]> git.ipfire.org Git - people/ms/dnsmasq.git/blob - src/dnsmasq.c
projects / people / ms / dnsmasq.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix (srk induced) crash in new tftp_no_fail code.
[people/ms/dnsmasq.git] / src / dnsmasq.c
1 /* dnsmasq is Copyright (c) 2000-2015 Simon Kelley
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
15 */
16
17 /* Declare static char *compiler_opts in config.h */
18 #define DNSMASQ_COMPILE_OPTS
19
20 #include "dnsmasq.h"
21
22 struct daemon *daemon;
23
24 static volatile pid_t pid = 0;
25 static volatile int pipewrite;
26
27 static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp);
28 static void check_dns_listeners(fd_set *set, time_t now);
29 static void sig_handler(int sig);
30 static void async_event(int pipe, time_t now);
31 static void fatal_event(struct event_desc *ev, char *msg);
32 static int read_event(int fd, struct event_desc *evp, char **msg);
33 static void poll_resolv(int force, int do_reload, time_t now);
34
35 int main (int argc, char **argv)
36 {
37 int bind_fallback = 0;
38 time_t now;
39 struct sigaction sigact;
40 struct iname *if_tmp;
41 int piperead, pipefd[2], err_pipe[2];
42 struct passwd *ent_pw = NULL;
43 #if defined(HAVE_SCRIPT)
44 uid_t script_uid = 0;
45 gid_t script_gid = 0;
46 #endif
47 struct group *gp = NULL;
48 long i, max_fd = sysconf(_SC_OPEN_MAX);
49 char *baduser = NULL;
50 int log_err;
51 #if defined(HAVE_LINUX_NETWORK)
52 cap_user_header_t hdr = NULL;
53 cap_user_data_t data = NULL;
54 char *bound_device = NULL;
55 int did_bind = 0;
56 #endif
57 #if defined(HAVE_DHCP) || defined(HAVE_DHCP6)
58 struct dhcp_context *context;
59 struct dhcp_relay *relay;
60 #endif
61 #ifdef HAVE_TFTP
62 int tftp_prefix_missing = 0;
63 #endif
64
65 #ifdef LOCALEDIR
66 setlocale(LC_ALL, "");
67 bindtextdomain("dnsmasq", LOCALEDIR);
68 textdomain("dnsmasq");
69 #endif
70
71 sigact.sa_handler = sig_handler;
72 sigact.sa_flags = 0;
73 sigemptyset(&sigact.sa_mask);
74 sigaction(SIGUSR1, &sigact, NULL);
75 sigaction(SIGUSR2, &sigact, NULL);
76 sigaction(SIGHUP, &sigact, NULL);
77 sigaction(SIGTERM, &sigact, NULL);
78 sigaction(SIGALRM, &sigact, NULL);
79 sigaction(SIGCHLD, &sigact, NULL);
80
81 /* ignore SIGPIPE */
82 sigact.sa_handler = SIG_IGN;
83 sigaction(SIGPIPE, &sigact, NULL);
84
85 umask(022); /* known umask, create leases and pid files as 0644 */
86
87 rand_init(); /* Must precede read_opts() */
88
89 read_opts(argc, argv, compile_opts);
90
91 if (daemon->edns_pktsz < PACKETSZ)
92 daemon->edns_pktsz = PACKETSZ;
93
94 daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ?
95 daemon->edns_pktsz : DNSMASQ_PACKETSZ;
96 daemon->packet = safe_malloc(daemon->packet_buff_sz);
97
98 daemon->addrbuff = safe_malloc(ADDRSTRLEN);
99 if (option_bool(OPT_EXTRALOG))
100 daemon->addrbuff2 = safe_malloc(ADDRSTRLEN);
101
102 #ifdef HAVE_DNSSEC
103 if (option_bool(OPT_DNSSEC_VALID))
104 {
105 daemon->keyname = safe_malloc(MAXDNAME);
106 daemon->workspacename = safe_malloc(MAXDNAME);
107 }
108 #endif
109
110 #ifdef HAVE_DHCP
111 if (!daemon->lease_file)
112 {
113 if (daemon->dhcp || daemon->dhcp6)
114 daemon->lease_file = LEASEFILE;
115 }
116 #endif
117
118 /* Close any file descriptors we inherited apart from std{in|out|err}
119
120 Ensure that at least stdin, stdout and stderr (fd 0, 1, 2) exist,
121 otherwise file descriptors we create can end up being 0, 1, or 2
122 and then get accidentally closed later when we make 0, 1, and 2
123 open to /dev/null. Normally we'll be started with 0, 1 and 2 open,
124 but it's not guaranteed. By opening /dev/null three times, we
125 ensure that we're not using those fds for real stuff. */
126 for (i = 0; i < max_fd; i++)
127 if (i != STDOUT_FILENO && i != STDERR_FILENO && i != STDIN_FILENO)
128 close(i);
129 else
130 open("/dev/null", O_RDWR);
131
132 #ifndef HAVE_LINUX_NETWORK
133 # if !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR))
134 if (!option_bool(OPT_NOWILD))
135 {
136 bind_fallback = 1;
137 set_option_bool(OPT_NOWILD);
138 }
139 # endif
140
141 /* -- bind-dynamic not supported on !Linux, fall back to --bind-interfaces */
142 if (option_bool(OPT_CLEVERBIND))
143 {
144 bind_fallback = 1;
145 set_option_bool(OPT_NOWILD);
146 reset_option_bool(OPT_CLEVERBIND);
147 }
148 #endif
149
150 #ifndef HAVE_INOTIFY
151 if (daemon->dynamic_dirs)
152 die(_("dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"), NULL, EC_BADCONF);
153 #endif
154
155 if (option_bool(OPT_DNSSEC_VALID))
156 {
157 #ifdef HAVE_DNSSEC
158 if (!daemon->ds)
159 die(_("no trust anchors provided for DNSSEC"), NULL, EC_BADCONF);
160
161 if (daemon->cachesize < CACHESIZ)
162 die(_("cannot reduce cache size from default when DNSSEC enabled"), NULL, EC_BADCONF);
163 #else
164 die(_("DNSSEC not available: set HAVE_DNSSEC in src/config.h"), NULL, EC_BADCONF);
165 #endif
166 }
167
168 #ifndef HAVE_TFTP
169 if (option_bool(OPT_TFTP))
170 die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL, EC_BADCONF);
171 #endif
172
173 #ifdef HAVE_CONNTRACK
174 if (option_bool(OPT_CONNTRACK) && (daemon->query_port != 0 || daemon->osport))
175 die (_("cannot use --conntrack AND --query-port"), NULL, EC_BADCONF);
176 #else
177 if (option_bool(OPT_CONNTRACK))
178 die(_("conntrack support not available: set HAVE_CONNTRACK in src/config.h"), NULL, EC_BADCONF);
179 #endif
180
181 #ifdef HAVE_SOLARIS_NETWORK
182 if (daemon->max_logs != 0)
183 die(_("asychronous logging is not available under Solaris"), NULL, EC_BADCONF);
184 #endif
185
186 #ifdef __ANDROID__
187 if (daemon->max_logs != 0)
188 die(_("asychronous logging is not available under Android"), NULL, EC_BADCONF);
189 #endif
190
191 #ifndef HAVE_AUTH
192 if (daemon->authserver)
193 die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL, EC_BADCONF);
194 #endif
195
196 #ifndef HAVE_LOOP
197 if (option_bool(OPT_LOOP_DETECT))
198 die(_("loop detection not available: set HAVE_LOOP in src/config.h"), NULL, EC_BADCONF);
199 #endif
200
201 now = dnsmasq_time();
202
203 /* Create a serial at startup if not configured. */
204 if (daemon->authinterface && daemon->soa_sn == 0)
205 #ifdef HAVE_BROKEN_RTC
206 die(_("zone serial must be configured in --auth-soa"), NULL, EC_BADCONF);
