]>
Commit | Line | Data |
---|---|---|
59546085 | 1 | /* dnsmasq is Copyright (c) 2000-2012 Simon Kelley |
9e4abcb5 SK |
2 | |
3 | This program is free software; you can redistribute it and/or modify | |
4 | it under the terms of the GNU General Public License as published by | |
824af85b SK |
5 | the Free Software Foundation; version 2 dated June, 1991, or |
6 | (at your option) version 3 dated 29 June, 2007. | |
7 | ||
9e4abcb5 SK |
8 | This program is distributed in the hope that it will be useful, |
9 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
11 | GNU General Public License for more details. | |
824af85b | 12 | |
73a08a24 SK |
13 | You should have received a copy of the GNU General Public License |
14 | along with this program. If not, see <http://www.gnu.org/licenses/>. | |
9e4abcb5 SK |
15 | */ |
16 | ||
c72daea8 SK |
17 | /* Declare static char *compiler_opts in config.h */ |
18 | #define DNSMASQ_COMPILE_OPTS | |
19 | ||
9e4abcb5 SK |
20 | #include "dnsmasq.h" |
21 | ||
5aabfc78 SK |
22 | struct daemon *daemon; |
23 | ||
5aabfc78 SK |
24 | static volatile pid_t pid = 0; |
25 | static volatile int pipewrite; | |
9e4abcb5 | 26 | |
5aabfc78 SK |
27 | static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp); |
28 | static void check_dns_listeners(fd_set *set, time_t now); | |
3be34541 | 29 | static void sig_handler(int sig); |
5aabfc78 | 30 | static void async_event(int pipe, time_t now); |
c72daea8 SK |
31 | static void fatal_event(struct event_desc *ev, char *msg); |
32 | static int read_event(int fd, struct event_desc *evp, char **msg); | |
9e4abcb5 SK |
33 | |
34 | int main (int argc, char **argv) | |
35 | { | |
de37951c | 36 | int bind_fallback = 0; |
9009d746 | 37 | time_t now; |
9e4abcb5 | 38 | struct sigaction sigact; |
26128d27 | 39 | struct iname *if_tmp; |
1a6bca81 SK |
40 | int piperead, pipefd[2], err_pipe[2]; |
41 | struct passwd *ent_pw = NULL; | |
c72daea8 | 42 | #if defined(HAVE_SCRIPT) |
1a6bca81 SK |
43 | uid_t script_uid = 0; |
44 | gid_t script_gid = 0; | |
7622fc06 SK |
45 | #endif |
46 | struct group *gp = NULL; | |
5aabfc78 | 47 | long i, max_fd = sysconf(_SC_OPEN_MAX); |
1a6bca81 SK |
48 | char *baduser = NULL; |
49 | int log_err; | |
50 | #if defined(HAVE_LINUX_NETWORK) | |
51 | cap_user_header_t hdr = NULL; | |
52 | cap_user_data_t data = NULL; | |
53 | #endif | |
5aabfc78 | 54 | |
824af85b | 55 | #ifdef LOCALEDIR |
b8187c80 SK |
56 | setlocale(LC_ALL, ""); |
57 | bindtextdomain("dnsmasq", LOCALEDIR); | |
58 | textdomain("dnsmasq"); | |
59 | #endif | |
60 | ||
9e4abcb5 SK |
61 | sigact.sa_handler = sig_handler; |
62 | sigact.sa_flags = 0; | |
63 | sigemptyset(&sigact.sa_mask); | |
64 | sigaction(SIGUSR1, &sigact, NULL); | |
5aabfc78 | 65 | sigaction(SIGUSR2, &sigact, NULL); |
9e4abcb5 SK |
66 | sigaction(SIGHUP, &sigact, NULL); |
67 | sigaction(SIGTERM, &sigact, NULL); | |
44a2a316 | 68 | sigaction(SIGALRM, &sigact, NULL); |
feba5c1d SK |
69 | sigaction(SIGCHLD, &sigact, NULL); |
70 | ||
71 | /* ignore SIGPIPE */ | |
72 | sigact.sa_handler = SIG_IGN; | |
73 | sigaction(SIGPIPE, &sigact, NULL); | |
9e4abcb5 | 74 | |
5aabfc78 SK |
75 | umask(022); /* known umask, create leases and pid files as 0644 */ |
76 | ||
77 | read_opts(argc, argv, compile_opts); | |
78 | ||
3be34541 SK |
