(exit)} {(1)})]
                  spids: [-1 463]
                )
              ]
              spids: [-1 471]
            )
            (C {($ VSub_Number "$0")} {(stop)})
            (C {(sleep)} {(1)})
            (C {($ VSub_Number "$0")} {(start)})
          ]
          spids: [452 455 489 -1]
        )
        (case_arm
          pat_list: [{(status)}]
          action: [
            (C {(status_of_proc)} {(-p)} {($ VSub_Name "$SAMBAPID")} {(/usr/sbin/samba)} {(samba)})
            (C {(exit)} {($ VSub_QMark "$?")})
          ]
          spids: [492 493 512 -1]
        )
        (case_arm
          pat_list: [{(Lit_Other "*")}]
          action: [
            (C {(echo)} 
              {(DQ ("Usage: /etc/init.d/samba-ad-dc {start|stop|restart|force-reload|status}"))}
            )
            (C {(exit)} {(1)})
          ]
          spids: [515 516 531 -1]
        )
      ]
      spids: [85 91 533]
    )
    (C {(exit)} {(0)})
  ]
)