207 #else
208 daemon->soa_sn = now;
209 #endif
210
211 #ifdef HAVE_DHCP6
212 if (daemon->dhcp6)
213 {
214 daemon->doing_ra = option_bool(OPT_RA);
215
216 for (context = daemon->dhcp6; context; context = context->next)
217 {
218 if (context->flags & CONTEXT_DHCP)
219 daemon->doing_dhcp6 = 1;
220 if (context->flags & CONTEXT_RA)
221 daemon->doing_ra = 1;
222 #if !defined(HAVE_LINUX_NETWORK) && !defined(HAVE_BSD_NETWORK)
223 if (context->flags & CONTEXT_TEMPLATE)
224 die (_("dhcp-range constructor not available on this platform"), NULL, EC_BADCONF);
225 #endif
226 }
227 }
228 #endif
229
230 #ifdef HAVE_DHCP
231 /* Note that order matters here, we must call lease_init before
232 creating any file descriptors which shouldn't be leaked
233 to the lease-script init process. We need to call common_init
234 before lease_init to allocate buffers it uses.*/
235 if (daemon->dhcp || daemon->doing_dhcp6 || daemon->relay4 || daemon->relay6)
236 {
237 dhcp_common_init();
238 if (daemon->dhcp || daemon->doing_dhcp6)
239 lease_init(now);
240 }
241
242 if (daemon->dhcp || daemon->relay4)
243 dhcp_init();
244
245 # ifdef HAVE_DHCP6
246 if (daemon->doing_ra || daemon->doing_dhcp6 || daemon->relay6)
247 ra_init(now);
248
249 if (daemon->doing_dhcp6 || daemon->relay6)
250 dhcp6_init();
251 # endif
252
253 #endif
254
255 #ifdef HAVE_IPSET
256 if (daemon->ipsets)
257 ipset_init();
258 #endif
259
260 #if defined(HAVE_LINUX_NETWORK)
261 netlink_init();
262 #elif defined(HAVE_BSD_NETWORK)
263 route_init();
264 #endif
265
266 if (option_bool(OPT_NOWILD) && option_bool(OPT_CLEVERBIND))
267 die(_("cannot set --bind-interfaces and --bind-dynamic"), NULL, EC_BADCONF);
268
269 if (!enumerate_interfaces(1) || !enumerate_interfaces(0))
270 die(_("failed to find list of interfaces: %s"), NULL, EC_MISC);
271
272 if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND))
273 {
274 create_bound_listeners(1);
275
276 if (!option_bool(OPT_CLEVERBIND))
277 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
278 if (if_tmp->name && !if_tmp->used)
279 die(_("unknown interface %s"), if_tmp->name, EC_BADNET);
280
281 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP)
282 /* after enumerate_interfaces() */
283 bound_device = whichdevice();
284
285 if (daemon->dhcp)
286 {
287 if (!daemon->relay4 && bound_device)
288 {
289 bindtodevice(bound_device, daemon->dhcpfd);
290 did_bind = 1;
291 }
292 if (daemon->enable_pxe && bound_device)
293 {
294 bindtodevice(bound_device, daemon->pxefd);
295 did_bind = 1;
296 }
297 }
298 #endif
299
300 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP6)
301 if (daemon->doing_dhcp6 && !daemon->relay6 && bound_device)
302 {
303 bindtodevice(bound_device, daemon->dhcp6fd);
304 did_bind = 1;
305 }
306 #endif
307 }
308 else
309 create_wildcard_listeners();
310
311 #ifdef HAVE_DHCP6
312 /* after enumerate_interfaces() */
313 if (daemon->doing_dhcp6 || daemon->relay6 || daemon->doing_ra)
314 join_multicast(1);
315
316 /* After netlink_init() and before create_helper() */
317 lease_make_duid(now);
318 #endif
319
320 if (daemon->port != 0)
321 {
322 cache_init();
323
324 #ifdef HAVE_DNSSEC
325 blockdata_init();
326 #endif
327 }
328
329 #ifdef HAVE_INOTIFY
330 if (daemon->port != 0 || daemon->dhcp || daemon->doing_dhcp6)
331 inotify_dnsmasq_init();
332 else
333 daemon->inotifyfd = -1;
334 #endif
335
336 if (option_bool(OPT_DBUS))
337 #ifdef HAVE_DBUS
338 {
339 char *err;
340 daemon->dbus = NULL;
341 daemon->watches = NULL;
342 if ((err = dbus_init()))
343 die(_("DBus error: %s"), err, EC_MISC);
344 }
345 #else
346 die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL, EC_BADCONF);
347 #endif
348
349 if (daemon->port != 0)
350 pre_allocate_sfds();
351
352 #if defined(HAVE_SCRIPT)
353 /* Note getpwnam returns static storage */
354 if ((daemon->dhcp || daemon->dhcp6) &&
355 daemon->scriptuser &&
356 (daemon->lease_change_command || daemon->luascript))
357 {
358 if ((ent_pw = getpwnam(daemon->scriptuser)))
359 {
360 script_uid = ent_pw->pw_uid;
361 script_gid = ent_pw->pw_gid;
362 }
363 else
364 baduser = daemon->scriptuser;
365 }
366 #endif
367
368 if (daemon->username && !(ent_pw = getpwnam(daemon->username)))
369 baduser = daemon->username;
370 else if (daemon->groupname && !(gp = getgrnam(daemon->groupname)))
371 baduser = daemon->groupname;
372
373 if (baduser)
374 die(_("unknown user or group: %s"), baduser, EC_BADCONF);
375
376 /* implement group defaults, "dip" if available, or group associated with uid */
377 if (!daemon->group_set && !gp)
378 {
379 if (!(gp = getgrnam(CHGRP)) && ent_pw)
380 gp = getgrgid(ent_pw->pw_gid);
381
382 /* for error message */
383 if (gp)
384 daemon->groupname = gp->gr_name;
385 }
386
387 #if defined(HAVE_LINUX_NETWORK)
388 /* determine capability API version here, while we can still
389 call safe_malloc */
390 if (ent_pw && ent_pw->pw_uid != 0)
391 {
392 int capsize = 1; /* for header version 1 */
393 hdr = safe_malloc(sizeof(*hdr));
394
395 /* find version supported by kernel */
396 memset(hdr, 0, sizeof(*hdr));
397 capget(hdr, NULL);
398
399 if (hdr->version != LINUX_CAPABILITY_VERSION_1)
400 {
401 /* if unknown version, use largest supported version (3) */
402 if (hdr->version != LINUX_CAPABILITY_VERSION_2)
403 hdr->version = LINUX_CAPABILITY_VERSION_3;
404 capsize = 2;
405 }
406
407 data = safe_malloc(sizeof(*data) * capsize);
408 memset(data, 0, sizeof(*data) * capsize);
409 }
410 #endif
411
412 /* Use a pipe to carry signals and other events back to the event loop
413 in a race-free manner and another to carry errors to daemon-invoking process */
414 safe_pipe(pipefd, 1);
415
416 piperead = pipefd[0];
417 pipewrite = pipefd[1];
418 /* prime the pipe to load stuff first time. */
419 send_event(pipewrite, EVENT_INIT, 0, NULL);
420
421 err_pipe[1] = -1;
422
423 if (!option_bool(OPT_DEBUG))
424 {
425 /* The following code "daemonizes" the process.
426 See Stevens section 12.4 */
427
428 if (chdir("/") != 0)
429 die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC);
430
431 #ifndef NO_FORK
432 if (!option_bool(OPT_NO_FORK))
433 {
434 pid_t pid;
435
436 /* pipe to carry errors back to original process.