79 | if (daemon->edns_pktsz < PACKETSZ) |
80 | daemon->edns_pktsz = PACKETSZ; | |
0a852541 SK |
81 | daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ? |
82 | daemon->edns_pktsz : DNSMASQ_PACKETSZ; | |
83 | daemon->packet = safe_malloc(daemon->packet_buff_sz); | |
1a6bca81 | 84 | |
c72daea8 SK |
85 | daemon->addrbuff = safe_malloc(ADDRSTRLEN); |
86 | ||
7622fc06 | 87 | #ifdef HAVE_DHCP |
3be34541 | 88 | if (!daemon->lease_file) |
9e4abcb5 | 89 | { |
52b92f4d | 90 | if (daemon->dhcp || daemon->dhcp6) |
3be34541 | 91 | daemon->lease_file = LEASEFILE; |
9e4abcb5 | 92 | } |
7622fc06 | 93 | #endif |
9e4abcb5 | 94 | |
a2761754 SK |
95 | /* Close any file descriptors we inherited apart from std{in|out|err} |
96 | ||
97 | Ensure that at least stdin, stdout and stderr (fd 0, 1, 2) exist, | |
98 | otherwise file descriptors we create can end up being 0, 1, or 2 | |
99 | and then get accidentally closed later when we make 0, 1, and 2 | |
100 | open to /dev/null. Normally we'll be started with 0, 1 and 2 open, | |
101 | but it's not guaranteed. By opening /dev/null three times, we | |
102 | ensure that we're not using those fds for real stuff. */ | |
5aabfc78 SK |
103 | for (i = 0; i < max_fd; i++) |
104 | if (i != STDOUT_FILENO && i != STDERR_FILENO && i != STDIN_FILENO) | |
105 | close(i); | |
a2761754 SK |
106 | else |
107 | open("/dev/null", O_RDWR); | |
5aabfc78 | 108 | |
801ca9a7 SK |
109 | #ifndef HAVE_LINUX_NETWORK |
110 | # if !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR)) | |
28866e95 | 111 | if (!option_bool(OPT_NOWILD)) |
de37951c SK |
112 | { |
113 | bind_fallback = 1; | |
28866e95 | 114 | set_option_bool(OPT_NOWILD); |
de37951c | 115 | } |
801ca9a7 | 116 | # endif |
2b5bae9a SK |
117 | |
118 | /* -- bind-dynamic not supported on !Linux, fall back to --bind-interfaces */ | |
54dd393f | 119 | if (option_bool(OPT_CLEVERBIND)) |
2b5bae9a SK |
120 | { |
121 | bind_fallback = 1; | |
122 | set_option_bool(OPT_NOWILD); | |
236e072c | 123 | reset_option_bool(OPT_CLEVERBIND); |
2b5bae9a | 124 | } |
309331f5 | 125 | #endif |
2b5bae9a | 126 | |
832af0ba | 127 | #ifndef HAVE_TFTP |
9b40cbf5 | 128 | if (option_bool(OPT_TFTP)) |
5aabfc78 | 129 | die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL, EC_BADCONF); |
832af0ba SK |
130 | #endif |
131 | ||
7de060b0 SK |
132 | #ifdef HAVE_CONNTRACK |
133 | if (option_bool(OPT_CONNTRACK) && (daemon->query_port != 0 || daemon->osport)) | |
134 | die (_("Cannot use --conntrack AND --query-port"), NULL, EC_BADCONF); | |
135 | #else | |
136 | if (option_bool(OPT_CONNTRACK)) | |
137 | die(_("Conntrack support not available: set HAVE_CONNTRACK in src/config.h"), NULL, EC_BADCONF); | |
138 | #endif | |
139 | ||
824af85b SK |
140 | #ifdef HAVE_SOLARIS_NETWORK |
141 | if (daemon->max_logs != 0) | |
142 | die(_("asychronous logging is not available under Solaris"), NULL, EC_BADCONF); | |
143 | #endif | |
144 | ||
572b41eb SK |
145 | #ifdef __ANDROID__ |
146 | if (daemon->max_logs != 0) | |
147 | die(_("asychronous logging is not available under Android"), NULL, EC_BADCONF); | |
148 | #endif | |
149 | ||
1a6bca81 SK |
150 | rand_init(); |
151 | ||
5aabfc78 SK |
152 | now = dnsmasq_time(); |
153 | ||
7622fc06 | 154 | #ifdef HAVE_DHCP |
52b92f4d | 155 | if (daemon->dhcp || daemon->dhcp6) |
