]>
Commit | Line | Data |
---|---|---|
aff33962 | 1 | /* dnsmasq is Copyright (c) 2000-2015 Simon Kelley |
9e4abcb5 SK |
2 | |
3 | This program is free software; you can redistribute it and/or modify | |
4 | it under the terms of the GNU General Public License as published by | |
824af85b SK |
5 | the Free Software Foundation; version 2 dated June, 1991, or |
6 | (at your option) version 3 dated 29 June, 2007. | |
7 | ||
9e4abcb5 SK |
8 | This program is distributed in the hope that it will be useful, |
9 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
11 | GNU General Public License for more details. | |
824af85b | 12 | |
73a08a24 SK |
13 | You should have received a copy of the GNU General Public License |
14 | along with this program. If not, see <http://www.gnu.org/licenses/>. | |
9e4abcb5 SK |
15 | */ |
16 | ||
c72daea8 SK |
17 | /* Declare static char *compiler_opts in config.h */ |
18 | #define DNSMASQ_COMPILE_OPTS | |
19 | ||
9e4abcb5 SK |
20 | #include "dnsmasq.h" |
21 | ||
5aabfc78 SK |
22 | struct daemon *daemon; |
23 | ||
5aabfc78 SK |
24 | static volatile pid_t pid = 0; |
25 | static volatile int pipewrite; | |
9e4abcb5 | 26 | |
b842bc97 SK |
27 | static int set_dns_listeners(time_t now); |
28 | static void check_dns_listeners(time_t now); | |
3be34541 | 29 | static void sig_handler(int sig); |
5aabfc78 | 30 | static void async_event(int pipe, time_t now); |
c72daea8 SK |
31 | static void fatal_event(struct event_desc *ev, char *msg); |
32 | static int read_event(int fd, struct event_desc *evp, char **msg); | |
47a95169 | 33 | static void poll_resolv(int force, int do_reload, time_t now); |
9e4abcb5 SK |
34 | |
35 | int main (int argc, char **argv) | |
36 | { | |
de37951c | 37 | int bind_fallback = 0; |
9009d746 | 38 | time_t now; |
9e4abcb5 | 39 | struct sigaction sigact; |
26128d27 | 40 | struct iname *if_tmp; |
1a6bca81 SK |
41 | int piperead, pipefd[2], err_pipe[2]; |
42 | struct passwd *ent_pw = NULL; | |
c72daea8 | 43 | #if defined(HAVE_SCRIPT) |
1a6bca81 SK |
44 | uid_t script_uid = 0; |
45 | gid_t script_gid = 0; | |
7622fc06 SK |
46 | #endif |
47 | struct group *gp = NULL; | |
5aabfc78 | 48 | long i, max_fd = sysconf(_SC_OPEN_MAX); |
1a6bca81 SK |
49 | char *baduser = NULL; |
50 | int log_err; | |
51 | #if defined(HAVE_LINUX_NETWORK) | |
52 | cap_user_header_t hdr = NULL; | |
53 | cap_user_data_t data = NULL; | |
3b3f4411 SK |
54 | char *bound_device = NULL; |
55 | int did_bind = 0; | |
1a6bca81 | 56 | #endif |
408c368f | 57 | #if defined(HAVE_DHCP) || defined(HAVE_DHCP6) |
1f776932 | 58 | struct dhcp_context *context; |
ff7eea27 | 59 | struct dhcp_relay *relay; |
408c368f | 60 | #endif |
30d0879e ST |
61 | #ifdef HAVE_TFTP |
62 | int tftp_prefix_missing = 0; | |
63 | #endif | |
5aabfc78 | 64 | |
824af85b | 65 | #ifdef LOCALEDIR |
b8187c80 SK |
66 | setlocale(LC_ALL, ""); |
67 | bindtextdomain("dnsmasq", LOCALEDIR); | |
68 | textdomain("dnsmasq"); | |
69 | #endif | |
70 | ||
9e4abcb5 SK |
71 | sigact.sa_handler = sig_handler; |
72 | sigact.sa_flags = 0; | |
73 | sigemptyset(&sigact.sa_mask); | |
74 | sigaction(SIGUSR1, &sigact, NULL); | |
5aabfc78 | 75 | sigaction(SIGUSR2, &sigact, NULL); |
9e4abcb5 SK |
76 | sigaction(SIGHUP, &sigact, NULL); |
77 | sigaction(SIGTERM, &sigact, NULL); | |
44a2a316 | 78 | sigaction(SIGALRM, &sigact, NULL); |
feba5c1d SK |
79 | sigaction(SIGCHLD, &sigact, NULL); |
80 | ||
81 | /* ignore SIGPIPE */ | |
82 | sigact.sa_handler = SIG_IGN; | |
83 | sigaction(SIGPIPE, &sigact, NULL); | |
9e4abcb5 | 84 | |
5aabfc78 | 85 | umask(022); /* known umask, create leases and pid files as 0644 */ |
b5ea1cc2 SK |
86 | |
87 | rand_init(); /* Must precede read_opts() */ | |
88 | ||
5aabfc78 | 89 | read_opts(argc, argv, compile_opts); |
c3e0b9b6 | 90 | |
3be34541 | 91 | if (daemon->edns_pktsz < PACKETSZ) |
60b68069 | 92 | daemon->edns_pktsz = PACKETSZ; |
3ddacb86 | 93 | |
0a852541 SK |
94 | daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ? |
95 | daemon->edns_pktsz : DNSMASQ_PACKETSZ; | |
96 | daemon->packet = safe_malloc(daemon->packet_buff_sz); | |
3ddacb86 | 97 | |
c72daea8 | 98 | daemon->addrbuff = safe_malloc(ADDRSTRLEN); |
25cf5e37 SK |
99 | if (option_bool(OPT_EXTRALOG)) |
100 | daemon->addrbuff2 = safe_malloc(ADDRSTRLEN); | |
3ddacb86 SK |
101 | |
102 | #ifdef HAVE_DNSSEC | |
103 | if (option_bool(OPT_DNSSEC_VALID)) | |
5107ace1 | 104 | { |
cbe379ad SK |
105 | /* Note that both /000 and '.' are allowed within labels. These get |
106 | represented in presentation format using NAME_ESCAPE as an escape | |
107 | character when in DNSSEC mode. | |
108 | In theory, if all the characters in a name were /000 or | |
109 | '.' or NAME_ESCAPE then all would have to be escaped, so the | |
110 | presentation format would be twice as long as the spec. | |
111 | ||
112 | daemon->namebuff was previously allocated by the option-reading | |
113 | code before we knew if we're in DNSSEC mode, so reallocate here. */ | |
114 | free(daemon->namebuff); | |
115 | daemon->namebuff = safe_malloc(MAXDNAME * 2); | |
116 | daemon->keyname = safe_malloc(MAXDNAME * 2); | |
117 | daemon->workspacename = safe_malloc(MAXDNAME * 2); | |
5107ace1 | 118 | } |
3ddacb86 | 119 | #endif |
4f7b304f | 120 | |
7622fc06 | 121 | #ifdef HAVE_DHCP |
3be34541 | 122 | if (!daemon->lease_file) |
9e4abcb5 | 123 | { |
52b92f4d | 124 | if (daemon->dhcp || daemon->dhcp6) |
3be34541 | 125 | daemon->lease_file = LEASEFILE; |
9e4abcb5 | 126 | } |
7622fc06 | 127 | #endif |
9e4abcb5 | 128 | |
a2761754 SK |
129 | /* Close any file descriptors we inherited apart from std{in|out|err} |
130 | ||
131 | Ensure that at least stdin, stdout and stderr (fd 0, 1, 2) exist, | |
132 | otherwise file descriptors we create can end up being 0, 1, or 2 | |
133 | and then get accidentally closed later when we make 0, 1, and 2 | |
134 | open to /dev/null. Normally we'll be started with 0, 1 and 2 open, | |
135 | but it's not guaranteed. By opening /dev/null three times, we | |
136 | ensure that we're not using those fds for real stuff. */ | |
5aabfc78 SK |
137 | for (i = 0; i < max_fd; i++) |
138 | if (i != STDOUT_FILENO && i != STDERR_FILENO && i != STDIN_FILENO) | |
139 | close(i); | |
a2761754 SK |
140 | else |
141 | open("/dev/null", O_RDWR); | |
5aabfc78 | 142 | |
801ca9a7 SK |
143 | #ifndef HAVE_LINUX_NETWORK |
144 | # if !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR)) | |
28866e95 | 145 | if (!option_bool(OPT_NOWILD)) |
de37951c SK |
146 | { |
147 | bind_fallback = 1; | |
28866e95 | 148 | set_option_bool(OPT_NOWILD); |
de37951c | 149 | } |
801ca9a7 | 150 | # endif |
2b5bae9a SK |
151 | |
152 | /* -- bind-dynamic not supported on !Linux, fall back to --bind-interfaces */ | |
54dd393f | 153 | if (option_bool(OPT_CLEVERBIND)) |
2b5bae9a SK |
154 | { |
155 | bind_fallback = 1; | |
156 | set_option_bool(OPT_NOWILD); | |
236e072c | 157 | reset_option_bool(OPT_CLEVERBIND); |
2b5bae9a | 158 | } |
0491805d | 159 | #endif |
5f4dc5c6 | 160 | |
0491805d | 161 | #ifndef HAVE_INOTIFY |
70d1873d SK |
162 | if (daemon->dynamic_dirs) |
163 | die(_("dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"), NULL, EC_BADCONF); | |
309331f5 | 164 | #endif |
2b5bae9a | 165 | |
0744ca66 SK |
166 | if (option_bool(OPT_DNSSEC_VALID)) |
167 | { | |
3ddacb86 | 168 | #ifdef HAVE_DNSSEC |
ee415867 | 169 | if (!daemon->ds) |
360f2513 | 170 | die(_("no trust anchors provided for DNSSEC"), NULL, EC_BADCONF); |
0744ca66 SK |
171 | |
172 | if (daemon->cachesize < CACHESIZ) | |
360f2513 | 173 | die(_("cannot reduce cache size from default when DNSSEC enabled"), NULL, EC_BADCONF); |
0744ca66 SK |
174 | #else |
175 | die(_("DNSSEC not available: set HAVE_DNSSEC in src/config.h"), NULL, EC_BADCONF); | |
3ddacb86 | 176 | #endif |
0744ca66 | 177 | } |
3ddacb86 | 178 | |
832af0ba | 179 | #ifndef HAVE_TFTP |
9b40cbf5 | 180 | if (option_bool(OPT_TFTP)) |
5aabfc78 | 181 | die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL, EC_BADCONF); |
832af0ba SK |
182 | #endif |
183 | ||
7de060b0 SK |
184 | #ifdef HAVE_CONNTRACK |
185 | if (option_bool(OPT_CONNTRACK) && (daemon->query_port != 0 || daemon->osport)) | |
360f2513 | 186 | die (_("cannot use --conntrack AND --query-port"), NULL, EC_BADCONF); |
7de060b0 SK |
187 | #else |
188 | if (option_bool(OPT_CONNTRACK)) | |
360f2513 | 189 | die(_("conntrack support not available: set HAVE_CONNTRACK in src/config.h"), NULL, EC_BADCONF); |
7de060b0 SK |
190 | #endif |
191 | ||
824af85b SK |
192 | #ifdef HAVE_SOLARIS_NETWORK |
193 | if (daemon->max_logs != 0) | |
194 | die(_("asychronous logging is not available under Solaris"), NULL, EC_BADCONF); | |
195 | #endif | |
196 | ||
572b41eb SK |
197 | #ifdef __ANDROID__ |
198 | if (daemon->max_logs != 0) | |
199 | die(_("asychronous logging is not available under Android"), NULL, EC_BADCONF); | |