437 When startup is complete we close this and the process terminates. */
438 safe_pipe(err_pipe, 0);
439
440 if ((pid = fork()) == -1)
441 /* fd == -1 since we've not forked, never returns. */
442 send_event(-1, EVENT_FORK_ERR, errno, NULL);
443
444 if (pid != 0)
445 {
446 struct event_desc ev;
447 char *msg;
448
449 /* close our copy of write-end */
450 while (retry_send(close(err_pipe[1])));
451
452 /* check for errors after the fork */
453 if (read_event(err_pipe[0], &ev, &msg))
454 fatal_event(&ev, msg);
455
456 _exit(EC_GOOD);
457 }
458
459 while (retry_send(close(err_pipe[0])));
460
461 /* NO calls to die() from here on. */
462
463 setsid();
464
465 if ((pid = fork()) == -1)
466 send_event(err_pipe[1], EVENT_FORK_ERR, errno, NULL);
467
468 if (pid != 0)
469 _exit(0);
470 }
471 #endif
472
473 /* write pidfile _after_ forking ! */
474 if (daemon->runfile)
475 {
476 int fd, err = 0;
477
478 sprintf(daemon->namebuff, "%d\n", (int) getpid());
479
480 /* Explanation: Some installations of dnsmasq (eg Debian/Ubuntu) locate the pid-file
481 in a directory which is writable by the non-privileged user that dnsmasq runs as. This
482 allows the daemon to delete the file as part of its shutdown. This is a security hole to the
483 extent that an attacker running as the unprivileged user could replace the pidfile with a
484 symlink, and have the target of that symlink overwritten as root next time dnsmasq starts.
485
486 The folowing code first deletes any existing file, and then opens it with the O_EXCL flag,
487 ensuring that the open() fails should there be any existing file (because the unlink() failed,
488 or an attacker exploited the race between unlink() and open()). This ensures that no symlink
489 attack can succeed.
490
491 Any compromise of the non-privileged user still theoretically allows the pid-file to be
492 replaced whilst dnsmasq is running. The worst that could allow is that the usual
493 "shutdown dnsmasq" shell command could be tricked into stopping any other process.
494
495 Note that if dnsmasq is started as non-root (eg for testing) it silently ignores
496 failure to write the pid-file.
497 */
498
499 unlink(daemon->runfile);
500
501 if ((fd = open(daemon->runfile, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH)) == -1)
502 {
503 /* only complain if started as root */
504 if (getuid() == 0)
505 err = 1;
506 }
507 else
508 {
509 if (!read_write(fd, (unsigned char *)daemon->namebuff, strlen(daemon->namebuff), 0))
510 err = 1;
511 else
512 {
513 while (retry_send(close(fd)));
514 if (errno != 0)
515 err = 1;
516 }
517 }
518
519 if (err)
520 {
521 send_event(err_pipe[1], EVENT_PIDFILE, errno, daemon->runfile);
522 _exit(0);
523 }
524 }
525 }
526
527 log_err = log_start(ent_pw, err_pipe[1]);
528
529 if (!option_bool(OPT_DEBUG))
530 {
531 /* open stdout etc to /dev/null */
532 int nullfd = open("/dev/null", O_RDWR);
533 dup2(nullfd, STDOUT_FILENO);
534 dup2(nullfd, STDERR_FILENO);
535 dup2(nullfd, STDIN_FILENO);
536 close(nullfd);
537 }
538
539 /* if we are to run scripts, we need to fork a helper before dropping root. */
540 daemon->helperfd = -1;
541 #ifdef HAVE_SCRIPT
542 if ((daemon->dhcp || daemon->dhcp6) && (daemon->lease_change_command || daemon->luascript))
543 daemon->helperfd = create_helper(pipewrite, err_pipe[1], script_uid, script_gid, max_fd);
544 #endif
545
546 if (!option_bool(OPT_DEBUG) && getuid() == 0)
547 {
548 int bad_capabilities = 0;
549 gid_t dummy;
550
551 /* remove all supplimentary groups */
552 if (gp &&
553 (setgroups(0, &dummy) == -1 ||
554 setgid(gp->gr_gid) == -1))
555 {
556 send_event(err_pipe[1], EVENT_GROUP_ERR, errno, daemon->groupname);
557 _exit(0);
558 }
559
560 if (ent_pw && ent_pw->pw_uid != 0)
561 {
562 #if defined(HAVE_LINUX_NETWORK)
563 /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
564 CAP_NET_RAW (for icmp) if we're doing dhcp. If we have yet to bind
565 ports because of DAD, or we're doing it dynamically,
566 we need CAP_NET_BIND_SERVICE too. */
567 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
568 data->effective = data->permitted = data->inheritable =
569 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) |
570 (1 << CAP_SETUID) | (1 << CAP_NET_BIND_SERVICE);
571 else
572 data->effective = data->permitted = data->inheritable =
573 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID);
574
575 /* Tell kernel to not clear capabilities when dropping root */
576 if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1)
577 bad_capabilities = errno;
578
579 #elif defined(HAVE_SOLARIS_NETWORK)
580 /* http://developers.sun.com/solaris/articles/program_privileges.html */
581 priv_set_t *priv_set;
582
583 if (!(priv_set = priv_str_to_set("basic", ",", NULL)) ||
584 priv_addset(priv_set, PRIV_NET_ICMPACCESS) == -1 ||
585 priv_addset(priv_set, PRIV_SYS_NET_CONFIG) == -1)
586 bad_capabilities = errno;
587
588 if (priv_set && bad_capabilities == 0)
589 {
590 priv_inverse(priv_set);
591
592 if (setppriv(PRIV_OFF, PRIV_LIMIT, priv_set) == -1)
593 bad_capabilities = errno;
594 }
595
596 if (priv_set)
597 priv_freeset(priv_set);
598
599 #endif
600
601 if (bad_capabilities != 0)
602 {
603 send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities, NULL);
604 _exit(0);
605 }
606
607 /* finally drop root */
608 if (setuid(ent_pw->pw_uid) == -1)
609 {
610 send_event(err_pipe[1], EVENT_USER_ERR, errno, daemon->username);
611 _exit(0);
612 }
613
614 #ifdef HAVE_LINUX_NETWORK
615 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
616 data->effective = data->permitted =
617 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_NET_BIND_SERVICE);
618 else
619 data->effective = data->permitted =
620 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW);
621 data->inheritable = 0;
622
623 /* lose the setuid and setgid capbilities */
624 if (capset(hdr, data) == -1)
625 {
626 send_event(err_pipe[1], EVENT_CAP_ERR, errno, NULL);
627 _exit(0);
628 }
629 #endif
630
631 }
632 }
633
634 #ifdef HAVE_LINUX_NETWORK
635 free(hdr);
636 free(data);
637 if (option_bool(OPT_DEBUG))
638 prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
639 #endif
640
641 #ifdef HAVE_TFTP
642 if (option_bool(OPT_TFTP))
643 {
644 DIR *dir;
645 struct tftp_prefix *p;
646
647 if (daemon->tftp_prefix)
648 {
649 if (!((dir = opendir(daemon->tftp_prefix))))
650 {
651 tftp_prefix_missing = 1;
652 if (!option_bool(OPT_TFTP_NO_FAIL))
653 {
654 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, daemon->tftp_prefix);
655 _exit(0);
656 }
657 }
658 else
659 closedir(dir);
660 }
661
662 for (p = daemon->if_prefix; p; p = p->next)
663 {
664 p->missing = 0;
665 if (!((dir = opendir(p->prefix))))
666 {
667 p->missing = 1;
668 if (!option_bool(OPT_TFTP_NO_FAIL))
669 {
670 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, p->prefix);
671 _exit(0);
672 }
673 }
674 else
675 closedir(dir);
676 }
677 }
678 #endif
679
680 if (daemon->port == 0)
681 my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION);
682 else if (daemon->cachesize != 0)
683 my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize);
684 else
685 my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION);
686
687 my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts);
688
689 #ifdef HAVE_DBUS
690 if (option_bool(OPT_DBUS))
691 {
692 if (daemon->dbus)
693 my_syslog(LOG_INFO, _("DBus support enabled: connected to system bus"));
694 else
695 my_syslog(LOG_INFO, _("DBus support enabled: bus connection pending"));
696 }
697 #endif
698
699 if (option_bool(OPT_LOCAL_SERVICE))
700 my_syslog(LOG_INFO, _("DNS service limited to local subnets"));
701
702 #ifdef HAVE_DNSSEC
703 if (option_bool(OPT_DNSSEC_VALID))
704 {
705 int rc;
706
707 /* Delay creating the timestamp file until here, after we've changed user, so that
708 it has the correct owner to allow updating the mtime later.