5aabfc78 | 156 | { |
5aabfc78 SK |
157 | /* Note that order matters here, we must call lease_init before |
158 | creating any file descriptors which shouldn't be leaked | |
4cb1b320 SK |
159 | to the lease-script init process. We need to call common_init |
160 | before lease_init to allocate buffers it uses.*/ | |
161 | dhcp_common_init(); | |
5aabfc78 | 162 | lease_init(now); |
843c96b4 | 163 | |
52b92f4d SK |
164 | if (daemon->dhcp) |
165 | dhcp_init(); | |
843c96b4 SK |
166 | } |
167 | ||
168 | # ifdef HAVE_DHCP6 | |
169 | /* Start RA subsystem if --enable-ra OR dhcp-range=<subnet>, ra-only */ | |
170 | if (daemon->ra_contexts || option_bool(OPT_RA)) | |
171 | { | |
172 | /* link the DHCP6 contexts to the ra-only ones so we can traverse them all | |
173 | from ->ra_contexts, but only the non-ra-onlies from ->dhcp6 */ | |
174 | struct dhcp_context *context; | |
175 | ||
176 | if (!daemon->ra_contexts) | |
177 | daemon->ra_contexts = daemon->dhcp6; | |
178 | else | |
c5ad4e79 | 179 | { |
843c96b4 SK |
180 | for (context = daemon->ra_contexts; context->next; context = context->next); |
181 | context->next = daemon->dhcp6; | |
c5ad4e79 | 182 | } |
843c96b4 | 183 | ra_init(now); |
5aabfc78 | 184 | } |
843c96b4 SK |
185 | |
186 | if (daemon->dhcp6) | |
187 | dhcp6_init(); | |
188 | ||
801ca9a7 SK |
189 | # endif |
190 | ||
191 | #endif | |
192 | ||
193 | #ifdef HAVE_LINUX_NETWORK | |
194 | /* After lease_init */ | |
195 | netlink_init(); | |
54dd393f SK |
196 | |
197 | if (option_bool(OPT_NOWILD) && option_bool(OPT_CLEVERBIND)) | |
198 | die(_("cannot set --bind-interfaces and --bind-dynamic"), NULL, EC_BADCONF); | |
801ca9a7 SK |
199 | #endif |
200 | ||
201 | #ifdef HAVE_DHCP6 | |
202 | /* after netlink_init */ | |
843c96b4 SK |
203 | if (daemon->ra_contexts || daemon->dhcp6) |
204 | join_multicast(); | |
801ca9a7 | 205 | #endif |
843c96b4 | 206 | |
801ca9a7 SK |
207 | #ifdef HAVE_DHCP |
208 | /* after netlink_init */ | |
209 | if (daemon->dhcp || daemon->dhcp6) | |
8b372704 | 210 | lease_find_interfaces(now); |
7622fc06 | 211 | #endif |
5aabfc78 SK |
212 | |
213 | if (!enumerate_interfaces()) | |
214 | die(_("failed to find list of interfaces: %s"), NULL, EC_MISC); | |
843c96b4 | 215 | |
54dd393f | 216 | if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND)) |
de37951c | 217 | { |
74c95c25 | 218 | create_bound_listeners(1); |
54dd393f SK |
219 | |
220 | if (!option_bool(OPT_CLEVERBIND)) | |
221 | for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next) | |
222 | if (if_tmp->name && !if_tmp->used) | |
223 | die(_("unknown interface %s"), if_tmp->name, EC_BADNET); | |
9380ba70 SK |
224 | |
225 | #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP) | |
226 | /* after enumerate_interfaces() */ | |
227 | if (daemon->dhcp) | |
228 | { | |
229 | bindtodevice(daemon->dhcpfd); | |
230 | if (daemon->enable_pxe) | |
231 | bindtodevice(daemon->pxefd); | |
232 | } | |
233 | #endif | |
234 | ||
235 | #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP6) | |
236 | if (daemon->dhcp6) | |
237 | bindtodevice(daemon->dhcp6fd); | |
238 | #endif | |
de37951c | 239 | } |
28866e95 | 240 | else |
74c95c25 | 241 | create_wildcard_listeners(); |
de37951c | 242 | |
824af85b SK |
243 | if (daemon->port != 0) |