200 | #endif | |
201 | ||
4820dce9 SK |
202 | #ifndef HAVE_AUTH |
203 | if (daemon->authserver) | |
204 | die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL, EC_BADCONF); | |
205 | #endif | |
206 | ||
b5ea1cc2 SK |
207 | #ifndef HAVE_LOOP |
208 | if (option_bool(OPT_LOOP_DETECT)) | |
360f2513 | 209 | die(_("loop detection not available: set HAVE_LOOP in src/config.h"), NULL, EC_BADCONF); |
b5ea1cc2 | 210 | #endif |
1a6bca81 | 211 | |
5aabfc78 | 212 | now = dnsmasq_time(); |
4f7b304f | 213 | |
b0ff858e | 214 | /* Create a serial at startup if not configured. */ |
4f7b304f SK |
215 | if (daemon->authinterface && daemon->soa_sn == 0) |
216 | #ifdef HAVE_BROKEN_RTC | |
b0ff858e | 217 | die(_("zone serial must be configured in --auth-soa"), NULL, EC_BADCONF); |
4f7b304f SK |
218 | #else |
219 | daemon->soa_sn = now; | |
220 | #endif | |
5aabfc78 | 221 | |
ff7eea27 SK |
222 | #ifdef HAVE_DHCP6 |
223 | if (daemon->dhcp6) | |
224 | { | |
225 | daemon->doing_ra = option_bool(OPT_RA); | |
1f776932 | 226 | |
ff7eea27 | 227 | for (context = daemon->dhcp6; context; context = context->next) |
1f776932 | 228 | { |
ff7eea27 SK |
229 | if (context->flags & CONTEXT_DHCP) |
230 | daemon->doing_dhcp6 = 1; | |
231 | if (context->flags & CONTEXT_RA) | |
232 | daemon->doing_ra = 1; | |
1ee9be4c | 233 | #if !defined(HAVE_LINUX_NETWORK) && !defined(HAVE_BSD_NETWORK) |
ff7eea27 SK |
234 | if (context->flags & CONTEXT_TEMPLATE) |
235 | die (_("dhcp-range constructor not available on this platform"), NULL, EC_BADCONF); | |
bb86e858 | 236 | #endif |
1f776932 | 237 | } |
ff7eea27 SK |
238 | } |
239 | #endif | |
240 | ||
241 | #ifdef HAVE_DHCP | |
242 | /* Note that order matters here, we must call lease_init before | |
243 | creating any file descriptors which shouldn't be leaked | |
244 | to the lease-script init process. We need to call common_init | |
245 | before lease_init to allocate buffers it uses.*/ | |
246 | if (daemon->dhcp || daemon->doing_dhcp6 || daemon->relay4 || daemon->relay6) | |
247 | { | |
248 | dhcp_common_init(); | |
1f776932 | 249 | if (daemon->dhcp || daemon->doing_dhcp6) |
ff7eea27 SK |
250 | lease_init(now); |
251 | } | |
252 | ||
253 | if (daemon->dhcp || daemon->relay4) | |
254 | dhcp_init(); | |
255 | ||
843c96b4 | 256 | # ifdef HAVE_DHCP6 |
89500e31 | 257 | if (daemon->doing_ra || daemon->doing_dhcp6 || daemon->relay6) |
ff7eea27 SK |
258 | ra_init(now); |
259 | ||
260 | if (daemon->doing_dhcp6 || daemon->relay6) | |
261 | dhcp6_init(); | |
801ca9a7 SK |
262 | # endif |
263 | ||
264 | #endif | |
265 | ||
13d86c73 JD |
266 | #ifdef HAVE_IPSET |
267 | if (daemon->ipsets) | |
268 | ipset_init(); | |
269 | #endif | |
270 | ||
1ee9be4c | 271 | #if defined(HAVE_LINUX_NETWORK) |
801ca9a7 | 272 | netlink_init(); |
1ee9be4c SK |
273 | #elif defined(HAVE_BSD_NETWORK) |
274 | route_init(); | |
801ca9a7 SK |
275 | #endif |
276 | ||
1ee9be4c SK |
277 | if (option_bool(OPT_NOWILD) && option_bool(OPT_CLEVERBIND)) |
278 | die(_("cannot set --bind-interfaces and --bind-dynamic"), NULL, EC_BADCONF); | |
279 | ||
115ac3e4 | 280 | if (!enumerate_interfaces(1) || !enumerate_interfaces(0)) |
5aabfc78 | 281 | die(_("failed to find list of interfaces: %s"), NULL, EC_MISC); |
843c96b4 | 282 | |
54dd393f | 283 | if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND)) |
de37951c | 284 | { |
74c95c25 | 285 | create_bound_listeners(1); |
54dd393f SK |
286 | |
287 | if (!option_bool(OPT_CLEVERBIND)) | |
288 | for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next) | |
289 | if (if_tmp->name && !if_tmp->used) | |
290 | die(_("unknown interface %s"), if_tmp->name, EC_BADNET); | |
9380ba70 SK |
291 | |
292 | #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP) | |
293 | /* after enumerate_interfaces() */ | |
3b3f4411 SK |
294 | bound_device = whichdevice(); |
295 | ||
9380ba70 SK |
296 | if (daemon->dhcp) |
297 | { | |
3b3f4411 SK |
298 | if (!daemon->relay4 && bound_device) |
299 | { | |
300 | bindtodevice(bound_device, daemon->dhcpfd); | |
301 | did_bind = 1; | |
302 | } | |
303 | if (daemon->enable_pxe && bound_device) | |
304 | { | |
305 | bindtodevice(bound_device, daemon->pxefd); | |
306 | did_bind = 1; | |
307 | } | |
9380ba70 SK |
308 | } |
309 | #endif | |
310 | ||
311 | #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP6) | |
3b3f4411 SK |
312 | if (daemon->doing_dhcp6 && !daemon->relay6 && bound_device) |
313 | { | |
314 | bindtodevice(bound_device, daemon->dhcp6fd); | |
315 | did_bind = 1; | |
316 | } | |
9380ba70 | 317 | #endif |
de37951c | 318 | } |
28866e95 | 319 | else |
74c95c25 | 320 | create_wildcard_listeners(); |
5d162f20 SK |
321 | |
322 | #ifdef HAVE_DHCP6 | |
323 | /* after enumerate_interfaces() */ | |
ff7eea27 | 324 | if (daemon->doing_dhcp6 || daemon->relay6 || daemon->doing_ra) |
5d162f20 | 325 | join_multicast(1); |
3511a928 SK |
326 | |
327 | /* After netlink_init() and before create_helper() */ | |
328 | lease_make_duid(now); | |
5d162f20 | 329 | #endif |
de37951c | 330 | |
824af85b | 331 | if (daemon->port != 0) |
82e3f45a SK |
332 | { |
333 | cache_init(); | |
193de4ab | 334 | |
82e3f45a SK |
335 | #ifdef HAVE_DNSSEC |
336 | blockdata_init(); | |
337 | #endif | |
5f4dc5c6 | 338 | } |
193de4ab | 339 | |
0491805d | 340 | #ifdef HAVE_INOTIFY |
70d1873d | 341 | if (daemon->port != 0 || daemon->dhcp || daemon->doing_dhcp6) |
5f4dc5c6 SK |
342 | inotify_dnsmasq_init(); |
343 | else | |
344 | daemon->inotifyfd = -1; | |
193de4ab | 345 | #endif |
5f4dc5c6 | 346 | |
28866e95 | 347 | if (option_bool(OPT_DBUS)) |
3d8df260 SK |
348 | #ifdef HAVE_DBUS |
349 | { | |
350 | char *err; | |
351 | daemon->dbus = NULL; | |
352 | daemon->watches = NULL; | |
5aabfc78 SK |
353 | if ((err = dbus_init())) |
354 | die(_("DBus error: %s"), err, EC_MISC); | |
3d8df260 SK |
355 | } |
356 | #else | |
5aabfc78 | 357 | die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL, EC_BADCONF); |
3d8df260 | 358 | #endif |
7aa970e2 | 359 | |
824af85b SK |
360 | if (daemon->port != 0) |
361 | pre_allocate_sfds(); | |
1a6bca81 | 362 | |
c72daea8 | 363 | #if defined(HAVE_SCRIPT) |
1a6bca81 | 364 | /* Note getpwnam returns static storage */ |
843c96b4 SK |
365 | if ((daemon->dhcp || daemon->dhcp6) && |
366 | daemon->scriptuser && | |
c72daea8 | 367 | (daemon->lease_change_command || daemon->luascript)) |
1a6bca81 SK |
368 | { |
369 | if ((ent_pw = getpwnam(daemon->scriptuser))) | |
370 | { | |
371 | script_uid = ent_pw->pw_uid; | |
372 | script_gid = ent_pw->pw_gid; | |
373 | } | |
374 | else | |
375 | baduser = daemon->scriptuser; | |
376 | } | |
7622fc06 | 377 | #endif |
9e4abcb5 | 378 | |
1a6bca81 SK |
379 | if (daemon->username && !(ent_pw = getpwnam(daemon->username))) |
380 | baduser = daemon->username; | |
381 | else if (daemon->groupname && !(gp = getgrnam(daemon->groupname))) | |
382 | baduser = daemon->groupname; | |
383 | ||
384 | if (baduser) | |
385 | die(_("unknown user or group: %s"), baduser, EC_BADCONF); | |
f6e62e2a | 386 | |
1a6bca81 SK |
387 | /* implement group defaults, "dip" if available, or group associated with uid */ |
388 | if (!daemon->group_set && !gp) | |
389 | { | |
390 | if (!(gp = getgrnam(CHGRP)) && ent_pw) | |
391 | gp = getgrgid(ent_pw->pw_gid); | |
392 | ||
393 | /* for error message */ | |
394 | if (gp) | |
395 | daemon->groupname = gp->gr_name; | |
396 | } | |
397 | ||
398 | #if defined(HAVE_LINUX_NETWORK) | |
399 | /* determine capability API version here, while we can still | |
400 | call safe_malloc */ | |
401 | if (ent_pw && ent_pw->pw_uid != 0) | |
402 | { | |
1a6bca81 | 403 | int capsize = 1; /* for header version 1 */ |
3927da46 SK |
404 | hdr = safe_malloc(sizeof(*hdr)); |
405 | ||
1a6bca81 SK |
406 | /* find version supported by kernel */ |
407 | memset(hdr, 0, sizeof(*hdr)); | |
408 | capget(hdr, NULL); | |
409 | ||
410 | if (hdr->version != LINUX_CAPABILITY_VERSION_1) | |
411 | { | |
412 | /* if unknown version, use largest supported version (3) */ | |
413 | if (hdr->version != LINUX_CAPABILITY_VERSION_2) | |
414 | hdr->version = LINUX_CAPABILITY_VERSION_3; | |
415 | capsize = 2; | |
416 | } | |
417 | ||
418 | data = safe_malloc(sizeof(*data) * capsize); | |
419 | memset(data, 0, sizeof(*data) * capsize); | |
420 | } | |
421 | #endif | |
422 | ||
5aabfc78 | 423 | /* Use a pipe to carry signals and other events back to the event loop |
1a6bca81 SK |
424 | in a race-free manner and another to carry errors to daemon-invoking process */ |
425 | safe_pipe(pipefd, 1); | |
5e9e0efb SK |
426 | |
427 | piperead = pipefd[0]; | |
428 | pipewrite = pipefd[1]; | |
429 | /* prime the pipe to load stuff first time. */ | |
e98bd52e | 430 | send_event(pipewrite, EVENT_INIT, 0, NULL); |
1a6bca81 SK |
431 | |
432 | err_pipe[1] = -1; | |
1697269c | 433 | |