709 This means we have to report fatal errors via the pipe. */
710 if ((rc = setup_timestamp()) == -1)
711 {
712 send_event(err_pipe[1], EVENT_TIME_ERR, errno, daemon->timestamp_file);
713 _exit(0);
714 }
715
716 my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
717
718 if (option_bool(OPT_DNSSEC_TIME))
719 my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until first cache reload"));
720
721 if (rc == 1)
722 my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until system time valid"));
723 }
724 #endif
725
726 if (log_err != 0)
727 my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"),
728 daemon->log_file, strerror(log_err));
729
730 if (bind_fallback)
731 my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations"));
732
733 if (option_bool(OPT_NOWILD))
734 warn_bound_listeners();
735
736 warn_int_names();
737
738 if (!option_bool(OPT_NOWILD))
739 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
740 if (if_tmp->name && !if_tmp->used)
741 my_syslog(LOG_WARNING, _("warning: interface %s does not currently exist"), if_tmp->name);
742
743 if (daemon->port != 0 && option_bool(OPT_NO_RESOLV))
744 {
745 if (daemon->resolv_files && !daemon->resolv_files->is_default)
746 my_syslog(LOG_WARNING, _("warning: ignoring resolv-file flag because no-resolv is set"));
747 daemon->resolv_files = NULL;
748 if (!daemon->servers)
749 my_syslog(LOG_WARNING, _("warning: no upstream servers configured"));
750 }
751
752 if (daemon->max_logs != 0)
753 my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"), daemon->max_logs);
754
755
756 #ifdef HAVE_DHCP
757 for (context = daemon->dhcp; context; context = context->next)
758 log_context(AF_INET, context);
759
760 for (relay = daemon->relay4; relay; relay = relay->next)
761 log_relay(AF_INET, relay);
762
763 # ifdef HAVE_DHCP6
764 for (context = daemon->dhcp6; context; context = context->next)
765 log_context(AF_INET6, context);
766
767 for (relay = daemon->relay6; relay; relay = relay->next)
768 log_relay(AF_INET6, relay);
769
770 if (daemon->doing_dhcp6 || daemon->doing_ra)
771 dhcp_construct_contexts(now);
772
773 if (option_bool(OPT_RA))
774 my_syslog(MS_DHCP | LOG_INFO, _("IPv6 router advertisement enabled"));
775 # endif
776
777 # ifdef HAVE_LINUX_NETWORK
778 if (did_bind)
779 my_syslog(MS_DHCP | LOG_INFO, _("DHCP, sockets bound exclusively to interface %s"), bound_device);
780 # endif
781
782 /* after dhcp_contruct_contexts */
783 if (daemon->dhcp || daemon->doing_dhcp6)
784 lease_find_interfaces(now);
785 #endif
786
787 #ifdef HAVE_TFTP
788 if (option_bool(OPT_TFTP))
789 {
790 struct tftp_prefix *p;
791 #ifdef FD_SETSIZE
792 if (FD_SETSIZE < (unsigned)max_fd)
793 max_fd = FD_SETSIZE;
794 #endif
795
796 my_syslog(MS_TFTP | LOG_INFO, "TFTP %s%s %s",
797 daemon->tftp_prefix ? _("root is ") : _("enabled"),
798 daemon->tftp_prefix ? daemon->tftp_prefix: "",
799 option_bool(OPT_TFTP_SECURE) ? _("secure mode") : "");
800
801 if (tftp_prefix_missing)
802 my_syslog(MS_TFTP | LOG_WARNING, _("warning: %s inaccessible"), daemon->tftp_prefix);
803
804 for (p = daemon->if_prefix; p; p = p->next)
805 if (p->missing)
806 my_syslog(MS_TFTP | LOG_WARNING, _("warning: TFTP directory %s inaccessible"), p->prefix);
807
808 /* This is a guess, it assumes that for small limits,
809 disjoint files might be served, but for large limits,
810 a single file will be sent to may clients (the file only needs
811 one fd). */
812
813 max_fd -= 30; /* use other than TFTP */
814
815 if (max_fd < 0)
816 max_fd = 5;
817 else if (max_fd < 100)
818 max_fd = max_fd/2;
819 else
820 max_fd = max_fd - 20;
821
822 /* if we have to use a limited range of ports,
823 that will limit the number of transfers */
824 if (daemon->start_tftp_port != 0 &&
825 daemon->end_tftp_port - daemon->start_tftp_port + 1 < max_fd)
826 max_fd = daemon->end_tftp_port - daemon->start_tftp_port + 1;
827
828 if (daemon->tftp_max > max_fd)
829 {
830 daemon->tftp_max = max_fd;
831 my_syslog(MS_TFTP | LOG_WARNING,
832 _("restricting maximum simultaneous TFTP transfers to %d"),
833 daemon->tftp_max);
834 }
835 }
836 #endif
837
838 /* finished start-up - release original process */
839 if (err_pipe[1] != -1)
840 while (retry_send(close(err_pipe[1])));
841
842 if (daemon->port != 0)
843 check_servers();
844
845 pid = getpid();
846
847 #ifdef HAVE_INOTIFY
848 /* Using inotify, have to select a resolv file at startup */
849 poll_resolv(1, 0, now);
850 #endif
851
852 while (1)
853 {
854 int maxfd = -1;
855 struct timeval t, *tp = NULL;
856 fd_set rset, wset, eset;
857
858 FD_ZERO(&rset);
859 FD_ZERO(&wset);
860 FD_ZERO(&eset);
861
862 /* if we are out of resources, find how long we have to wait
863 for some to come free, we'll loop around then and restart
864 listening for queries */
865 if ((t.tv_sec = set_dns_listeners(now, &rset, &maxfd)) != 0)
866 {
867 t.tv_usec = 0;
868 tp = &t;
869 }
870
871 /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */
872 if (daemon->tftp_trans ||
873 (option_bool(OPT_DBUS) && !daemon->dbus))
874 {
875 t.tv_sec = 0;
876 t.tv_usec = 250000;
877 tp = &t;
878 }
879 /* Wake every second whilst waiting for DAD to complete */
880 else if (is_dad_listeners())
881 {
882 t.tv_sec = 1;
883 t.tv_usec = 0;
884 tp = &t;
885 }
886
887 #ifdef HAVE_DBUS
888 set_dbus_listeners(&maxfd, &rset, &wset, &eset);
889 #endif
890
891 #ifdef HAVE_DHCP
892 if (daemon->dhcp || daemon->relay4)
893 {
894 FD_SET(daemon->dhcpfd, &rset);
895 bump_maxfd(daemon->dhcpfd, &maxfd);
896 if (daemon->pxefd != -1)
897 {
898 FD_SET(daemon->pxefd, &rset);
899 bump_maxfd(daemon->pxefd, &maxfd);
900 }
901 }
902 #endif
903
904 #ifdef HAVE_DHCP6
905 if (daemon->doing_dhcp6 || daemon->relay6)
906 {
907 FD_SET(daemon->dhcp6fd, &rset);
908 bump_maxfd(daemon->dhcp6fd, &maxfd);
909 }
910
911 if (daemon->doing_ra)
912 {