244 | cache_init(); | |
1a6bca81 | 245 | |
28866e95 | 246 | if (option_bool(OPT_DBUS)) |
3d8df260 SK |
247 | #ifdef HAVE_DBUS |
248 | { | |
249 | char *err; | |
250 | daemon->dbus = NULL; | |
251 | daemon->watches = NULL; | |
5aabfc78 SK |
252 | if ((err = dbus_init())) |
253 | die(_("DBus error: %s"), err, EC_MISC); | |
3d8df260 SK |
254 | } |
255 | #else | |
5aabfc78 | 256 | die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL, EC_BADCONF); |
3d8df260 SK |
257 | #endif |
258 | ||
824af85b SK |
259 | if (daemon->port != 0) |
260 | pre_allocate_sfds(); | |
1a6bca81 | 261 | |
c72daea8 | 262 | #if defined(HAVE_SCRIPT) |
1a6bca81 | 263 | /* Note getpwnam returns static storage */ |
843c96b4 SK |
264 | if ((daemon->dhcp || daemon->dhcp6) && |
265 | daemon->scriptuser && | |
c72daea8 | 266 | (daemon->lease_change_command || daemon->luascript)) |
1a6bca81 SK |
267 | { |
268 | if ((ent_pw = getpwnam(daemon->scriptuser))) | |
269 | { | |
270 | script_uid = ent_pw->pw_uid; | |
271 | script_gid = ent_pw->pw_gid; | |
272 | } | |
273 | else | |
274 | baduser = daemon->scriptuser; | |
275 | } | |
7622fc06 | 276 | #endif |
9e4abcb5 | 277 | |
1a6bca81 SK |
278 | if (daemon->username && !(ent_pw = getpwnam(daemon->username))) |
279 | baduser = daemon->username; | |
280 | else if (daemon->groupname && !(gp = getgrnam(daemon->groupname))) | |
281 | baduser = daemon->groupname; | |
282 | ||
283 | if (baduser) | |
284 | die(_("unknown user or group: %s"), baduser, EC_BADCONF); | |
285 | ||
286 | /* implement group defaults, "dip" if available, or group associated with uid */ | |
287 | if (!daemon->group_set && !gp) | |
288 | { | |
289 | if (!(gp = getgrnam(CHGRP)) && ent_pw) | |
290 | gp = getgrgid(ent_pw->pw_gid); | |
291 | ||
292 | /* for error message */ | |
293 | if (gp) | |
294 | daemon->groupname = gp->gr_name; | |
295 | } | |
296 | ||
297 | #if defined(HAVE_LINUX_NETWORK) | |
298 | /* determine capability API version here, while we can still | |
299 | call safe_malloc */ | |
300 | if (ent_pw && ent_pw->pw_uid != 0) | |
301 | { | |
1a6bca81 | 302 | int capsize = 1; /* for header version 1 */ |
3927da46 SK |
303 | hdr = safe_malloc(sizeof(*hdr)); |
304 | ||
1a6bca81 SK |
305 | /* find version supported by kernel */ |
306 | memset(hdr, 0, sizeof(*hdr)); | |
307 | capget(hdr, NULL); | |
308 | ||
309 | if (hdr->version != LINUX_CAPABILITY_VERSION_1) | |
310 | { | |
311 | /* if unknown version, use largest supported version (3) */ | |
312 | if (hdr->version != LINUX_CAPABILITY_VERSION_2) | |
313 | hdr->version = LINUX_CAPABILITY_VERSION_3; | |
314 | capsize = 2; | |
315 | } | |
316 | ||
317 | data = safe_malloc(sizeof(*data) * capsize); | |
318 | memset(data, 0, sizeof(*data) * capsize); | |
319 | } | |
320 | #endif | |
321 | ||
5aabfc78 | 322 | /* Use a pipe to carry signals and other events back to the event loop |
1a6bca81 SK |
323 | in a race-free manner and another to carry errors to daemon-invoking process */ |
324 | safe_pipe(pipefd, 1); | |
5e9e0efb SK |
325 | |
326 | piperead = pipefd[0]; | |
327 | pipewrite = pipefd[1]; | |
328 | /* prime the pipe to load stuff first time. */ | |
c72daea8 | 329 | send_event(pipewrite, EVENT_RELOAD, 0, NULL); |
1a6bca81 SK |
330 | |
331 | err_pipe[1] = -1; | |
1697269c | 332 | |