28866e95 | 434 | if (!option_bool(OPT_DEBUG)) |
9e4abcb5 | 435 | { |
9e4abcb5 SK |
436 | /* The following code "daemonizes" the process. |
437 | See Stevens section 12.4 */ | |
1a6bca81 | 438 | |
9e038946 SK |
439 | if (chdir("/") != 0) |
440 | die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC); | |
441 | ||
1697269c | 442 | #ifndef NO_FORK |
28866e95 | 443 | if (!option_bool(OPT_NO_FORK)) |
3be34541 | 444 | { |
5aabfc78 | 445 | pid_t pid; |
3be34541 | 446 | |
1a6bca81 SK |
447 | /* pipe to carry errors back to original process. |
448 | When startup is complete we close this and the process terminates. */ | |
449 | safe_pipe(err_pipe, 0); | |
450 | ||
7622fc06 SK |
451 | if ((pid = fork()) == -1) |
452 | /* fd == -1 since we've not forked, never returns. */ | |
c72daea8 | 453 | send_event(-1, EVENT_FORK_ERR, errno, NULL); |
9e038946 | 454 | |
5aabfc78 | 455 | if (pid != 0) |
1a6bca81 SK |
456 | { |
457 | struct event_desc ev; | |
c72daea8 SK |
458 | char *msg; |
459 | ||
1a6bca81 | 460 | /* close our copy of write-end */ |
ff841ebf | 461 | while (retry_send(close(err_pipe[1]))); |
1a6bca81 SK |
462 | |
463 | /* check for errors after the fork */ | |
c72daea8 SK |
464 | if (read_event(err_pipe[0], &ev, &msg)) |
465 | fatal_event(&ev, msg); | |
1a6bca81 SK |
466 | |
467 | _exit(EC_GOOD); | |
468 | } | |
469 | ||
ff841ebf | 470 | while (retry_send(close(err_pipe[0]))); |
1a6bca81 SK |
471 | |
472 | /* NO calls to die() from here on. */ | |
3be34541 | 473 | |
5aabfc78 | 474 | setsid(); |
7622fc06 SK |
475 | |
476 | if ((pid = fork()) == -1) | |
c72daea8 | 477 | send_event(err_pipe[1], EVENT_FORK_ERR, errno, NULL); |
7622fc06 SK |
478 | |
479 | if (pid != 0) | |
7cebd20f | 480 | _exit(0); |
3be34541 | 481 | } |
9e4abcb5 | 482 | #endif |
9e038946 | 483 | |
9e4abcb5 | 484 | /* write pidfile _after_ forking ! */ |
1a6bca81 SK |
485 | if (daemon->runfile) |
486 | { | |
79cfefd8 SK |
487 | int fd, err = 0; |
488 | ||
489 | sprintf(daemon->namebuff, "%d\n", (int) getpid()); | |
490 | ||
491 | /* Explanation: Some installations of dnsmasq (eg Debian/Ubuntu) locate the pid-file | |
492 | in a directory which is writable by the non-privileged user that dnsmasq runs as. This | |
493 | allows the daemon to delete the file as part of its shutdown. This is a security hole to the | |
494 | extent that an attacker running as the unprivileged user could replace the pidfile with a | |
495 | symlink, and have the target of that symlink overwritten as root next time dnsmasq starts. | |
496 | ||
497 | The folowing code first deletes any existing file, and then opens it with the O_EXCL flag, | |
498 | ensuring that the open() fails should there be any existing file (because the unlink() failed, | |
499 | or an attacker exploited the race between unlink() and open()). This ensures that no symlink | |
500 | attack can succeed. | |
501 | ||
502 | Any compromise of the non-privileged user still theoretically allows the pid-file to be | |
503 | replaced whilst dnsmasq is running. The worst that could allow is that the usual | |
504 | "shutdown dnsmasq" shell command could be tricked into stopping any other process. | |
505 | ||
506 | Note that if dnsmasq is started as non-root (eg for testing) it silently ignores | |
507 | failure to write the pid-file. | |
508 | */ | |
509 | ||
510 | unlink(daemon->runfile); | |
1a6bca81 | 511 | |
79cfefd8 | 512 | if ((fd = open(daemon->runfile, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH)) == -1) |
1a6bca81 | 513 | { |
79cfefd8 SK |
514 | /* only complain if started as root */ |
515 | if (getuid() == 0) | |
516 | err = 1; | |
1a6bca81 | 517 | } |
79cfefd8 SK |
518 | else |
519 | { | |
520 | if (!read_write(fd, (unsigned char *)daemon->namebuff, strlen(daemon->namebuff), 0)) | |
521 | err = 1; | |
ff841ebf SK |
522 | else |
523 | { | |
524 | while (retry_send(close(fd))); | |
525 | if (errno != 0) | |
526 | err = 1; | |
527 | } | |
79cfefd8 SK |
528 | } |
529 | ||
530 | if (err) | |
1a6bca81 | 531 | { |
c72daea8 | 532 | send_event(err_pipe[1], EVENT_PIDFILE, errno, daemon->runfile); |
1a6bca81 SK |
533 | _exit(0); |
534 | } | |
9e4abcb5 | 535 | } |
1697269c SK |
536 | } |
537 | ||
8ef5ada2 SK |
538 | log_err = log_start(ent_pw, err_pipe[1]); |
539 | ||
28866e95 | 540 | if (!option_bool(OPT_DEBUG)) |
8ef5ada2 SK |
541 | { |
542 | /* open stdout etc to /dev/null */ | |
543 | int nullfd = open("/dev/null", O_RDWR); | |
544 | dup2(nullfd, STDOUT_FILENO); | |
545 | dup2(nullfd, STDERR_FILENO); | |
546 | dup2(nullfd, STDIN_FILENO); | |
547 | close(nullfd); | |
548 | } | |
1a6bca81 SK |
549 | |
550 | /* if we are to run scripts, we need to fork a helper before dropping root. */ | |
551 | daemon->helperfd = -1; | |
c72daea8 | 552 | #ifdef HAVE_SCRIPT |
52b92f4d | 553 | if ((daemon->dhcp || daemon->dhcp6) && (daemon->lease_change_command || daemon->luascript)) |
1a6bca81 | 554 | daemon->helperfd = create_helper(pipewrite, err_pipe[1], script_uid, script_gid, max_fd); |
5aabfc78 | 555 | #endif |
5aabfc78 | 556 | |
28866e95 | 557 | if (!option_bool(OPT_DEBUG) && getuid() == 0) |
1697269c | 558 | { |
1a6bca81 SK |
559 | int bad_capabilities = 0; |
560 | gid_t dummy; | |
561 | ||
562 | /* remove all supplimentary groups */ | |
563 | if (gp && | |
564 | (setgroups(0, &dummy) == -1 || | |
565 | setgid(gp->gr_gid) == -1)) | |
9e4abcb5 | 566 | { |
c72daea8 | 567 | send_event(err_pipe[1], EVENT_GROUP_ERR, errno, daemon->groupname); |
1a6bca81 | 568 | _exit(0); |
7cebd20f | 569 | } |
1a6bca81 | 570 | |
7cebd20f | 571 | if (ent_pw && ent_pw->pw_uid != 0) |
1697269c | 572 | { |
74c95c25 | 573 | #if defined(HAVE_LINUX_NETWORK) |
1697269c | 574 | /* On linux, we keep CAP_NETADMIN (for ARP-injection) and |
74c95c25 | 575 | CAP_NET_RAW (for icmp) if we're doing dhcp. If we have yet to bind |
54dd393f SK |
576 | ports because of DAD, or we're doing it dynamically, |
577 | we need CAP_NET_BIND_SERVICE too. */ | |
578 | if (is_dad_listeners() || option_bool(OPT_CLEVERBIND)) | |
74c95c25 SK |
579 | data->effective = data->permitted = data->inheritable = |
580 | (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | | |
581 | (1 << CAP_SETUID) | (1 << CAP_NET_BIND_SERVICE); | |
582 | else | |
583 | data->effective = data->permitted = data->inheritable = | |
584 | (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID); | |
5e9e0efb | 585 | |
1697269c | 586 | /* Tell kernel to not clear capabilities when dropping root */ |
572b41eb | 587 | if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1) |
1697269c | 588 | bad_capabilities = errno; |
1a6bca81 | 589 | |
7622fc06 | 590 | #elif defined(HAVE_SOLARIS_NETWORK) |
824af85b SK |
591 | /* http://developers.sun.com/solaris/articles/program_privileges.html */ |
592 | priv_set_t *priv_set; | |
593 | ||
594 | if (!(priv_set = priv_str_to_set("basic", ",", NULL)) || | |
595 | priv_addset(priv_set, PRIV_NET_ICMPACCESS) == -1 || | |
596 | priv_addset(priv_set, PRIV_SYS_NET_CONFIG) == -1) | |
597 | bad_capabilities = errno; | |
598 | ||
599 | if (priv_set && bad_capabilities == 0) | |
600 | { | |
601 | priv_inverse(priv_set); | |
602 | ||
603 | if (setppriv(PRIV_OFF, PRIV_LIMIT, priv_set) == -1) | |
604 | bad_capabilities = errno; | |
605 | } | |
606 | ||
607 | if (priv_set) | |
608 | priv_freeset(priv_set); | |
609 | ||
824af85b SK |
610 | #endif |
611 | ||
1a6bca81 | 612 | if (bad_capabilities != 0) |
1697269c | 613 | { |
c72daea8 | 614 | send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities, NULL); |
1a6bca81 SK |
615 | _exit(0); |
616 | } | |
617 | ||
618 | /* finally drop root */ | |
619 | if (setuid(ent_pw->pw_uid) == -1) | |
620 | { | |
c72daea8 | 621 | send_event(err_pipe[1], EVENT_USER_ERR, errno, daemon->username); |
1a6bca81 SK |
622 | _exit(0); |
623 | } | |
624 | ||
1697269c | 625 | #ifdef HAVE_LINUX_NETWORK |
54dd393f | 626 | if (is_dad_listeners() || option_bool(OPT_CLEVERBIND)) |
74c95c25 SK |
627 | data->effective = data->permitted = |
628 | (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_NET_BIND_SERVICE); | |
629 | else | |
630 | data->effective = data->permitted = | |
631 | (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW); | |
1a6bca81 SK |
632 | data->inheritable = 0; |
633 | ||
634 | /* lose the setuid and setgid capbilities */ | |
635 | if (capset(hdr, data) == -1) | |
636 | { | |
c72daea8 | 637 | send_event(err_pipe[1], EVENT_CAP_ERR, errno, NULL); |
1a6bca81 | 638 | _exit(0); |
1697269c | 639 | } |
1a6bca81 SK |
640 | #endif |
641 | ||
9e4abcb5 SK |
642 | } |
643 | } | |
1697269c | 644 | |
1697269c | 645 | #ifdef HAVE_LINUX_NETWORK |
28b879ac CW |
646 | free(hdr); |
647 | free(data); | |
28866e95 | 648 | if (option_bool(OPT_DEBUG)) |
572b41eb | 649 | prctl(PR_SET_DUMPABLE, 1, 0, 0, 0); |
1697269c | 650 | #endif |