913 FD_SET(daemon->icmp6fd, &rset);
914 bump_maxfd(daemon->icmp6fd, &maxfd);
915 }
916 #endif
917
918 #ifdef HAVE_INOTIFY
919 if (daemon->inotifyfd != -1)
920 {
921 FD_SET(daemon->inotifyfd, &rset);
922 bump_maxfd(daemon->inotifyfd, &maxfd);
923 }
924 #endif
925
926 #if defined(HAVE_LINUX_NETWORK)
927 FD_SET(daemon->netlinkfd, &rset);
928 bump_maxfd(daemon->netlinkfd, &maxfd);
929 #elif defined(HAVE_BSD_NETWORK)
930 FD_SET(daemon->routefd, &rset);
931 bump_maxfd(daemon->routefd, &maxfd);
932 #endif
933
934 FD_SET(piperead, &rset);
935 bump_maxfd(piperead, &maxfd);
936
937 #ifdef HAVE_DHCP
938 # ifdef HAVE_SCRIPT
939 while (helper_buf_empty() && do_script_run(now));
940
941 # ifdef HAVE_TFTP
942 while (helper_buf_empty() && do_tftp_script_run());
943 # endif
944
945 if (!helper_buf_empty())
946 {
947 FD_SET(daemon->helperfd, &wset);
948 bump_maxfd(daemon->helperfd, &maxfd);
949 }
950 # else
951 /* need this for other side-effects */
952 while (do_script_run(now));
953
954 # ifdef HAVE_TFTP
955 while (do_tftp_script_run());
956 # endif
957
958 # endif
959 #endif
960
961 /* must do this just before select(), when we know no
962 more calls to my_syslog() can occur */
963 set_log_writer(&wset, &maxfd);
964
965 if (select(maxfd+1, &rset, &wset, &eset, tp) < 0)
966 {
967 /* otherwise undefined after error */
968 FD_ZERO(&rset); FD_ZERO(&wset); FD_ZERO(&eset);
969 }
970
971 now = dnsmasq_time();
972
973 check_log_writer(&wset);
974
975 /* prime. */
976 enumerate_interfaces(1);
977
978 /* Check the interfaces to see if any have exited DAD state
979 and if so, bind the address. */
980 if (is_dad_listeners())
981 {
982 enumerate_interfaces(0);
983 /* NB, is_dad_listeners() == 1 --> we're binding interfaces */
984 create_bound_listeners(0);
985 warn_bound_listeners();
986 }
987
988 #if defined(HAVE_LINUX_NETWORK)
989 if (FD_ISSET(daemon->netlinkfd, &rset))
990 netlink_multicast();
991 #elif defined(HAVE_BSD_NETWORK)
992 if (FD_ISSET(daemon->routefd, &rset))
993 route_sock();
994 #endif
995
996 #ifdef HAVE_INOTIFY
997 if (daemon->inotifyfd != -1 && FD_ISSET(daemon->inotifyfd, &rset) && inotify_check(now))
998 {
999 if (daemon->port != 0 && !option_bool(OPT_NO_POLL))
1000 poll_resolv(1, 1, now);
1001 }
1002 #else
1003 /* Check for changes to resolv files once per second max. */
1004 /* Don't go silent for long periods if the clock goes backwards. */
1005 if (daemon->last_resolv == 0 ||
1006 difftime(now, daemon->last_resolv) > 1.0 ||
1007 difftime(now, daemon->last_resolv) < -1.0)
1008 {
1009 /* poll_resolv doesn't need to reload first time through, since
1010 that's queued anyway. */
1011
1012 poll_resolv(0, daemon->last_resolv != 0, now);
1013 daemon->last_resolv = now;
1014 }
1015 #endif
1016
1017 if (FD_ISSET(piperead, &rset))
1018 async_event(piperead, now);
1019
1020 #ifdef HAVE_DBUS
1021 /* if we didn't create a DBus connection, retry now. */
1022 if (option_bool(OPT_DBUS) && !daemon->dbus)
1023 {
1024 char *err;
1025 if ((err = dbus_init()))
1026 my_syslog(LOG_WARNING, _("DBus error: %s"), err);
1027 if (daemon->dbus)
1028 my_syslog(LOG_INFO, _("connected to system DBus"));
1029 }
1030 check_dbus_listeners(&rset, &wset, &eset);
1031 #endif
1032
1033 check_dns_listeners(&rset, now);
1034
1035 #ifdef HAVE_TFTP
1036 check_tftp_listeners(&rset, now);
1037 #endif
1038
1039 #ifdef HAVE_DHCP
1040 if (daemon->dhcp || daemon->relay4)
1041 {
1042 if (FD_ISSET(daemon->dhcpfd, &rset))
1043 dhcp_packet(now, 0);
1044 if (daemon->pxefd != -1 && FD_ISSET(daemon->pxefd, &rset))
1045 dhcp_packet(now, 1);
1046 }
1047
1048 #ifdef HAVE_DHCP6
1049 if ((daemon->doing_dhcp6 || daemon->relay6) && FD_ISSET(daemon->dhcp6fd, &rset))
1050 dhcp6_packet(now);
1051
1052 if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
1053 icmp6_packet(now);
1054 #endif
1055
1056 # ifdef HAVE_SCRIPT
1057 if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset))
1058 helper_write();
1059 # endif
1060 #endif
1061
1062 }
1063 }
1064
1065 static void sig_handler(int sig)
1066 {
1067 if (pid == 0)
1068 {
1069 /* ignore anything other than TERM during startup
1070 and in helper proc. (helper ignore TERM too) */
1071 if (sig == SIGTERM)
1072 exit(EC_MISC);
1073 }
1074 else if (pid != getpid())
1075 {
1076 /* alarm is used to kill TCP children after a fixed time. */
1077 if (sig == SIGALRM)
1078 _exit(0);
1079 }
1080 else
1081 {
1082 /* master process */
1083 int event, errsave = errno;
1084
1085 if (sig == SIGHUP)
1086 event = EVENT_RELOAD;
1087 else if (sig == SIGCHLD)
1088 event = EVENT_CHILD;
1089 else if (sig == SIGALRM)
1090 event = EVENT_ALARM;
1091 else if (sig == SIGTERM)
1092 event = EVENT_TERM;
1093 else if (sig == SIGUSR1)
1094 event = EVENT_DUMP;
1095 else if (sig == SIGUSR2)
1096 event = EVENT_REOPEN;
1097 else
1098 return;
1099
1100 send_event(pipewrite, event, 0, NULL);
1101 errno = errsave;
1102 }
1103 }
1104
1105 /* now == 0 -> queue immediate callback */
1106 void send_alarm(time_t event, time_t now)
1107 {
1108 if (now == 0 || event != 0)
1109 {
1110 /* alarm(0) or alarm(-ve) doesn't do what we want.... */
1111 if ((now == 0 || difftime(event, now) <= 0.0))
1112 send_event(pipewrite, EVENT_ALARM, 0, NULL);
1113 else
1114 alarm((unsigned)difftime(event, now));
1115 }
1116 }
1117
1118 void queue_event(int event)
1119 {
1120 send_event(pipewrite, event, 0, NULL);
1121 }
1122
1123 void send_event(int fd, int event, int data, char *msg)
1124 {
1125 struct event_desc ev;
1126 struct iovec iov[2];
1127
1128 ev.event = event;
1129 ev.data = data;
1130 ev.msg_sz = msg ? strlen(msg) : 0;
1131
1132 iov[0].iov_base = &ev;
1133 iov[0].iov_len = sizeof(ev);
1134 iov[1].iov_base = msg;
1135 iov[1].iov_len = ev.msg_sz;
1136
1137 /* error pipe, debug mode. */
1138 if (fd == -1)
1139 fatal_event(&ev, msg);
1140 else
1141 /* pipe is non-blocking and struct event_desc is smaller than