28866e95 | 333 | if (!option_bool(OPT_DEBUG)) |
9e4abcb5 | 334 | { |
9e4abcb5 SK |
335 | /* The following code "daemonizes" the process. |
336 | See Stevens section 12.4 */ | |
1a6bca81 | 337 | |
9e038946 SK |
338 | if (chdir("/") != 0) |
339 | die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC); | |
340 | ||
1697269c | 341 | #ifndef NO_FORK |
28866e95 | 342 | if (!option_bool(OPT_NO_FORK)) |
3be34541 | 343 | { |
5aabfc78 | 344 | pid_t pid; |
3be34541 | 345 | |
1a6bca81 SK |
346 | /* pipe to carry errors back to original process. |
347 | When startup is complete we close this and the process terminates. */ | |
348 | safe_pipe(err_pipe, 0); | |
349 | ||
7622fc06 SK |
350 | if ((pid = fork()) == -1) |
351 | /* fd == -1 since we've not forked, never returns. */ | |
c72daea8 | 352 | send_event(-1, EVENT_FORK_ERR, errno, NULL); |
9e038946 | 353 | |
5aabfc78 | 354 | if (pid != 0) |
1a6bca81 SK |
355 | { |
356 | struct event_desc ev; | |
c72daea8 SK |
357 | char *msg; |
358 | ||
1a6bca81 SK |
359 | /* close our copy of write-end */ |
360 | close(err_pipe[1]); | |
361 | ||
362 | /* check for errors after the fork */ | |
c72daea8 SK |
363 | if (read_event(err_pipe[0], &ev, &msg)) |
364 | fatal_event(&ev, msg); | |
1a6bca81 SK |
365 | |
366 | _exit(EC_GOOD); | |
367 | } | |
368 | ||
369 | close(err_pipe[0]); | |
370 | ||
371 | /* NO calls to die() from here on. */ | |
3be34541 | 372 | |
5aabfc78 | 373 | setsid(); |
7622fc06 SK |
374 | |
375 | if ((pid = fork()) == -1) | |
c72daea8 | 376 | send_event(err_pipe[1], EVENT_FORK_ERR, errno, NULL); |
7622fc06 SK |
377 | |
378 | if (pid != 0) | |
7cebd20f | 379 | _exit(0); |
3be34541 | 380 | } |
9e4abcb5 | 381 | #endif |
9e038946 | 382 | |
9e4abcb5 | 383 | /* write pidfile _after_ forking ! */ |
1a6bca81 SK |
384 | if (daemon->runfile) |
385 | { | |
79cfefd8 SK |
386 | int fd, err = 0; |
387 | ||
388 | sprintf(daemon->namebuff, "%d\n", (int) getpid()); | |
389 | ||
390 | /* Explanation: Some installations of dnsmasq (eg Debian/Ubuntu) locate the pid-file | |
391 | in a directory which is writable by the non-privileged user that dnsmasq runs as. This | |
392 | allows the daemon to delete the file as part of its shutdown. This is a security hole to the | |
393 | extent that an attacker running as the unprivileged user could replace the pidfile with a | |
394 | symlink, and have the target of that symlink overwritten as root next time dnsmasq starts. | |
395 | ||
396 | The folowing code first deletes any existing file, and then opens it with the O_EXCL flag, | |
397 | ensuring that the open() fails should there be any existing file (because the unlink() failed, | |
398 | or an attacker exploited the race between unlink() and open()). This ensures that no symlink | |
399 | attack can succeed. | |
400 | ||
401 | Any compromise of the non-privileged user still theoretically allows the pid-file to be | |
402 | replaced whilst dnsmasq is running. The worst that could allow is that the usual | |
403 | "shutdown dnsmasq" shell command could be tricked into stopping any other process. | |
404 | ||
405 | Note that if dnsmasq is started as non-root (eg for testing) it silently ignores | |
406 | failure to write the pid-file. | |
407 | */ | |
408 | ||
409 | unlink(daemon->runfile); | |
1a6bca81 | 410 | |