9e4abcb5 | 651 | |
8b3ae2fd | 652 | #ifdef HAVE_TFTP |
30d0879e | 653 | if (option_bool(OPT_TFTP)) |
8b3ae2fd SK |
654 | { |
655 | DIR *dir; | |
656 | struct tftp_prefix *p; | |
657 | ||
658 | if (daemon->tftp_prefix) | |
659 | { | |
660 | if (!((dir = opendir(daemon->tftp_prefix)))) | |
661 | { | |
30d0879e ST |
662 | tftp_prefix_missing = 1; |
663 | if (!option_bool(OPT_TFTP_NO_FAIL)) | |
664 | { | |
665 | send_event(err_pipe[1], EVENT_TFTP_ERR, errno, daemon->tftp_prefix); | |
666 | _exit(0); | |
667 | } | |
8b3ae2fd | 668 | } |
b4c0f092 ST |
669 | else |
670 | closedir(dir); | |
8b3ae2fd | 671 | } |
7aa970e2 | 672 | |
8b3ae2fd SK |
673 | for (p = daemon->if_prefix; p; p = p->next) |
674 | { | |
30d0879e | 675 | p->missing = 0; |
8b3ae2fd | 676 | if (!((dir = opendir(p->prefix)))) |
30d0879e ST |
677 | { |
678 | p->missing = 1; | |
679 | if (!option_bool(OPT_TFTP_NO_FAIL)) | |
680 | { | |
681 | send_event(err_pipe[1], EVENT_TFTP_ERR, errno, p->prefix); | |
682 | _exit(0); | |
683 | } | |
7aa970e2 | 684 | } |
b4c0f092 ST |
685 | else |
686 | closedir(dir); | |
8b3ae2fd SK |
687 | } |
688 | } | |
689 | #endif | |
7aa970e2 | 690 | |
824af85b SK |
691 | if (daemon->port == 0) |
692 | my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION); | |
693 | else if (daemon->cachesize != 0) | |
f2621c7f | 694 | my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize); |
9e4abcb5 | 695 | else |
f2621c7f | 696 | my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION); |
1697269c | 697 | |
f2621c7f | 698 | my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts); |
1697269c | 699 | |
3d8df260 | 700 | #ifdef HAVE_DBUS |
28866e95 | 701 | if (option_bool(OPT_DBUS)) |
3d8df260 SK |
702 | { |
703 | if (daemon->dbus) | |
f2621c7f | 704 | my_syslog(LOG_INFO, _("DBus support enabled: connected to system bus")); |
3d8df260 | 705 | else |
f2621c7f | 706 | my_syslog(LOG_INFO, _("DBus support enabled: bus connection pending")); |
3d8df260 SK |
707 | } |
708 | #endif | |
1a9a3489 SK |
709 | |
710 | if (option_bool(OPT_LOCAL_SERVICE)) | |
711 | my_syslog(LOG_INFO, _("DNS service limited to local subnets")); | |
db737466 | 712 | |
1d97ac4f | 713 | #ifdef HAVE_DNSSEC |
db737466 | 714 | if (option_bool(OPT_DNSSEC_VALID)) |
e98bd52e | 715 | { |
360f2513 SK |
716 | int rc; |
717 | ||
718 | /* Delay creating the timestamp file until here, after we've changed user, so that | |
719 | it has the correct owner to allow updating the mtime later. | |
720 | This means we have to report fatal errors via the pipe. */ | |
721 | if ((rc = setup_timestamp()) == -1) | |
722 | { | |
723 | send_event(err_pipe[1], EVENT_TIME_ERR, errno, daemon->timestamp_file); | |
724 | _exit(0); | |
725 | } | |
726 | ||
e98bd52e | 727 | my_syslog(LOG_INFO, _("DNSSEC validation enabled")); |
360f2513 | 728 | |
e98bd52e SK |
729 | if (option_bool(OPT_DNSSEC_TIME)) |
730 | my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until first cache reload")); | |
360f2513 SK |
731 | |
732 | if (rc == 1) | |
f6e62e2a | 733 | my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until system time valid")); |
e98bd52e | 734 | } |
db737466 | 735 | #endif |
3d8df260 | 736 | |
1a6bca81 SK |
737 | if (log_err != 0) |
738 | my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"), | |
739 | daemon->log_file, strerror(log_err)); | |
db737466 | 740 | |
de37951c | 741 | if (bind_fallback) |
f2621c7f | 742 | my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations")); |
dc27e148 | 743 | |
f7029f5c SK |
744 | if (option_bool(OPT_NOWILD)) |
745 | warn_bound_listeners(); | |
746 | ||
747 | warn_int_names(); | |
de37951c | 748 | |
28866e95 | 749 | if (!option_bool(OPT_NOWILD)) |
26128d27 SK |
750 | for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next) |
751 | if (if_tmp->name && !if_tmp->used) | |
f2621c7f | 752 | my_syslog(LOG_WARNING, _("warning: interface %s does not currently exist"), if_tmp->name); |
5e9e0efb | 753 | |
28866e95 | 754 | if (daemon->port != 0 && option_bool(OPT_NO_RESOLV)) |
208b65c5 SK |
755 | { |
756 | if (daemon->resolv_files && !daemon->resolv_files->is_default) | |
f2621c7f | 757 | my_syslog(LOG_WARNING, _("warning: ignoring resolv-file flag because no-resolv is set")); |
208b65c5 | 758 | daemon->resolv_files = NULL; |
1b7ecd11 | 759 | if (!daemon->servers) |
f2621c7f | 760 | my_syslog(LOG_WARNING, _("warning: no upstream servers configured")); |
208b65c5 SK |
761 | } |
762 | ||
f2621c7f SK |
763 | if (daemon->max_logs != 0) |
764 | my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"), daemon->max_logs); | |
1f776932 | 765 | |
f2621c7f | 766 | |
7622fc06 | 767 | #ifdef HAVE_DHCP |
1f776932 SK |
768 | for (context = daemon->dhcp; context; context = context->next) |
769 | log_context(AF_INET, context); | |
52b92f4d | 770 | |
ff7eea27 SK |
771 | for (relay = daemon->relay4; relay; relay = relay->next) |
772 | log_relay(AF_INET, relay); | |
773 | ||
1f776932 SK |
774 | # ifdef HAVE_DHCP6 |
775 | for (context = daemon->dhcp6; context; context = context->next) | |
776 | log_context(AF_INET6, context); | |
777 | ||
ff7eea27 SK |
778 | for (relay = daemon->relay6; relay; relay = relay->next) |
779 | log_relay(AF_INET6, relay); | |
780 | ||
1f776932 SK |
781 | if (daemon->doing_dhcp6 || daemon->doing_ra) |
782 | dhcp_construct_contexts(now); | |
783 | ||
784 | if (option_bool(OPT_RA)) | |
785 | my_syslog(MS_DHCP | LOG_INFO, _("IPv6 router advertisement enabled")); | |
786 | # endif | |
26128d27 | 787 | |
3b3f4411 SK |
788 | # ifdef HAVE_LINUX_NETWORK |
789 | if (did_bind) | |
790 | my_syslog(MS_DHCP | LOG_INFO, _("DHCP, sockets bound exclusively to interface %s"), bound_device); | |
791 | # endif | |
792 | ||
8445f5d2 SK |
793 | /* after dhcp_contruct_contexts */ |
794 | if (daemon->dhcp || daemon->doing_dhcp6) | |
795 | lease_find_interfaces(now); | |
1f776932 | 796 | #endif |
52b92f4d | 797 | |
832af0ba | 798 | #ifdef HAVE_TFTP |
5f4dc5c6 | 799 | if (option_bool(OPT_TFTP)) |
7aa970e2 | 800 | { |
30d0879e | 801 | struct tftp_prefix *p; |
832af0ba | 802 | |
7622fc06 | 803 | my_syslog(MS_TFTP | LOG_INFO, "TFTP %s%s %s", |
f2621c7f SK |
804 | daemon->tftp_prefix ? _("root is ") : _("enabled"), |
805 | daemon->tftp_prefix ? daemon->tftp_prefix: "", | |
28866e95 | 806 | option_bool(OPT_TFTP_SECURE) ? _("secure mode") : ""); |
7aa970e2 | 807 | |
30d0879e ST |
808 | if (tftp_prefix_missing) |
809 | my_syslog(MS_TFTP | LOG_WARNING, _("warning: %s inaccessible"), daemon->tftp_prefix); | |
7aa970e2 | 810 | |
30d0879e ST |
811 | for (p = daemon->if_prefix; p; p = p->next) |
812 | if (p->missing) | |
813 | my_syslog(MS_TFTP | LOG_WARNING, _("warning: TFTP directory %s inaccessible"), p->prefix); | |
814 | ||
832af0ba | 815 | /* This is a guess, it assumes that for small limits, |
f2621c7f | 816 | disjoint files might be served, but for large limits, |
832af0ba SK |
817 | a single file will be sent to may clients (the file only needs |
818 | one fd). */ | |
819 | ||
820 | max_fd -= 30; /* use other than TFTP */ | |
821 | ||
822 | if (max_fd < 0) | |
823 | max_fd = 5; | |
824 | else if (max_fd < 100) | |
825 | max_fd = max_fd/2; | |
826 | else | |
827 | max_fd = max_fd - 20; | |
824af85b SK |
828 | |
829 | /* if we have to use a limited range of ports, | |
830 | that will limit the number of transfers */ | |
831 | if (daemon->start_tftp_port != 0 && | |
832 | daemon->end_tftp_port - daemon->start_tftp_port + 1 < max_fd) | |
833 | max_fd = daemon->end_tftp_port - daemon->start_tftp_port + 1; | |
832af0ba SK |
834 | |
835 | if (daemon->tftp_max > max_fd) | |
836 | { | |
837 | daemon->tftp_max = max_fd; | |
7622fc06 | 838 | my_syslog(MS_TFTP | LOG_WARNING, |
f2621c7f SK |
839 | _("restricting maximum simultaneous TFTP transfers to %d"), |
840 | daemon->tftp_max); | |
832af0ba SK |
841 | } |
842 | } | |
843 | #endif | |
844 | ||
1a6bca81 SK |
845 | /* finished start-up - release original process */ |
846 | if (err_pipe[1] != -1) | |
ff841ebf | 847 | while (retry_send(close(err_pipe[1]))); |
9e4abcb5 | 848 | |
824af85b SK |
849 | if (daemon->port != 0) |
850 | check_servers(); | |
851 | ||
7cebd20f SK |
852 | pid = getpid(); |
853 | ||
0491805d | 854 | #ifdef HAVE_INOTIFY |
193de4ab SK |
855 | /* Using inotify, have to select a resolv file at startup */ |
856 | poll_resolv(1, 0, now); | |
857 | #endif | |
858 | ||
5e9e0efb | 859 | while (1) |
9e4abcb5 | 860 | { |
b842bc97 | 861 | int t, timeout = -1; |
9e4abcb5 | 862 | |
b842bc97 | 863 | poll_reset(); |
9e4abcb5 | 864 | |
1697269c SK |
865 | /* if we are out of resources, find how long we have to wait |
866 | for some to come free, we'll loop around then and restart | |
867 | listening for queries */ | |
b842bc97 SK |
868 | if ((t = set_dns_listeners(now)) != 0) |
869 | timeout = t * 1000; | |
1697269c | 870 | |