1142 PIPE_BUF, so this either fails or writes everything */
1143 while (writev(fd, iov, msg ? 2 : 1) == -1 && errno == EINTR);
1144 }
1145
1146 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1147 to describe fatal errors. */
1148 static int read_event(int fd, struct event_desc *evp, char **msg)
1149 {
1150 char *buf;
1151
1152 if (!read_write(fd, (unsigned char *)evp, sizeof(struct event_desc), 1))
1153 return 0;
1154
1155 *msg = NULL;
1156
1157 if (evp->msg_sz != 0 &&
1158 (buf = malloc(evp->msg_sz + 1)) &&
1159 read_write(fd, (unsigned char *)buf, evp->msg_sz, 1))
1160 {
1161 buf[evp->msg_sz] = 0;
1162 *msg = buf;
1163 }
1164
1165 return 1;
1166 }
1167
1168 static void fatal_event(struct event_desc *ev, char *msg)
1169 {
1170 errno = ev->data;
1171
1172 switch (ev->event)
1173 {
1174 case EVENT_DIE:
1175 exit(0);
1176
1177 case EVENT_FORK_ERR:
1178 die(_("cannot fork into background: %s"), NULL, EC_MISC);
1179
1180 case EVENT_PIPE_ERR:
1181 die(_("failed to create helper: %s"), NULL, EC_MISC);
1182
1183 case EVENT_CAP_ERR:
1184 die(_("setting capabilities failed: %s"), NULL, EC_MISC);
1185
1186 case EVENT_USER_ERR:
1187 die(_("failed to change user-id to %s: %s"), msg, EC_MISC);
1188
1189 case EVENT_GROUP_ERR:
1190 die(_("failed to change group-id to %s: %s"), msg, EC_MISC);
1191
1192 case EVENT_PIDFILE:
1193 die(_("failed to open pidfile %s: %s"), msg, EC_FILE);
1194
1195 case EVENT_LOG_ERR:
1196 die(_("cannot open log %s: %s"), msg, EC_FILE);
1197
1198 case EVENT_LUA_ERR:
1199 die(_("failed to load Lua script: %s"), msg, EC_MISC);
1200
1201 case EVENT_TFTP_ERR:
1202 die(_("TFTP directory %s inaccessible: %s"), msg, EC_FILE);
1203
1204 case EVENT_TIME_ERR:
1205 die(_("cannot create timestamp file %s: %s" ), msg, EC_BADCONF);
1206 }
1207 }
1208
1209 static void async_event(int pipe, time_t now)
1210 {
1211 pid_t p;
1212 struct event_desc ev;
1213 int i, check = 0;
1214 char *msg;
1215
1216 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1217 to describe fatal errors. */
1218
1219 if (read_event(pipe, &ev, &msg))
1220 switch (ev.event)
1221 {
1222 case EVENT_RELOAD:
1223 #ifdef HAVE_DNSSEC
1224 if (option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
1225 {
1226 my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps"));
1227 reset_option_bool(OPT_DNSSEC_TIME);
1228 }
1229 #endif
1230 /* fall through */
1231
1232 case EVENT_INIT:
1233 clear_cache_and_reload(now);
1234
1235 if (daemon->port != 0)
1236 {
1237 if (daemon->resolv_files && option_bool(OPT_NO_POLL))
1238 {
1239 reload_servers(daemon->resolv_files->name);
1240 check = 1;
1241 }
1242
1243 if (daemon->servers_file)
1244 {
1245 read_servers_file();
1246 check = 1;
1247 }
1248
1249 if (check)
1250 check_servers();
1251 }
1252
1253 #ifdef HAVE_DHCP
1254 rerun_scripts();
1255 #endif
1256 break;
1257
1258 case EVENT_DUMP:
1259 if (daemon->port != 0)
1260 dump_cache(now);
1261 break;
1262
1263 case EVENT_ALARM:
1264 #ifdef HAVE_DHCP
1265 if (daemon->dhcp || daemon->doing_dhcp6)
1266 {
1267 lease_prune(NULL, now);
1268 lease_update_file(now);
1269 }
1270 #ifdef HAVE_DHCP6
1271 else if (daemon->doing_ra)
1272 /* Not doing DHCP, so no lease system, manage alarms for ra only */
1273 send_alarm(periodic_ra(now), now);
1274 #endif
1275 #endif
1276 break;
1277
1278 case EVENT_CHILD:
1279 /* See Stevens 5.10 */
1280 while ((p = waitpid(-1, NULL, WNOHANG)) != 0)
1281 if (p == -1)
1282 {
1283 if (errno != EINTR)
1284 break;
1285 }
1286 else
1287 for (i = 0 ; i < MAX_PROCS; i++)
1288 if (daemon->tcp_pids[i] == p)
1289 daemon->tcp_pids[i] = 0;
1290 break;
1291
1292 case EVENT_KILLED:
1293 my_syslog(LOG_WARNING, _("script process killed by signal %d"), ev.data);
1294 break;
1295
1296 case EVENT_EXITED:
1297 my_syslog(LOG_WARNING, _("script process exited with status %d"), ev.data);
1298 break;
1299
1300 case EVENT_EXEC_ERR:
1301 my_syslog(LOG_ERR, _("failed to execute %s: %s"),
1302 daemon->lease_change_command, strerror(ev.data));
1303 break;
1304
1305 /* necessary for fatal errors in helper */
1306 case EVENT_USER_ERR:
1307 case EVENT_DIE:
1308 case EVENT_LUA_ERR:
1309 fatal_event(&ev, msg);
1310 break;
1311
1312 case EVENT_REOPEN:
1313 /* Note: this may leave TCP-handling processes with the old file still open.
1314 Since any such process will die in CHILD_LIFETIME or probably much sooner,
1315 we leave them logging to the old file. */
1316 if (daemon->log_file != NULL)
1317 log_reopen(daemon->log_file);
1318 break;
1319
1320 case EVENT_NEWADDR:
1321 newaddress(now);
1322 break;
1323
1324 case EVENT_NEWROUTE:
1325 resend_query();
1326 /* Force re-reading resolv file right now, for luck. */
1327 poll_resolv(0, 1, now);
1328 break;
1329
1330 case EVENT_TERM:
1331 /* Knock all our children on the head. */
1332 for (i = 0; i < MAX_PROCS; i++)
1333 if (daemon->tcp_pids[i] != 0)
1334 kill(daemon->tcp_pids[i], SIGALRM);
1335
1336 #if defined(HAVE_SCRIPT)
1337 /* handle pending lease transitions */
1338 if (daemon->helperfd != -1)
1339 {
1340 /* block in writes until all done */
1341 if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1)
1342 fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK);
1343 do {
1344 helper_write();
1345 } while (!helper_buf_empty() || do_script_run(now));
1346 while (retry_send(close(daemon->helperfd)));
1347 }
1348 #endif
1349
1350 if (daemon->lease_stream)
1351 fclose(daemon->lease_stream);
1352
1353 if (daemon->runfile)
1354 unlink(daemon->runfile);
1355
1356 my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM"));
1357 flush_log();
1358 exit(EC_GOOD);
1359 }
1360 }
1361
1362 static void poll_resolv(int force, int do_reload, time_t now)
1363 {
1364 struct resolvc *res, *latest;
1365 struct stat statbuf;
1366 time_t last_change = 0;
1367 /* There may be more than one possible file.