79cfefd8 | 411 | if ((fd = open(daemon->runfile, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH)) == -1) |
1a6bca81 | 412 | { |
79cfefd8 SK |
413 | /* only complain if started as root */ |
414 | if (getuid() == 0) | |
415 | err = 1; | |
1a6bca81 | 416 | } |
79cfefd8 SK |
417 | else |
418 | { | |
419 | if (!read_write(fd, (unsigned char *)daemon->namebuff, strlen(daemon->namebuff), 0)) | |
420 | err = 1; | |
421 | ||
422 | while (!err && close(fd) == -1) | |
423 | if (!retry_send()) | |
424 | err = 1; | |
425 | } | |
426 | ||
427 | if (err) | |
1a6bca81 | 428 | { |
c72daea8 | 429 | send_event(err_pipe[1], EVENT_PIDFILE, errno, daemon->runfile); |
1a6bca81 SK |
430 | _exit(0); |
431 | } | |
9e4abcb5 | 432 | } |
1697269c SK |
433 | } |
434 | ||
8ef5ada2 SK |
435 | log_err = log_start(ent_pw, err_pipe[1]); |
436 | ||
28866e95 | 437 | if (!option_bool(OPT_DEBUG)) |
8ef5ada2 SK |
438 | { |
439 | /* open stdout etc to /dev/null */ | |
440 | int nullfd = open("/dev/null", O_RDWR); | |
441 | dup2(nullfd, STDOUT_FILENO); | |
442 | dup2(nullfd, STDERR_FILENO); | |
443 | dup2(nullfd, STDIN_FILENO); | |
444 | close(nullfd); | |
445 | } | |
1a6bca81 SK |
446 | |
447 | /* if we are to run scripts, we need to fork a helper before dropping root. */ | |
448 | daemon->helperfd = -1; | |
c72daea8 | 449 | #ifdef HAVE_SCRIPT |
52b92f4d | 450 | if ((daemon->dhcp || daemon->dhcp6) && (daemon->lease_change_command || daemon->luascript)) |
1a6bca81 | 451 | daemon->helperfd = create_helper(pipewrite, err_pipe[1], script_uid, script_gid, max_fd); |
5aabfc78 | 452 | #endif |
5aabfc78 | 453 | |
28866e95 | 454 | if (!option_bool(OPT_DEBUG) && getuid() == 0) |
1697269c | 455 | { |
1a6bca81 SK |
456 | int bad_capabilities = 0; |
457 | gid_t dummy; | |
458 | ||
459 | /* remove all supplimentary groups */ | |
460 | if (gp && | |
461 | (setgroups(0, &dummy) == -1 || | |
462 | setgid(gp->gr_gid) == -1)) | |
9e4abcb5 | 463 | { |
c72daea8 | 464 | send_event(err_pipe[1], EVENT_GROUP_ERR, errno, daemon->groupname); |
1a6bca81 | 465 | _exit(0); |
7cebd20f | 466 | } |
1a6bca81 | 467 | |
7cebd20f | 468 | if (ent_pw && ent_pw->pw_uid != 0) |
1697269c | 469 | { |
74c95c25 | 470 | #if defined(HAVE_LINUX_NETWORK) |
1697269c | 471 | /* On linux, we keep CAP_NETADMIN (for ARP-injection) and |
74c95c25 | 472 | CAP_NET_RAW (for icmp) if we're doing dhcp. If we have yet to bind |
54dd393f SK |
473 | ports because of DAD, or we're doing it dynamically, |
474 | we need CAP_NET_BIND_SERVICE too. */ | |
475 | if (is_dad_listeners() || option_bool(OPT_CLEVERBIND)) | |
74c95c25 SK |
476 | data->effective = data->permitted = data->inheritable = |
477 | (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | | |
478 | (1 << CAP_SETUID) | (1 << CAP_NET_BIND_SERVICE); | |
479 | else | |
480 | data->effective = data->permitted = data->inheritable = | |
481 | (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID); | |
5e9e0efb | 482 | |
1697269c | 483 | /* Tell kernel to not clear capabilities when dropping root */ |
572b41eb | 484 | if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1) |
1697269c | 485 | bad_capabilities = errno; |
1a6bca81 | 486 | |
7622fc06 | 487 | #elif defined(HAVE_SOLARIS_NETWORK) |
824af85b SK |
488 | /* http://developers.sun.com/solaris/articles/program_privileges.html */ |