832af0ba SK |
871 | /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */ |
872 | if (daemon->tftp_trans || | |
28866e95 | 873 | (option_bool(OPT_DBUS) && !daemon->dbus)) |
b842bc97 SK |
874 | timeout = 250; |
875 | ||
74c95c25 SK |
876 | /* Wake every second whilst waiting for DAD to complete */ |
877 | else if (is_dad_listeners()) | |
b842bc97 | 878 | timeout = 1000; |
44a2a316 | 879 | |
832af0ba | 880 | #ifdef HAVE_DBUS |
b842bc97 | 881 | set_dbus_listeners(); |
5e9e0efb SK |
882 | #endif |
883 | ||
7622fc06 | 884 | #ifdef HAVE_DHCP |
ff7eea27 | 885 | if (daemon->dhcp || daemon->relay4) |
5e9e0efb | 886 | { |
b842bc97 | 887 | poll_listen(daemon->dhcpfd, POLLIN); |
316e2730 | 888 | if (daemon->pxefd != -1) |
b842bc97 | 889 | poll_listen(daemon->pxefd, POLLIN); |
5e9e0efb | 890 | } |
7622fc06 | 891 | #endif |
cdeda28f | 892 | |
52b92f4d | 893 | #ifdef HAVE_DHCP6 |
ff7eea27 | 894 | if (daemon->doing_dhcp6 || daemon->relay6) |
b842bc97 | 895 | poll_listen(daemon->dhcp6fd, POLLIN); |
f6d69562 | 896 | |
1f776932 | 897 | if (daemon->doing_ra) |
b842bc97 | 898 | poll_listen(daemon->icmp6fd, POLLIN); |
52b92f4d | 899 | #endif |
0491805d SK |
900 | |
901 | #ifdef HAVE_INOTIFY | |
5f4dc5c6 | 902 | if (daemon->inotifyfd != -1) |
b842bc97 | 903 | poll_listen(daemon->inotifyfd, POLLIN); |
0491805d SK |
904 | #endif |
905 | ||
906 | #if defined(HAVE_LINUX_NETWORK) | |
b842bc97 | 907 | poll_listen(daemon->netlinkfd, POLLIN); |
1ee9be4c | 908 | #elif defined(HAVE_BSD_NETWORK) |
b842bc97 | 909 | poll_listen(daemon->routefd, POLLIN); |
3d8df260 | 910 | #endif |
193de4ab | 911 | |
b842bc97 | 912 | poll_listen(piperead, POLLIN); |
1697269c | 913 | |
7622fc06 | 914 | #ifdef HAVE_DHCP |
1f15b81d | 915 | # ifdef HAVE_SCRIPT |
5aabfc78 | 916 | while (helper_buf_empty() && do_script_run(now)); |
1697269c | 917 | |
a9530964 SK |
918 | # ifdef HAVE_TFTP |
919 | while (helper_buf_empty() && do_tftp_script_run()); | |
920 | # endif | |
921 | ||
1697269c | 922 | if (!helper_buf_empty()) |
b842bc97 | 923 | poll_listen(daemon->helperfd, POLLOUT); |
7622fc06 | 924 | # else |
5aabfc78 SK |
925 | /* need this for other side-effects */ |
926 | while (do_script_run(now)); | |
a9530964 SK |
927 | |
928 | # ifdef HAVE_TFTP | |
929 | while (do_tftp_script_run()); | |
930 | # endif | |
931 | ||
7622fc06 | 932 | # endif |
5aabfc78 | 933 | #endif |
7622fc06 | 934 | |
f2621c7f SK |
935 | /* must do this just before select(), when we know no |
936 | more calls to my_syslog() can occur */ | |
b842bc97 SK |
937 | set_log_writer(); |
938 | ||
939 | if (do_poll(timeout) < 0) | |
940 | continue; | |
f2621c7f | 941 | |
5e9e0efb | 942 | now = dnsmasq_time(); |
9e4abcb5 | 943 | |
b842bc97 | 944 | check_log_writer(0); |
115ac3e4 SK |
945 | |
946 | /* prime. */ | |
947 | enumerate_interfaces(1); | |
948 | ||
74c95c25 SK |
949 | /* Check the interfaces to see if any have exited DAD state |
950 | and if so, bind the address. */ | |
951 | if (is_dad_listeners()) | |
952 | { | |
115ac3e4 | 953 | enumerate_interfaces(0); |
74c95c25 SK |
954 | /* NB, is_dad_listeners() == 1 --> we're binding interfaces */ |
955 | create_bound_listeners(0); | |
dc27e148 | 956 | warn_bound_listeners(); |
74c95c25 | 957 | } |
f2621c7f | 958 | |
1ee9be4c | 959 | #if defined(HAVE_LINUX_NETWORK) |
b842bc97 | 960 | if (poll_check(daemon->netlinkfd, POLLIN)) |
a0358e5d | 961 | netlink_multicast(); |
1ee9be4c | 962 | #elif defined(HAVE_BSD_NETWORK) |
b842bc97 | 963 | if (poll_check(daemon->routefd, POLLIN)) |
a0358e5d | 964 | route_sock(); |
c52e1897 SK |
965 | #endif |
966 | ||
0491805d | 967 | #ifdef HAVE_INOTIFY |
b842bc97 | 968 | if (daemon->inotifyfd != -1 && poll_check(daemon->inotifyfd, POLLIN) && inotify_check(now)) |
5f4dc5c6 SK |
969 | { |
970 | if (daemon->port != 0 && !option_bool(OPT_NO_POLL)) | |
971 | poll_resolv(1, 1, now); | |
972 | } | |
193de4ab | 973 | #else |
9e4abcb5 | 974 | /* Check for changes to resolv files once per second max. */ |
3d8df260 | 975 | /* Don't go silent for long periods if the clock goes backwards. */ |
9009d746 SK |
976 | if (daemon->last_resolv == 0 || |
977 | difftime(now, daemon->last_resolv) > 1.0 || | |
978 | difftime(now, daemon->last_resolv) < -1.0) | |
9e4abcb5 | 979 | { |
8ef5ada2 SK |
980 | /* poll_resolv doesn't need to reload first time through, since |
981 | that's queued anyway. */ | |
33820b7e | 982 | |
8ef5ada2 SK |
983 | poll_resolv(0, daemon->last_resolv != 0, now); |
984 | daemon->last_resolv = now; | |
9e4abcb5 | 985 | } |
193de4ab SK |
986 | #endif |
987 | ||
b842bc97 | 988 | if (poll_check(piperead, POLLIN)) |
5aabfc78 | 989 | async_event(piperead, now); |
7cebd20f | 990 | |
3d8df260 SK |
991 | #ifdef HAVE_DBUS |
992 | /* if we didn't create a DBus connection, retry now. */ | |
28866e95 | 993 | if (option_bool(OPT_DBUS) && !daemon->dbus) |
3d8df260 SK |
994 | { |
995 | char *err; | |
5aabfc78 | 996 | if ((err = dbus_init())) |
f2621c7f | 997 | my_syslog(LOG_WARNING, _("DBus error: %s"), err); |
3d8df260 | 998 | if (daemon->dbus) |
f2621c7f | 999 | my_syslog(LOG_INFO, _("connected to system DBus")); |
3d8df260 | 1000 | } |
b842bc97 | 1001 | check_dbus_listeners(); |
3d8df260 | 1002 | #endif |
824af85b | 1003 | |
b842bc97 | 1004 | check_dns_listeners(now); |
832af0ba SK |
1005 | |
1006 | #ifdef HAVE_TFTP | |
b842bc97 | 1007 | check_tftp_listeners(now); |
832af0ba SK |
1008 | #endif |
1009 | ||
7622fc06 | 1010 | #ifdef HAVE_DHCP |
ff7eea27 | 1011 | if (daemon->dhcp || daemon->relay4) |
316e2730 | 1012 | { |
b842bc97 | 1013 | if (poll_check(daemon->dhcpfd, POLLIN)) |
316e2730 | 1014 | dhcp_packet(now, 0); |
b842bc97 | 1015 | if (daemon->pxefd != -1 && poll_check(daemon->pxefd, POLLIN)) |
316e2730 SK |
1016 | dhcp_packet(now, 1); |
1017 | } | |
1697269c | 1018 | |
52b92f4d | 1019 | #ifdef HAVE_DHCP6 |
b842bc97 | 1020 | if ((daemon->doing_dhcp6 || daemon->relay6) && poll_check(daemon->dhcp6fd, POLLIN)) |
18c63eff | 1021 | dhcp6_packet(now); |
c5ad4e79 | 1022 | |
b842bc97 | 1023 | if (daemon->doing_ra && poll_check(daemon->icmp6fd, POLLIN)) |
1f776932 | 1024 | icmp6_packet(now); |
52b92f4d SK |
1025 | #endif |
1026 | ||
1f15b81d | 1027 | # ifdef HAVE_SCRIPT |
63ec5d12 | 1028 | if (daemon->helperfd != -1 && poll_check(daemon->helperfd, POLLOUT)) |
5aabfc78 | 1029 | helper_write(); |
7622fc06 | 1030 | # endif |
5aabfc78 SK |
1031 | #endif |
1032 | ||
9e4abcb5 | 1033 | } |
9e4abcb5 SK |
1034 | } |
1035 | ||
3be34541 SK |
1036 | static void sig_handler(int sig) |
1037 | { | |
5e9e0efb | 1038 | if (pid == 0) |
3be34541 | 1039 | { |
1697269c SK |
1040 | /* ignore anything other than TERM during startup |
1041 | and in helper proc. (helper ignore TERM too) */ | |
5e9e0efb | 1042 | if (sig == SIGTERM) |
5aabfc78 | 1043 | exit(EC_MISC); |
3be34541 | 1044 | } |
5aabfc78 | 1045 | else if (pid != getpid()) |
5e9e0efb | 1046 | { |
1697269c | 1047 | /* alarm is used to kill TCP children after a fixed time. */ |
5e9e0efb | 1048 | if (sig == SIGALRM) |
7cebd20f | 1049 | _exit(0); |
3be34541 | 1050 | } |
5aabfc78 SK |
1051 | else |
1052 | { | |
1053 | /* master process */ | |
1054 | int event, errsave = errno; | |
1055 | ||
1056 | if (sig == SIGHUP) | |
1057 | event = EVENT_RELOAD; | |
1058 | else if (sig == SIGCHLD) | |
1059 | event = EVENT_CHILD; | |
1060 | else if (sig == SIGALRM) | |
1061 | event = EVENT_ALARM; | |
1062 | else if (sig == SIGTERM) | |
1063 | event = EVENT_TERM; | |
1064 | else if (sig == SIGUSR1) | |
1065 | event = EVENT_DUMP; | |
1066 | else if (sig == SIGUSR2) | |
1067 | event = EVENT_REOPEN; | |
1068 | else | |
1069 | return; | |
1070 | ||
c72daea8 | 1071 | send_event(pipewrite, event, 0, NULL); |
5aabfc78 SK |
1072 | errno = errsave; |
1073 | } | |
1074 | } | |
1075 | ||
353ae4d2 SK |
1076 | /* now == 0 -> queue immediate callback */ |
1077 | void send_alarm(time_t event, time_t now) | |
741c2952 | 1078 | { |
884a6dfe | 1079 | if (now == 0 || event != 0) |
353ae4d2 | 1080 | { |
884a6dfe SK |
1081 | /* alarm(0) or alarm(-ve) doesn't do what we want.... */ |
1082 | if ((now == 0 || difftime(event, now) <= 0.0)) | |
1083 | send_event(pipewrite, EVENT_ALARM, 0, NULL); | |
1084 | else | |
1085 | alarm((unsigned)difftime(event, now)); | |
353ae4d2 | 1086 | } |
741c2952 SK |
1087 | } |
1088 | ||
47a95169 | 1089 | void queue_event(int event) |
a0358e5d | 1090 | { |
47a95169 | 1091 | send_event(pipewrite, event, 0, NULL); |
a0358e5d SK |
1092 | } |
1093 | ||
c72daea8 | 1094 | void send_event(int fd, int event, int data, char *msg) |
5aabfc78 SK |
1095 | { |
1096 | struct event_desc ev; | |
c72daea8 SK |
1097 | struct iovec iov[2]; |
1098 | ||
5aabfc78 SK |
1099 | ev.event = event; |
1100 | ev.data = data; | |
c72daea8 SK |
1101 | ev.msg_sz = msg ? strlen(msg) : 0; |
1102 | ||
1103 | iov[0].iov_base = &ev; | |