1368 Go through and find the one which changed _last_.
1369 Warn of any which can't be read. */
1370
1371 if (daemon->port == 0 || option_bool(OPT_NO_POLL))
1372 return;
1373
1374 for (latest = NULL, res = daemon->resolv_files; res; res = res->next)
1375 if (stat(res->name, &statbuf) == -1)
1376 {
1377 if (force)
1378 {
1379 res->mtime = 0;
1380 continue;
1381 }
1382
1383 if (!res->logged)
1384 my_syslog(LOG_WARNING, _("failed to access %s: %s"), res->name, strerror(errno));
1385 res->logged = 1;
1386
1387 if (res->mtime != 0)
1388 {
1389 /* existing file evaporated, force selection of the latest
1390 file even if its mtime hasn't changed since we last looked */
1391 poll_resolv(1, do_reload, now);
1392 return;
1393 }
1394 }
1395 else
1396 {
1397 res->logged = 0;
1398 if (force || (statbuf.st_mtime != res->mtime))
1399 {
1400 res->mtime = statbuf.st_mtime;
1401 if (difftime(statbuf.st_mtime, last_change) > 0.0)
1402 {
1403 last_change = statbuf.st_mtime;
1404 latest = res;
1405 }
1406 }
1407 }
1408
1409 if (latest)
1410 {
1411 static int warned = 0;
1412 if (reload_servers(latest->name))
1413 {
1414 my_syslog(LOG_INFO, _("reading %s"), latest->name);
1415 warned = 0;
1416 check_servers();
1417 if (option_bool(OPT_RELOAD) && do_reload)
1418 clear_cache_and_reload(now);
1419 }
1420 else
1421 {
1422 latest->mtime = 0;
1423 if (!warned)
1424 {
1425 my_syslog(LOG_WARNING, _("no servers found in %s, will retry"), latest->name);
1426 warned = 1;
1427 }
1428 }
1429 }
1430 }
1431
1432 void clear_cache_and_reload(time_t now)
1433 {
1434 (void)now;
1435
1436 if (daemon->port != 0)
1437 cache_reload();
1438
1439 #ifdef HAVE_DHCP
1440 if (daemon->dhcp || daemon->doing_dhcp6)
1441 {
1442 if (option_bool(OPT_ETHERS))
1443 dhcp_read_ethers();
1444 reread_dhcp();
1445 #ifdef HAVE_INOTIFY
1446 set_dynamic_inotify(AH_DHCP_HST | AH_DHCP_OPT, 0, NULL, 0);
1447 #endif
1448 dhcp_update_configs(daemon->dhcp_conf);
1449 lease_update_from_configs();
1450 lease_update_file(now);
1451 lease_update_dns(1);
1452 }
1453 #ifdef HAVE_DHCP6
1454 else if (daemon->doing_ra)
1455 /* Not doing DHCP, so no lease system, manage
1456 alarms for ra only */
1457 send_alarm(periodic_ra(now), now);
1458 #endif
1459 #endif
1460 }
1461
1462 static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp)
1463 {
1464 struct serverfd *serverfdp;
1465 struct listener *listener;
1466 int wait = 0, i;
1467
1468 #ifdef HAVE_TFTP
1469 int tftp = 0;
1470 struct tftp_transfer *transfer;
1471 for (transfer = daemon->tftp_trans; transfer; transfer = transfer->next)
1472 {
1473 tftp++;
1474 FD_SET(transfer->sockfd, set);
1475 bump_maxfd(transfer->sockfd, maxfdp);
1476 }
1477 #endif
1478
1479 /* will we be able to get memory? */
1480 if (daemon->port != 0)
1481 get_new_frec(now, &wait, 0);
1482
1483 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1484 {
1485 FD_SET(serverfdp->fd, set);
1486 bump_maxfd(serverfdp->fd, maxfdp);
1487 }
1488
1489 if (daemon->port != 0 && !daemon->osport)
1490 for (i = 0; i < RANDOM_SOCKS; i++)
1491 if (daemon->randomsocks[i].refcount != 0)
1492 {
1493 FD_SET(daemon->randomsocks[i].fd, set);
1494 bump_maxfd(daemon->randomsocks[i].fd, maxfdp);
1495 }
1496
1497 for (listener = daemon->listeners; listener; listener = listener->next)
1498 {
1499 /* only listen for queries if we have resources */
1500 if (listener->fd != -1 && wait == 0)
1501 {
1502 FD_SET(listener->fd, set);
1503 bump_maxfd(listener->fd, maxfdp);
1504 }
1505
1506 /* death of a child goes through the select loop, so
1507 we don't need to explicitly arrange to wake up here */
1508 if (listener->tcpfd != -1)
1509 for (i = 0; i < MAX_PROCS; i++)
1510 if (daemon->tcp_pids[i] == 0)
1511 {
1512 FD_SET(listener->tcpfd, set);
1513 bump_maxfd(listener->tcpfd, maxfdp);
1514 break;
1515 }
1516
1517 #ifdef HAVE_TFTP
1518 if (tftp <= daemon->tftp_max && listener->tftpfd != -1)
1519 {
1520 FD_SET(listener->tftpfd, set);
1521 bump_maxfd(listener->tftpfd, maxfdp);
1522 }
1523 #endif
1524
1525 }
1526
1527 return wait;
1528 }
1529
1530 static void check_dns_listeners(fd_set *set, time_t now)
1531 {
1532 struct serverfd *serverfdp;
1533 struct listener *listener;
1534 int i;
1535
1536 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1537 if (FD_ISSET(serverfdp->fd, set))
1538 reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now);
1539
1540 if (daemon->port != 0 && !daemon->osport)
1541 for (i = 0; i < RANDOM_SOCKS; i++)
1542 if (daemon->randomsocks[i].refcount != 0 &&
1543 FD_ISSET(daemon->randomsocks[i].fd, set))
1544 reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now);
1545
1546 for (listener = daemon->listeners; listener; listener = listener->next)
1547 {
1548 if (listener->fd != -1 && FD_ISSET(listener->fd, set))
1549 receive_query(listener, now);
1550
1551 #ifdef HAVE_TFTP
1552 if (listener->tftpfd != -1 && FD_ISSET(listener->tftpfd, set))
1553 tftp_request(listener, now);
1554 #endif
1555
1556 if (listener->tcpfd != -1 && FD_ISSET(listener->tcpfd, set))
1557 {
1558 int confd, client_ok = 1;
1559 struct irec *iface = NULL;
1560 pid_t p;
1561 union mysockaddr tcp_addr;
1562 socklen_t tcp_len = sizeof(union mysockaddr);
1563
1564 while ((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR);
1565
1566 if (confd == -1)
1567 continue;
1568
1569 if (getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) == -1)
1570 {
1571 while (retry_send(close(confd)));
1572 continue;
1573 }
1574
1575 /* Make sure that the interface list is up-to-date.
1576
1577 We do this here as we may need the results below, and
1578 the DNS code needs them for --interface-name stuff.
1579
1580 Multiple calls to enumerate_interfaces() per select loop are
1581 inhibited, so calls to it in the child process (which doesn't select())
1582 have no effect. This avoids two processes reading from the same
1583 netlink fd and screwing the pooch entirely.