489 | priv_set_t *priv_set; | |
490 | ||
491 | if (!(priv_set = priv_str_to_set("basic", ",", NULL)) || | |
492 | priv_addset(priv_set, PRIV_NET_ICMPACCESS) == -1 || | |
493 | priv_addset(priv_set, PRIV_SYS_NET_CONFIG) == -1) | |
494 | bad_capabilities = errno; | |
495 | ||
496 | if (priv_set && bad_capabilities == 0) | |
497 | { | |
498 | priv_inverse(priv_set); | |
499 | ||
500 | if (setppriv(PRIV_OFF, PRIV_LIMIT, priv_set) == -1) | |
501 | bad_capabilities = errno; | |
502 | } | |
503 | ||
504 | if (priv_set) | |
505 | priv_freeset(priv_set); | |
506 | ||
824af85b SK |
507 | #endif |
508 | ||
1a6bca81 | 509 | if (bad_capabilities != 0) |
1697269c | 510 | { |
c72daea8 | 511 | send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities, NULL); |
1a6bca81 SK |
512 | _exit(0); |
513 | } | |
514 | ||
515 | /* finally drop root */ | |
516 | if (setuid(ent_pw->pw_uid) == -1) | |
517 | { | |
c72daea8 | 518 | send_event(err_pipe[1], EVENT_USER_ERR, errno, daemon->username); |
1a6bca81 SK |
519 | _exit(0); |
520 | } | |
521 | ||
1697269c | 522 | #ifdef HAVE_LINUX_NETWORK |
54dd393f | 523 | if (is_dad_listeners() || option_bool(OPT_CLEVERBIND)) |
74c95c25 SK |
524 | data->effective = data->permitted = |
525 | (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_NET_BIND_SERVICE); | |
526 | else | |
527 | data->effective = data->permitted = | |
528 | (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW); | |
1a6bca81 SK |
529 | data->inheritable = 0; |
530 | ||
531 | /* lose the setuid and setgid capbilities */ | |
532 | if (capset(hdr, data) == -1) | |
533 | { | |
c72daea8 | 534 | send_event(err_pipe[1], EVENT_CAP_ERR, errno, NULL); |
1a6bca81 | 535 | _exit(0); |
1697269c | 536 | } |
1a6bca81 SK |
537 | #endif |
538 | ||
9e4abcb5 SK |
539 | } |
540 | } | |
1697269c | 541 | |
1697269c | 542 | #ifdef HAVE_LINUX_NETWORK |
28866e95 | 543 | if (option_bool(OPT_DEBUG)) |
572b41eb | 544 | prctl(PR_SET_DUMPABLE, 1, 0, 0, 0); |
1697269c | 545 | #endif |
9e4abcb5 | 546 | |
8b3ae2fd | 547 | #ifdef HAVE_TFTP |
8bc4cece | 548 | if (option_bool(OPT_TFTP)) |
8b3ae2fd SK |
549 | { |
550 | DIR *dir; | |
551 | struct tftp_prefix *p; | |
552 | ||
553 | if (daemon->tftp_prefix) | |
554 | { | |
555 | if (!((dir = opendir(daemon->tftp_prefix)))) | |
556 | { | |
557 | send_event(err_pipe[1], EVENT_TFTP_ERR, errno, daemon->tftp_prefix); | |
558 | _exit(0); | |
559 | } | |
560 | closedir(dir); | |
561 | } | |
562 | ||
563 | for (p = daemon->if_prefix; p; p = p->next) | |
564 | { | |
565 | if (!((dir = opendir(p->prefix)))) | |
566 | { | |
567 | send_event(err_pipe[1], EVENT_TFTP_ERR, errno, p->prefix); | |
568 | _exit(0); | |
569 | } | |
570 | closedir(dir); | |
571 | } | |
572 | } | |
573 | #endif | |
574 | ||
824af85b SK |
575 | if (daemon->port == 0) |
576 | my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION); | |
577 | else if (daemon->cachesize != 0) | |
f2621c7f | 578 | my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize); |
9e4abcb5 | 579 | else |
f2621c7f | 580 | my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION); |
1697269c | 581 | |
f2621c7f | 582 | my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts); |
1697269c | 583 | |
3d8df260 | 584 | #ifdef HAVE_DBUS |
28866e95 | 585 | if (option_bool(OPT_DBUS)) |
