/*
- * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
+ * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
*
* Squid software is distributed under GPLv2+ license and includes
* contributions from numerous individuals and organizations.
/** abort if neither worker could open a socket. */
if (icmp4_worker < 0 && icmp6_worker < 0) {
debugs(42, DBG_CRITICAL, "FATAL: pinger: Unable to open any ICMP sockets.");
- exit(1);
+ exit(EXIT_FAILURE);
}
if ( (squid_link = control.Open()) < 0) {
debugs(42, DBG_CRITICAL, "FATAL: pinger: Unable to setup Pinger control sockets.");
icmp4.Close();
icmp6.Close();
- exit(1); // fatal error if the control channel fails.
+ exit(EXIT_FAILURE); // fatal error if the control channel fails.
}
max_fd = max(max_fd, squid_link);
if (setgid(getgid()) < 0) {
- debugs(42, DBG_CRITICAL, "FATAL: pinger: setgid(" << getgid() << ") failed: " << xstrerror());
+ int xerrno = errno;
+ debugs(42, DBG_CRITICAL, "FATAL: pinger: setgid(" << getgid() << ") failed: " << xstrerr(xerrno));
icmp4.Close();
icmp6.Close();
- exit (1);
+ exit(EXIT_FAILURE);
}
if (setuid(getuid()) < 0) {
- debugs(42, DBG_CRITICAL, "FATAL: pinger: setuid(" << getuid() << ") failed: " << xstrerror());
+ int xerrno = errno;
+ debugs(42, DBG_CRITICAL, "FATAL: pinger: setuid(" << getuid() << ") failed: " << xstrerr(xerrno));
icmp4.Close();
icmp6.Close();
- exit (1);
+ exit(EXIT_FAILURE);
}
+#if USE_LIBCAP
+ // Drop remaining capabilities (if installed as non-setuid setcap cap_net_raw=ep).
+ // If pinger binary was installed setuid root, setuid() above already dropped all
+ // capabilities, and this is no-op.
+ cap_t caps;
+ caps = cap_init();
+ if (!caps) {
+ int xerrno = errno;
+ debugs(42, DBG_CRITICAL, "FATAL: pinger: cap_init() failed: " << xstrerr(xerrno));
+ icmp4.Close();
+ icmp6.Close();
+ exit(EXIT_FAILURE);
+ } else {
+ if (cap_set_proc(caps) != 0) {
+ int xerrno = errno;
+ // cap_set_proc(cap_init()) is expected to never fail
+ debugs(42, DBG_CRITICAL, "FATAL: pinger: cap_set_proc(none) failed: " << xstrerr(xerrno));
+ cap_free(caps);
+ icmp4.Close();
+ icmp6.Close();
+ exit(EXIT_FAILURE);
+ }
+ cap_free(caps);
+ }
+#endif
+
last_check_time = squid_curtime;
for (;;) {
}
FD_SET(squid_link, &R);
- x = select(10, &R, NULL, NULL, &tv);
+ x = select(max_fd+1, &R, NULL, NULL, &tv);
getCurrentTime();
if (x < 0) {
- debugs(42, DBG_CRITICAL, HERE << " FATAL Shutdown. select()==" << x << ", ERR: " << xstrerror());
+ int xerrno = errno;
+ debugs(42, DBG_CRITICAL, HERE << " FATAL Shutdown. select()==" << x << ", ERR: " << xstrerr(xerrno));
control.Close();
- exit(1);
+ exit(EXIT_FAILURE);
}
if (FD_ISSET(squid_link, &R)) {
if (send(LINK_TO_SQUID, &tv, 0, 0) < 0) {
debugs(42, DBG_CRITICAL, "pinger: Closing. No requests in last " << PINGER_TIMEOUT << " seconds.");
control.Close();
- exit(1);
+ exit(EXIT_FAILURE);
}
last_check_time = squid_curtime;
}
/* NOTREACHED */
- return 0;
+ return EXIT_SUCCESS;
}
#else /* !USE_ICMP */
main(int argc, char *argv[])
{
std::cerr << argv[0] << ": ICMP support not compiled in." << std::endl;
- return 1;
+ return EXIT_FAILURE;
}
#endif /* USE_ICMP */
projects / thirdparty / squid.git / blobdiff