1104 | iov[0].iov_len = sizeof(ev); | |
1105 | iov[1].iov_base = msg; | |
1106 | iov[1].iov_len = ev.msg_sz; | |
1a6bca81 SK |
1107 | |
1108 | /* error pipe, debug mode. */ | |
1109 | if (fd == -1) | |
c72daea8 | 1110 | fatal_event(&ev, msg); |
1a6bca81 SK |
1111 | else |
1112 | /* pipe is non-blocking and struct event_desc is smaller than | |
1113 | PIPE_BUF, so this either fails or writes everything */ | |
c72daea8 | 1114 | while (writev(fd, iov, msg ? 2 : 1) == -1 && errno == EINTR); |
5aabfc78 SK |
1115 | } |
1116 | ||
c72daea8 SK |
1117 | /* NOTE: the memory used to return msg is leaked: use msgs in events only |
1118 | to describe fatal errors. */ | |
1119 | static int read_event(int fd, struct event_desc *evp, char **msg) | |
1120 | { | |
1121 | char *buf; | |
1122 | ||
1123 | if (!read_write(fd, (unsigned char *)evp, sizeof(struct event_desc), 1)) | |
1124 | return 0; | |
1125 | ||
1126 | *msg = NULL; | |
1127 | ||
1128 | if (evp->msg_sz != 0 && | |
1129 | (buf = malloc(evp->msg_sz + 1)) && | |
1130 | read_write(fd, (unsigned char *)buf, evp->msg_sz, 1)) | |
1131 | { | |
1132 | buf[evp->msg_sz] = 0; | |
1133 | *msg = buf; | |
1134 | } | |
1135 | ||
1136 | return 1; | |
1137 | } | |
1138 | ||
1139 | static void fatal_event(struct event_desc *ev, char *msg) | |
1a6bca81 SK |
1140 | { |
1141 | errno = ev->data; | |
1142 | ||
1143 | switch (ev->event) | |
1144 | { | |
1145 | case EVENT_DIE: | |
1146 | exit(0); | |
7622fc06 SK |
1147 | |
1148 | case EVENT_FORK_ERR: | |
1149 | die(_("cannot fork into background: %s"), NULL, EC_MISC); | |
1a6bca81 SK |
1150 | |
1151 | case EVENT_PIPE_ERR: | |
1152 | die(_("failed to create helper: %s"), NULL, EC_MISC); | |
1153 | ||
1154 | case EVENT_CAP_ERR: | |
1155 | die(_("setting capabilities failed: %s"), NULL, EC_MISC); | |
1156 | ||
1157 | case EVENT_USER_ERR: | |
c72daea8 | 1158 | die(_("failed to change user-id to %s: %s"), msg, EC_MISC); |
1a6bca81 SK |
1159 | |
1160 | case EVENT_GROUP_ERR: | |
c72daea8 | 1161 | die(_("failed to change group-id to %s: %s"), msg, EC_MISC); |
1a6bca81 SK |
1162 | |
1163 | case EVENT_PIDFILE: | |
c72daea8 | 1164 | die(_("failed to open pidfile %s: %s"), msg, EC_FILE); |
1a6bca81 SK |
1165 | |
1166 | case EVENT_LOG_ERR: | |
c72daea8 SK |
1167 | die(_("cannot open log %s: %s"), msg, EC_FILE); |
1168 | ||
1169 | case EVENT_LUA_ERR: | |
1170 | die(_("failed to load Lua script: %s"), msg, EC_MISC); | |
8b3ae2fd SK |
1171 | |
1172 | case EVENT_TFTP_ERR: | |
1173 | die(_("TFTP directory %s inaccessible: %s"), msg, EC_FILE); | |
360f2513 SK |
1174 | |
1175 | case EVENT_TIME_ERR: | |
1176 | die(_("cannot create timestamp file %s: %s" ), msg, EC_BADCONF); | |
1a6bca81 SK |
1177 | } |
1178 | } | |
1179 | ||
5aabfc78 SK |
1180 | static void async_event(int pipe, time_t now) |
1181 | { | |
1182 | pid_t p; | |
1183 | struct event_desc ev; | |
7b1eae4f | 1184 | int i, check = 0; |
c72daea8 SK |
1185 | char *msg; |
1186 | ||
1187 | /* NOTE: the memory used to return msg is leaked: use msgs in events only | |
1188 | to describe fatal errors. */ | |
1189 | ||
1190 | if (read_event(pipe, &ev, &msg)) | |
5aabfc78 SK |
1191 | switch (ev.event) |
1192 | { | |
1193 | case EVENT_RELOAD: | |
e98bd52e SK |
1194 | #ifdef HAVE_DNSSEC |
1195 | if (option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME)) | |
1196 | { | |
1197 | my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps")); | |
1198 | reset_option_bool(OPT_DNSSEC_TIME); | |
1199 | } | |
1200 | #endif | |
1201 | /* fall through */ | |
1202 | ||
1203 | case EVENT_INIT: | |
5aabfc78 | 1204 | clear_cache_and_reload(now); |
e98bd52e | 1205 | |
7b1eae4f | 1206 | if (daemon->port != 0) |
5aabfc78 | 1207 | { |
7b1eae4f SK |
1208 | if (daemon->resolv_files && option_bool(OPT_NO_POLL)) |
1209 | { | |
1210 | reload_servers(daemon->resolv_files->name); | |
1211 | check = 1; | |
1212 | } | |
1213 | ||
1214 | if (daemon->servers_file) | |
1215 | { | |
1216 | read_servers_file(); | |
1217 | check = 1; | |
1218 | } | |
1219 | ||
1220 | if (check) | |
1221 | check_servers(); | |
5aabfc78 | 1222 | } |
7b1eae4f | 1223 | |
7622fc06 | 1224 | #ifdef HAVE_DHCP |
5aabfc78 | 1225 | rerun_scripts(); |
7622fc06 | 1226 | #endif |
5aabfc78 SK |
1227 | break; |
1228 | ||
1229 | case EVENT_DUMP: | |
824af85b SK |
1230 | if (daemon->port != 0) |
1231 | dump_cache(now); | |
5aabfc78 SK |
1232 | break; |
1233 | ||
1234 | case EVENT_ALARM: | |
7622fc06 | 1235 | #ifdef HAVE_DHCP |
1f776932 | 1236 | if (daemon->dhcp || daemon->doing_dhcp6) |
5aabfc78 SK |
1237 | { |
1238 | lease_prune(NULL, now); | |
1239 | lease_update_file(now); | |
1240 | } | |
843c96b4 | 1241 | #ifdef HAVE_DHCP6 |
1f776932 | 1242 | else if (daemon->doing_ra) |
353ae4d2 SK |
1243 | /* Not doing DHCP, so no lease system, manage alarms for ra only */ |
1244 | send_alarm(periodic_ra(now), now); | |
843c96b4 | 1245 | #endif |
7622fc06 | 1246 | #endif |
5aabfc78 SK |
1247 | break; |
1248 | ||
1249 | case EVENT_CHILD: | |
1250 | /* See Stevens 5.10 */ | |
1251 | while ((p = waitpid(-1, NULL, WNOHANG)) != 0) | |
1252 | if (p == -1) | |
1253 | { | |
1254 | if (errno != EINTR) | |
1255 | break; | |
1256 | } | |
1257 | else | |
1258 | for (i = 0 ; i < MAX_PROCS; i++) | |
1259 | if (daemon->tcp_pids[i] == p) | |
1260 | daemon->tcp_pids[i] = 0; | |
1261 | break; | |
1262 | ||
1263 | case EVENT_KILLED: | |
c72daea8 | 1264 | my_syslog(LOG_WARNING, _("script process killed by signal %d"), ev.data); |
5aabfc78 SK |
1265 | break; |
1266 | ||
1267 | case EVENT_EXITED: | |
c72daea8 | 1268 | my_syslog(LOG_WARNING, _("script process exited with status %d"), ev.data); |
5aabfc78 SK |
1269 | break; |
1270 | ||
1271 | case EVENT_EXEC_ERR: | |
9e038946 SK |
1272 | my_syslog(LOG_ERR, _("failed to execute %s: %s"), |
1273 | daemon->lease_change_command, strerror(ev.data)); | |
5aabfc78 SK |
1274 | break; |
1275 | ||
1a6bca81 | 1276 | /* necessary for fatal errors in helper */ |
c72daea8 | 1277 | case EVENT_USER_ERR: |
1a6bca81 | 1278 | case EVENT_DIE: |
c72daea8 SK |
1279 | case EVENT_LUA_ERR: |
1280 | fatal_event(&ev, msg); | |
9e038946 SK |
1281 | break; |
1282 | ||
5aabfc78 SK |
1283 | case EVENT_REOPEN: |
1284 | /* Note: this may leave TCP-handling processes with the old file still open. | |
1285 | Since any such process will die in CHILD_LIFETIME or probably much sooner, | |
1286 | we leave them logging to the old file. */ | |
1287 | if (daemon->log_file != NULL) | |
1288 | log_reopen(daemon->log_file); | |
1289 | break; | |
a0358e5d SK |
1290 | |
1291 | case EVENT_NEWADDR: | |
1292 | newaddress(now); | |
1293 | break; | |
47a95169 SK |
1294 | |
1295 | case EVENT_NEWROUTE: | |
1296 | resend_query(); | |
1297 | /* Force re-reading resolv file right now, for luck. */ | |
1298 | poll_resolv(0, 1, now); | |
1299 | break; | |
1300 | ||
5aabfc78 SK |
1301 | case EVENT_TERM: |
1302 | /* Knock all our children on the head. */ | |
1303 | for (i = 0; i < MAX_PROCS; i++) | |
1304 | if (daemon->tcp_pids[i] != 0) | |
1305 | kill(daemon->tcp_pids[i], SIGALRM); | |
1306 | ||
c72daea8 | 1307 | #if defined(HAVE_SCRIPT) |
5aabfc78 SK |
1308 | /* handle pending lease transitions */ |
1309 | if (daemon->helperfd != -1) | |
1310 | { | |
1311 | /* block in writes until all done */ | |
1312 | if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1) | |
1313 | fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK); | |
1314 | do { | |
1315 | helper_write(); | |
1316 | } while (!helper_buf_empty() || do_script_run(now)); | |
ff841ebf | 1317 | while (retry_send(close(daemon->helperfd))); |
5aabfc78 SK |
1318 | } |
1319 | #endif | |
1320 | ||
1321 | if (daemon->lease_stream) | |
1322 | fclose(daemon->lease_stream); | |
73a08a24 | 1323 | |
34b5d194 KDB |
1324 | #ifdef HAVE_DNSSEC |
1325 | /* update timestamp file on TERM if time is considered valid */ | |
1326 | if (daemon->back_to_the_future) | |
1327 | { | |
1328 | if (utime(daemon->timestamp_file, NULL) == -1) | |
1329 | my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno)); | |
1330 | } | |
1331 | #endif | |
1332 | ||
73a08a24 SK |
1333 | if (daemon->runfile) |
1334 | unlink(daemon->runfile); | |
5aabfc78 SK |
1335 | |
1336 | my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM")); | |
1337 | flush_log(); | |
1338 | exit(EC_GOOD); | |
1339 | } | |
3be34541 SK |
1340 | } |
1341 | ||
47a95169 | 1342 | static void poll_resolv(int force, int do_reload, time_t now) |
5aabfc78 SK |
1343 | { |
1344 | struct resolvc *res, *latest; | |
1345 | struct stat statbuf; | |
1346 | time_t last_change = 0; | |
1347 | /* There may be more than one possible file. | |
1348 | Go through and find the one which changed _last_. | |
1349 | Warn of any which can't be read. */ | |
8ef5ada2 | 1350 | |
28866e95 | 1351 | if (daemon->port == 0 || option_bool(OPT_NO_POLL)) |