1584 */
1585
1586 enumerate_interfaces(0);
1587
1588 if (option_bool(OPT_NOWILD))
1589 iface = listener->iface; /* May be NULL */
1590 else
1591 {
1592 int if_index;
1593 char intr_name[IF_NAMESIZE];
1594
1595 /* if we can find the arrival interface, check it's one that's allowed */
1596 if ((if_index = tcp_interface(confd, tcp_addr.sa.sa_family)) != 0 &&
1597 indextoname(listener->tcpfd, if_index, intr_name))
1598 {
1599 struct all_addr addr;
1600 addr.addr.addr4 = tcp_addr.in.sin_addr;
1601 #ifdef HAVE_IPV6
1602 if (tcp_addr.sa.sa_family == AF_INET6)
1603 addr.addr.addr6 = tcp_addr.in6.sin6_addr;
1604 #endif
1605
1606 for (iface = daemon->interfaces; iface; iface = iface->next)
1607 if (iface->index == if_index)
1608 break;
1609
1610 if (!iface && !loopback_exception(listener->tcpfd, tcp_addr.sa.sa_family, &addr, intr_name))
1611 client_ok = 0;
1612 }
1613
1614 if (option_bool(OPT_CLEVERBIND))
1615 iface = listener->iface; /* May be NULL */
1616 else
1617 {
1618 /* Check for allowed interfaces when binding the wildcard address:
1619 we do this by looking for an interface with the same address as
1620 the local address of the TCP connection, then looking to see if that's
1621 an allowed interface. As a side effect, we get the netmask of the
1622 interface too, for localisation. */
1623
1624 for (iface = daemon->interfaces; iface; iface = iface->next)
1625 if (sockaddr_isequal(&iface->addr, &tcp_addr))
1626 break;
1627
1628 if (!iface)
1629 client_ok = 0;
1630 }
1631 }
1632
1633 if (!client_ok)
1634 {
1635 shutdown(confd, SHUT_RDWR);
1636 while (retry_send(close(confd)));
1637 }
1638 #ifndef NO_FORK
1639 else if (!option_bool(OPT_DEBUG) && (p = fork()) != 0)
1640 {
1641 if (p != -1)
1642 {
1643 int i;
1644 for (i = 0; i < MAX_PROCS; i++)
1645 if (daemon->tcp_pids[i] == 0)
1646 {
1647 daemon->tcp_pids[i] = p;
1648 break;
1649 }
1650 }
1651 while (retry_send(close(confd)));
1652
1653 /* The child can use up to TCP_MAX_QUERIES ids, so skip that many. */
1654 daemon->log_id += TCP_MAX_QUERIES;
1655 }
1656 #endif
1657 else
1658 {
1659 unsigned char *buff;
1660 struct server *s;
1661 int flags;
1662 struct in_addr netmask;
1663 int auth_dns;
1664
1665 if (iface)
1666 {
1667 netmask = iface->netmask;
1668 auth_dns = iface->dns_auth;
1669 }
1670 else
1671 {
1672 netmask.s_addr = 0;
1673 auth_dns = 0;
1674 }
1675
1676 #ifndef NO_FORK
1677 /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
1678 terminate the process. */
1679 if (!option_bool(OPT_DEBUG))
1680 alarm(CHILD_LIFETIME);
1681 #endif
1682
1683 /* start with no upstream connections. */
1684 for (s = daemon->servers; s; s = s->next)
1685 s->tcpfd = -1;
1686
1687 /* The connected socket inherits non-blocking
1688 attribute from the listening socket.
1689 Reset that here. */
1690 if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
1691 fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);
1692
1693 buff = tcp_request(confd, now, &tcp_addr, netmask, auth_dns);
1694
1695 shutdown(confd, SHUT_RDWR);
1696 while (retry_send(close(confd)));
1697
1698 if (buff)
1699 free(buff);
1700
1701 for (s = daemon->servers; s; s = s->next)
1702 if (s->tcpfd != -1)
1703 {
1704 shutdown(s->tcpfd, SHUT_RDWR);
1705 while (retry_send(close(s->tcpfd)));
1706 }
1707 #ifndef NO_FORK
1708 if (!option_bool(OPT_DEBUG))
1709 {
1710 flush_log();
1711 _exit(0);
1712 }
1713 #endif
1714 }
1715 }
1716 }
1717 }
1718
1719 #ifdef HAVE_DHCP
1720 int make_icmp_sock(void)
1721 {
1722 int fd;
1723 int zeroopt = 0;
1724
1725 if ((fd = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1)
1726 {
1727 if (!fix_fd(fd) ||
1728 setsockopt(fd, SOL_SOCKET, SO_DONTROUTE, &zeroopt, sizeof(zeroopt)) == -1)
1729 {
1730 close(fd);
1731 fd = -1;
1732 }
1733 }
1734
1735 return fd;
1736 }
1737
1738 int icmp_ping(struct in_addr addr)
1739 {
1740 /* Try and get an ICMP echo from a machine. */
1741
1742 /* Note that whilst in the three second wait, we check for
1743 (and service) events on the DNS and TFTP sockets, (so doing that
1744 better not use any resources our caller has in use...)
1745 but we remain deaf to signals or further DHCP packets. */
1746
1747 int fd;
1748 struct sockaddr_in saddr;
1749 struct {
1750 struct ip ip;
1751 struct icmp icmp;
1752 } packet;
1753 unsigned short id = rand16();
1754 unsigned int i, j;
1755 int gotreply = 0;
1756 time_t start, now;
1757
1758 #if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK)
1759 if ((fd = make_icmp_sock()) == -1)
1760 return 0;
1761 #else
1762 int opt = 2000;
1763 fd = daemon->dhcp_icmp_fd;
1764 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1765 #endif
1766
1767 saddr.sin_family = AF_INET;
1768 saddr.sin_port = 0;
1769 saddr.sin_addr = addr;
1770 #ifdef HAVE_SOCKADDR_SA_LEN
1771 saddr.sin_len = sizeof(struct sockaddr_in);
1772 #endif
1773
1774 memset(&packet.icmp, 0, sizeof(packet.icmp));
1775 packet.icmp.icmp_type = ICMP_ECHO;
1776 packet.icmp.icmp_id = id;
1777 for (j = 0, i = 0; i < sizeof(struct icmp) / 2; i++)
1778 j += ((u16 *)&packet.icmp)[i];
1779 while (j>>16)
1780 j = (j & 0xffff) + (j >> 16);
1781 packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j;
1782
1783 while (retry_send(sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0,
1784 (struct sockaddr *)&saddr, sizeof(saddr))));
1785
1786 for (now = start = dnsmasq_time();
1787 difftime(now, start) < (float)PING_WAIT;)
1788 {
1789 struct timeval tv;
1790 fd_set rset, wset;
1791 struct sockaddr_in faddr;
1792 int maxfd = fd;
1793 socklen_t len = sizeof(faddr);
1794
1795 tv.tv_usec = 250000;
1796 tv.tv_sec = 0;
1797
1798 FD_ZERO(&rset);
1799 FD_ZERO(&wset);
1800 FD_SET(fd, &rset);
1801 set_dns_listeners(now, &rset, &maxfd);
1802 set_log_writer(&wset, &maxfd);
1803
1804 #ifdef HAVE_DHCP6
1805 if (daemon->doing_ra)
1806 {
1807 FD_SET(daemon->icmp6fd, &rset);
1808 bump_maxfd(daemon->icmp6fd, &maxfd);
1809 }
1810 #endif
1811
1812 if (select(maxfd+1, &rset, &wset, NULL, &tv) < 0)
1813 {
1814 FD_ZERO(&rset);
1815 FD_ZERO(&wset);
1816 }
1817
1818 now = dnsmasq_time();
1819
1820 check_log_writer(&wset);
1821 check_dns_listeners(&rset, now);
1822
1823 #ifdef HAVE_DHCP6
1824 if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
1825 icmp6_packet(now);
1826 #endif
1827
1828 #ifdef HAVE_TFTP
1829 check_tftp_listeners(&rset, now);
1830 #endif
1831
1832 if (FD_ISSET(fd, &rset) &&
1833 recvfrom(fd, &packet, sizeof(packet), 0,
1834 (struct sockaddr *)&faddr, &len) == sizeof(packet) &&
1835 saddr.sin_addr.s_addr == faddr.sin_addr.s_addr &&
1836 packet.icmp.icmp_type == ICMP_ECHOREPLY &&
1837 packet.icmp.icmp_seq == 0 &&
1838 packet.icmp.icmp_id == id)
1839 {
1840 gotreply = 1;
1841 break;
1842 }
1843 }
1844
1845 #if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
1846 while (retry_send(close(fd)));
1847 #else
1848 opt = 1;
1849 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1850 #endif
1851
1852 return gotreply;
1853 }
1854 #endif
1855
1856
Michael's tree of dnsmasq.