8ef5ada2 SK |
1352 | return; |
1353 | ||
5aabfc78 SK |
1354 | for (latest = NULL, res = daemon->resolv_files; res; res = res->next) |
1355 | if (stat(res->name, &statbuf) == -1) | |
1356 | { | |
8ef5ada2 SK |
1357 | if (force) |
1358 | { | |
1359 | res->mtime = 0; | |
1360 | continue; | |
1361 | } | |
1362 | ||
5aabfc78 SK |
1363 | if (!res->logged) |
1364 | my_syslog(LOG_WARNING, _("failed to access %s: %s"), res->name, strerror(errno)); | |
1365 | res->logged = 1; | |
8ef5ada2 SK |
1366 | |
1367 | if (res->mtime != 0) | |
1368 | { | |
1369 | /* existing file evaporated, force selection of the latest | |
1370 | file even if its mtime hasn't changed since we last looked */ | |
1371 | poll_resolv(1, do_reload, now); | |
1372 | return; | |
1373 | } | |
5aabfc78 SK |
1374 | } |
1375 | else | |
1376 | { | |
1377 | res->logged = 0; | |
8ef5ada2 SK |
1378 | if (force || (statbuf.st_mtime != res->mtime)) |
1379 | { | |
1380 | res->mtime = statbuf.st_mtime; | |
5aabfc78 SK |
1381 | if (difftime(statbuf.st_mtime, last_change) > 0.0) |
1382 | { | |
1383 | last_change = statbuf.st_mtime; | |
1384 | latest = res; | |
1385 | } | |
1386 | } | |
1387 | } | |
1388 | ||
1389 | if (latest) | |
1390 | { | |
1391 | static int warned = 0; | |
1392 | if (reload_servers(latest->name)) | |
1393 | { | |
1394 | my_syslog(LOG_INFO, _("reading %s"), latest->name); | |
1395 | warned = 0; | |
1396 | check_servers(); | |
28866e95 | 1397 | if (option_bool(OPT_RELOAD) && do_reload) |
8ef5ada2 | 1398 | clear_cache_and_reload(now); |
5aabfc78 SK |
1399 | } |
1400 | else | |
1401 | { | |
1402 | latest->mtime = 0; | |
1403 | if (!warned) | |
1404 | { | |
1405 | my_syslog(LOG_WARNING, _("no servers found in %s, will retry"), latest->name); | |
1406 | warned = 1; | |
1407 | } | |
1408 | } | |
1409 | } | |
1410 | } | |
3d8df260 | 1411 | |
5aabfc78 | 1412 | void clear_cache_and_reload(time_t now) |
3d8df260 | 1413 | { |
408c368f VG |
1414 | (void)now; |
1415 | ||
824af85b | 1416 | if (daemon->port != 0) |
7622fc06 | 1417 | cache_reload(); |
824af85b | 1418 | |
7622fc06 | 1419 | #ifdef HAVE_DHCP |
1f776932 | 1420 | if (daemon->dhcp || daemon->doing_dhcp6) |
3d8df260 | 1421 | { |
28866e95 | 1422 | if (option_bool(OPT_ETHERS)) |
5aabfc78 | 1423 | dhcp_read_ethers(); |
824af85b | 1424 | reread_dhcp(); |
0491805d | 1425 | #ifdef HAVE_INOTIFY |
70d1873d | 1426 | set_dynamic_inotify(AH_DHCP_HST | AH_DHCP_OPT, 0, NULL, 0); |
5f4dc5c6 | 1427 | #endif |
3d8df260 | 1428 | dhcp_update_configs(daemon->dhcp_conf); |
5aabfc78 SK |
1429 | lease_update_from_configs(); |
1430 | lease_update_file(now); | |
353ae4d2 | 1431 | lease_update_dns(1); |
3d8df260 | 1432 | } |
843c96b4 | 1433 | #ifdef HAVE_DHCP6 |
1f776932 | 1434 | else if (daemon->doing_ra) |
2021c662 SK |
1435 | /* Not doing DHCP, so no lease system, manage |
1436 | alarms for ra only */ | |
1437 | send_alarm(periodic_ra(now), now); | |
843c96b4 | 1438 | #endif |
7622fc06 | 1439 | #endif |
3d8df260 SK |
1440 | } |
1441 | ||
b842bc97 | 1442 | static int set_dns_listeners(time_t now) |
3be34541 SK |
1443 | { |
1444 | struct serverfd *serverfdp; | |
1445 | struct listener *listener; | |
824af85b | 1446 | int wait = 0, i; |
832af0ba SK |
1447 | |
1448 | #ifdef HAVE_TFTP | |
1449 | int tftp = 0; | |
1450 | struct tftp_transfer *transfer; | |
1451 | for (transfer = daemon->tftp_trans; transfer; transfer = transfer->next) | |
1452 | { | |
1453 | tftp++; | |
b842bc97 | 1454 | poll_listen(transfer->sockfd, POLLIN); |
832af0ba SK |
1455 | } |
1456 | #endif | |
1457 | ||
1697269c | 1458 | /* will we be able to get memory? */ |
824af85b | 1459 | if (daemon->port != 0) |
3a237152 | 1460 | get_new_frec(now, &wait, 0); |
1697269c | 1461 | |
3be34541 | 1462 | for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next) |
b842bc97 | 1463 | poll_listen(serverfdp->fd, POLLIN); |
f6d69562 | 1464 | |
1a6bca81 SK |
1465 | if (daemon->port != 0 && !daemon->osport) |
1466 | for (i = 0; i < RANDOM_SOCKS; i++) | |
1467 | if (daemon->randomsocks[i].refcount != 0) | |
b842bc97 | 1468 | poll_listen(daemon->randomsocks[i].fd, POLLIN); |
f6d69562 | 1469 | |
3be34541 SK |
1470 | for (listener = daemon->listeners; listener; listener = listener->next) |
1471 | { | |
1697269c | 1472 | /* only listen for queries if we have resources */ |
824af85b | 1473 | if (listener->fd != -1 && wait == 0) |
b842bc97 | 1474 | poll_listen(listener->fd, POLLIN); |
f6d69562 | 1475 | |
1697269c SK |
1476 | /* death of a child goes through the select loop, so |
1477 | we don't need to explicitly arrange to wake up here */ | |
824af85b SK |
1478 | if (listener->tcpfd != -1) |
1479 | for (i = 0; i < MAX_PROCS; i++) | |
1480 | if (daemon->tcp_pids[i] == 0) | |
1481 | { | |
b842bc97 | 1482 | poll_listen(listener->tcpfd, POLLIN); |
824af85b SK |
1483 | break; |
1484 | } | |
9e4abcb5 | 1485 | |
832af0ba SK |
1486 | #ifdef HAVE_TFTP |
1487 | if (tftp <= daemon->tftp_max && listener->tftpfd != -1) | |
b842bc97 | 1488 | poll_listen(listener->tftpfd, POLLIN); |
832af0ba SK |
1489 | #endif |
1490 | ||
1491 | } | |
1492 | ||
1697269c | 1493 | return wait; |
3be34541 | 1494 | } |
9e4abcb5 | 1495 | |
b842bc97 | 1496 | static void check_dns_listeners(time_t now) |
3be34541 SK |
1497 | { |
1498 | struct serverfd *serverfdp; | |
1a6bca81 SK |
1499 | struct listener *listener; |
1500 | int i; | |
1501 | ||
832af0ba | 1502 | for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next) |
b842bc97 | 1503 | if (poll_check(serverfdp->fd, POLLIN)) |
1a6bca81 SK |
1504 | reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now); |
1505 | ||
1506 | if (daemon->port != 0 && !daemon->osport) | |
1507 | for (i = 0; i < RANDOM_SOCKS; i++) | |
1508 | if (daemon->randomsocks[i].refcount != 0 && | |
b842bc97 | 1509 | poll_check(daemon->randomsocks[i].fd, POLLIN)) |
1a6bca81 | 1510 | reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now); |
832af0ba SK |
1511 | |
1512 | for (listener = daemon->listeners; listener; listener = listener->next) | |
1513 | { | |
b842bc97 | 1514 | if (listener->fd != -1 && poll_check(listener->fd, POLLIN)) |
5aabfc78 | 1515 | receive_query(listener, now); |
1a6bca81 | 1516 | |
832af0ba | 1517 | #ifdef HAVE_TFTP |
b842bc97 | 1518 | if (listener->tftpfd != -1 && poll_check(listener->tftpfd, POLLIN)) |
5aabfc78 | 1519 | tftp_request(listener, now); |
832af0ba | 1520 | #endif |
3be34541 | 1521 | |
b842bc97 | 1522 | if (listener->tcpfd != -1 && poll_check(listener->tcpfd, POLLIN)) |
832af0ba | 1523 | { |
22ce550e | 1524 | int confd, client_ok = 1; |
832af0ba SK |
1525 | struct irec *iface = NULL; |
1526 | pid_t p; | |
52d4abf2 SK |
1527 | union mysockaddr tcp_addr; |
1528 | socklen_t tcp_len = sizeof(union mysockaddr); | |
1529 | ||
1530 | while ((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR); | |
832af0ba | 1531 | |
46b06656 | 1532 | if (confd == -1) |
832af0ba | 1533 | continue; |
76dd75de | 1534 | |
46b06656 SK |
1535 | if (getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) == -1) |
1536 | { | |
ff841ebf | 1537 | while (retry_send(close(confd))); |
46b06656 SK |
1538 | continue; |
1539 | } | |
76dd75de SK |
1540 | |
1541 | /* Make sure that the interface list is up-to-date. | |
1542 | ||
1543 | We do this here as we may need the results below, and | |
1544 | the DNS code needs them for --interface-name stuff. | |
1545 | ||
1546 | Multiple calls to enumerate_interfaces() per select loop are | |
1547 | inhibited, so calls to it in the child process (which doesn't select()) | |
1548 | have no effect. This avoids two processes reading from the same | |
1549 | netlink fd and screwing the pooch entirely. | |
1550 | */ | |
e25db1f2 | 1551 | |
76dd75de SK |
1552 | enumerate_interfaces(0); |
1553 | ||
1554 | if (option_bool(OPT_NOWILD)) | |
1555 | iface = listener->iface; /* May be NULL */ | |
1556 | else | |
1557 | { | |
1558 | int if_index; | |
1559 | char intr_name[IF_NAMESIZE]; | |
1560 | ||
1561 | /* if we can find the arrival interface, check it's one that's allowed */ | |
1562 | if ((if_index = tcp_interface(confd, tcp_addr.sa.sa_family)) != 0 && | |
1563 | indextoname(listener->tcpfd, if_index, intr_name)) | |
1564 | { | |
1565 | struct all_addr addr; | |
1566 | addr.addr.addr4 = tcp_addr.in.sin_addr; | |
e25db1f2 | 1567 | #ifdef HAVE_IPV6 |
76dd75de SK |
1568 | if (tcp_addr.sa.sa_family == AF_INET6) |
1569 | addr.addr.addr6 = tcp_addr.in6.sin6_addr; | |
e25db1f2 | 1570 | #endif |
76dd75de SK |
1571 | |
1572 | for (iface = daemon->interfaces; iface; iface = iface->next) | |
1573 | if (iface->index == if_index) | |
1574 | break; | |
1575 | ||
1576 | if (!iface && !loopback_exception(listener->tcpfd, tcp_addr.sa.sa_family, &addr, intr_name)) | |
1577 | client_ok = 0; | |
1578 | } | |
1579 | ||
1580 | if (option_bool(OPT_CLEVERBIND)) | |
1581 | iface = listener->iface; /* May be NULL */ | |
1582 | else | |
1583 | { | |
1584 | /* Check for allowed interfaces when binding the wildcard address: | |
1585 | we do this by looking for an interface with the same address as | |
1586 | the local address of the TCP connection, then looking to see if that's | |
1587 | an allowed interface. As a side effect, we get the netmask of the | |
1588 | interface too, for localisation. */ | |
1589 | ||
1590 | for (iface = daemon->interfaces; iface; iface = iface->next) | |
1591 | if (sockaddr_isequal(&iface->addr, &tcp_addr)) | |
1592 | break; | |
1593 | ||
1594 | if (!iface) | |
1595 | client_ok = 0; | |
1596 | } | |
1597 | } | |
1598 | ||
22ce550e | 1599 | if (!client_ok) |
832af0ba SK |
1600 | { |
1601 | shutdown(confd, SHUT_RDWR); | |
ff841ebf | 1602 | while (retry_send(close(confd))); |
832af0ba | 1603 | } |
59353a6b | 1604 | #ifndef NO_FORK |
28866e95 | 1605 | else if (!option_bool(OPT_DEBUG) && (p = fork()) != 0) |
832af0ba SK |
1606 | { |
1607 | if (p != -1) | |
1608 | { | |
1609 | int i; | |
1610 | for (i = 0; i < MAX_PROCS; i++) | |
1611 | if (daemon->tcp_pids[i] == 0) | |
1612 | { | |
1613 | daemon->tcp_pids[i] = p; | |
1614 | break; | |
1615 | } | |
1616 | } | |
ff841ebf | 1617 | while (retry_send(close(confd))); |
25cf5e37 SK |
1618 | |
1619 | /* The child can use up to TCP_MAX_QUERIES ids, so skip that many. */ | |
1620 | daemon->log_id += TCP_MAX_QUERIES; | |
832af0ba SK |
1621 | } |
1622 | #endif | |
1623 | else | |
1624 | { | |
1625 | unsigned char *buff; | |
1626 | struct server *s; | |
1627 | int flags; | |
52d4abf2 | 1628 | struct in_addr netmask; |
4f7b304f | 1629 | int auth_dns; |
52d4abf2 SK |
1630 | |
1631 | if (iface) | |
4f7b304f SK |
1632 | { |
1633 | netmask = iface->netmask; | |
1634 | auth_dns = iface->dns_auth; | |
1635 | } | |
52d4abf2 | 1636 | else |
4f7b304f SK |
1637 | { |
1638 | netmask.s_addr = 0; | |
1639 | auth_dns = 0; | |
1640 | } | |
52d4abf2 | 1641 | |
8ef5ada2 SK |
1642 | #ifndef NO_FORK |
1643 | /* Arrange for SIGALARM after CHILD_LIFETIME seconds to | |
1644 | terminate the process. */ | |
28866e95 | 1645 | if (!option_bool(OPT_DEBUG)) |
832af0ba | 1646 | alarm(CHILD_LIFETIME); |
8ef5ada2 SK |
1647 | #endif |
1648 | ||
832af0ba SK |
1649 | /* start with no upstream connections. */ |
1650 | for (s = daemon->servers; s; s = s->next) | |
7cebd20f | 1651 | s->tcpfd = -1; |
832af0ba SK |
1652 | |
1653 | /* The connected socket inherits non-blocking | |
1654 | attribute from the listening socket. | |
1655 | Reset that here. */ | |
1656 | if ((flags = fcntl(confd, F_GETFL, 0)) != -1) | |
1657 | fcntl(confd, F_SETFL, flags & ~O_NONBLOCK); | |
1658 | ||
4f7b304f | 1659 | buff = tcp_request(confd, now, &tcp_addr, netmask, auth_dns); |
7cebd20f | 1660 | |
832af0ba | 1661 | shutdown(confd, SHUT_RDWR); |
ff841ebf | 1662 | while (retry_send(close(confd))); |
832af0ba SK |
1663 | |
1664 | if (buff) | |
1665 | free(buff); | |
1666 | ||
1667 | for (s = daemon->servers; s; s = s->next) | |
1668 | if (s->tcpfd != -1) | |
1669 | { | |
1670 | shutdown(s->tcpfd, SHUT_RDWR); | |
ff841ebf | 1671 | while (retry_send(close(s->tcpfd))); |
832af0ba | 1672 | } |
7cebd20f | 1673 | #ifndef NO_FORK |
28866e95 | 1674 | if (!option_bool(OPT_DEBUG)) |
5aabfc78 SK |
1675 | { |
1676 | flush_log(); | |
1677 | _exit(0); | |
1678 | } | |
59353a6b | 1679 | #endif |
832af0ba SK |
1680 | } |
1681 | } | |
1682 | } | |
3be34541 SK |
1683 | } |
1684 | ||
7622fc06 | 1685 | #ifdef HAVE_DHCP |
5e9e0efb SK |
1686 | int make_icmp_sock(void) |
1687 | { | |
7cebd20f | 1688 | int fd; |
5e9e0efb SK |
1689 | int zeroopt = 0; |
1690 | ||
1691 | if ((fd = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1) | |
1692 | { | |
7cebd20f | 1693 | if (!fix_fd(fd) || |
5e9e0efb SK |
1694 | setsockopt(fd, SOL_SOCKET, SO_DONTROUTE, &zeroopt, sizeof(zeroopt)) == -1) |
1695 | { | |
1696 | close(fd); | |
1697 | fd = -1; | |
1698 | } | |
1699 | } | |
1700 | ||
1701 | return fd; | |
1702 | } | |
1703 | ||
5aabfc78 | 1704 | int icmp_ping(struct in_addr addr) |
3be34541 | 1705 | { |
5e9e0efb | 1706 | /* Try and get an ICMP echo from a machine. */ |
3be34541 SK |
1707 | |
1708 | /* Note that whilst in the three second wait, we check for | |
832af0ba | 1709 | (and service) events on the DNS and TFTP sockets, (so doing that |
3be34541 SK |
1710 | better not use any resources our caller has in use...) |
1711 | but we remain deaf to signals or further DHCP packets. */ | |
1712 | ||
5e95a552 SK |
1713 | /* There can be a problem using dnsmasq_time() to end the loop, since |
1714 | it's not monotonic, and can go backwards if the system clock is | |
1715 | tweaked, leading to the code getting stuck in this loop and | |
1716 | ignoring DHCP requests. To fix this, we check to see if select returned | |
1717 | as a result of a timeout rather than a socket becoming available. We | |
1718 | only allow this to happen as many times as it takes to get to the wait time | |
1719 | in quarter-second chunks. This provides a fallback way to end loop. */ | |
1720 | ||
1721 | int fd, rc; | |
3be34541 SK |
1722 | struct sockaddr_in saddr; |
1723 | struct { | |
1724 | struct ip ip; | |
1725 | struct icmp icmp; | |
1726 | } packet; | |
1727 | unsigned short id = rand16(); | |
5e95a552 | 1728 | unsigned int i, j, timeout_count; |
5e9e0efb | 1729 | int gotreply = 0; |
3be34541 | 1730 | time_t start, now; |
5e9e0efb | 1731 | |
824af85b | 1732 | #if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK) |
5e9e0efb SK |
1733 | if ((fd = make_icmp_sock()) == -1) |
1734 | return 0; | |
1735 | #else | |
1736 | int opt = 2000; | |
1737 | fd = daemon->dhcp_icmp_fd; | |
1738 | setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt)); | |
1739 | #endif | |
1740 | ||
3be34541 SK |
1741 | saddr.sin_family = AF_INET; |
1742 | saddr.sin_port = 0; | |
1743 | saddr.sin_addr = addr; | |
1744 | #ifdef HAVE_SOCKADDR_SA_LEN | |
1745 | saddr.sin_len = sizeof(struct sockaddr_in); | |
1746 | #endif | |
1747 | ||
1748 | memset(&packet.icmp, 0, sizeof(packet.icmp)); | |
1749 | packet.icmp.icmp_type = ICMP_ECHO; | |
1750 | packet.icmp.icmp_id = id; | |
1751 | for (j = 0, i = 0; i < sizeof(struct icmp) / 2; i++) | |
1752 | j += ((u16 *)&packet.icmp)[i]; | |
1753 | while (j>>16) | |
1754 | j = (j & 0xffff) + (j >> 16); | |
1755 | packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j; | |
1756 | ||
ff841ebf SK |
1757 | while (retry_send(sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0, |
1758 | (struct sockaddr *)&saddr, sizeof(saddr)))); | |
fd9fa481 | 1759 | |
5e95a552 SK |
1760 | for (now = start = dnsmasq_time(), timeout_count = 0; |
1761 | (difftime(now, start) < (float)PING_WAIT) && (timeout_count < PING_WAIT * 4);) | |
fd9fa481 | 1762 | { |
fd9fa481 | 1763 | struct sockaddr_in faddr; |
3d8df260 | 1764 | socklen_t len = sizeof(faddr); |
fd9fa481 | 1765 | |
b842bc97 SK |
1766 | poll_reset(); |
1767 | poll_listen(fd, POLLIN); | |
1768 | set_dns_listeners(now); | |
1769 | set_log_writer(); | |
c5ad4e79 SK |
1770 | |
1771 | #ifdef HAVE_DHCP6 | |
1f776932 | 1772 | if (daemon->doing_ra) |
b842bc97 | 1773 | poll_listen(daemon->icmp6fd, POLLIN); |
c5ad4e79 SK |
1774 | #endif |
1775 | ||
b842bc97 | 1776 | rc = do_poll(250); |
5e95a552 SK |
1777 | |
1778 | if (rc < 0) | |
b842bc97 | 1779 | continue; |
5e95a552 SK |
1780 | else if (rc == 0) |
1781 | timeout_count++; | |
f2621c7f | 1782 | |
5e9e0efb | 1783 | now = dnsmasq_time(); |
f2621c7f | 1784 | |
b842bc97 SK |
1785 | check_log_writer(0); |
1786 | check_dns_listeners(now); | |
832af0ba | 1787 | |
c5ad4e79 | 1788 | #ifdef HAVE_DHCP6 |
b842bc97 | 1789 | if (daemon->doing_ra && poll_check(daemon->icmp6fd, POLLIN)) |
1f776932 | 1790 | icmp6_packet(now); |
c5ad4e79 SK |
1791 | #endif |
1792 | ||
832af0ba | 1793 | #ifdef HAVE_TFTP |
b842bc97 | 1794 | check_tftp_listeners(now); |
832af0ba SK |
1795 | #endif |
1796 | ||
b842bc97 | 1797 | if (poll_check(fd, POLLIN) && |
5e9e0efb | 1798 | recvfrom(fd, &packet, sizeof(packet), 0, |
fd9fa481 SK |
1799 | (struct sockaddr *)&faddr, &len) == sizeof(packet) && |
1800 | saddr.sin_addr.s_addr == faddr.sin_addr.s_addr && | |
1801 | packet.icmp.icmp_type == ICMP_ECHOREPLY && | |
1802 | packet.icmp.icmp_seq == 0 && | |
1803 | packet.icmp.icmp_id == id) | |
1804 | { | |
1805 | gotreply = 1; | |
1806 | break; | |
1807 | } | |
1808 | } | |
1809 | ||
824af85b | 1810 | #if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK) |
ff841ebf | 1811 | while (retry_send(close(fd))); |
5e9e0efb | 1812 | #else |
3be34541 | 1813 | opt = 1; |
5e9e0efb SK |
1814 | setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt)); |
1815 | #endif | |
1816 | ||
3be34541 SK |
1817 | return gotreply; |
1818 | } | |
7622fc06 | 1819 | #endif |
0a852541 SK |
1820 | |
1821 |