3d8df260 SK |
586 | { |
587 | if (daemon->dbus) | |
f2621c7f | 588 | my_syslog(LOG_INFO, _("DBus support enabled: connected to system bus")); |
3d8df260 | 589 | else |
f2621c7f | 590 | my_syslog(LOG_INFO, _("DBus support enabled: bus connection pending")); |
3d8df260 SK |
591 | } |
592 | #endif | |
593 | ||
1a6bca81 SK |
594 | if (log_err != 0) |
595 | my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"), | |
596 | daemon->log_file, strerror(log_err)); | |
597 | ||
de37951c | 598 | if (bind_fallback) |
f2621c7f | 599 | my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations")); |
de37951c | 600 | |
28866e95 | 601 | if (!option_bool(OPT_NOWILD)) |
26128d27 SK |
602 | for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next) |
603 | if (if_tmp->name && !if_tmp->used) | |
f2621c7f | 604 | my_syslog(LOG_WARNING, _("warning: interface %s does not currently exist"), if_tmp->name); |
5e9e0efb | 605 | |
28866e95 | 606 | if (daemon->port != 0 && option_bool(OPT_NO_RESOLV)) |
208b65c5 SK |
607 | { |
608 | if (daemon->resolv_files && !daemon->resolv_files->is_default) | |
f2621c7f | 609 | my_syslog(LOG_WARNING, _("warning: ignoring resolv-file flag because no-resolv is set")); |
208b65c5 | 610 | daemon->resolv_files = NULL; |
1b7ecd11 | 611 | if (!daemon->servers) |
f2621c7f | 612 | my_syslog(LOG_WARNING, _("warning: no upstream servers configured")); |
208b65c5 SK |
613 | } |
614 | ||
f2621c7f SK |
615 | if (daemon->max_logs != 0) |
616 | my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"), daemon->max_logs); | |
c5ad4e79 | 617 | |
843c96b4 | 618 | if (daemon->ra_contexts) |
c5ad4e79 | 619 | my_syslog(MS_DHCP | LOG_INFO, _("IPv6 router advertisement enabled")); |
f2621c7f | 620 | |
7622fc06 | 621 | #ifdef HAVE_DHCP |
c8257540 | 622 | if (daemon->dhcp || daemon->dhcp6 || daemon->ra_contexts) |
9e4abcb5 | 623 | { |
3be34541 | 624 | struct dhcp_context *dhcp_tmp; |
52b92f4d SK |
625 | int family = AF_INET; |
626 | dhcp_tmp = daemon->dhcp; | |
627 | ||
3268e90f | 628 | #ifdef HAVE_DHCP6 |
52b92f4d | 629 | again: |
3268e90f | 630 | #endif |
52b92f4d | 631 | for (; dhcp_tmp; dhcp_tmp = dhcp_tmp->next) |
feba5c1d | 632 | { |
52b92f4d SK |
633 | void *start = &dhcp_tmp->start; |
634 | void *end = &dhcp_tmp->end; | |
c8257540 | 635 | |
52b92f4d SK |
636 | #ifdef HAVE_DHCP6 |
637 | if (family == AF_INET6) | |
638 | { | |
639 | start = &dhcp_tmp->start6; | |
640 | end = &dhcp_tmp->end6; | |
30cd9666 SK |
641 | struct in6_addr subnet = dhcp_tmp->start6; |
642 | setaddr6part(&subnet, 0); | |
0c0d4793 | 643 | inet_ntop(AF_INET6, &subnet, daemon->dhcp_buff2, 256); |
52b92f4d SK |
644 | } |
645 | #endif | |
646 | ||
c8257540 SK |
647 | if (family != AF_INET && (dhcp_tmp->flags & CONTEXT_DEPRECATE)) |
648 | strcpy(daemon->namebuff, _("prefix deprecated")); | |
649 | else | |
650 | { | |
651 | char *p = daemon->namebuff; | |
652 | p += sprintf(p, _("lease time ")); | |
653 | prettyprint_time(p, dhcp_tmp->lease_time); | |
654 | } | |
655 | ||
0c0d4793 SK |
656 | inet_ntop(family, start, daemon->dhcp_buff, 256); |
657 | inet_ntop(family, end, daemon->dhcp_buff3, 256); | |
30cd9666 SK |
658 | if ((dhcp_tmp->flags & CONTEXT_DHCP) || family == AF_INET) |
659 | my_syslog(MS_DHCP | LOG_INFO, | |
30cd9666 | 660 | (dhcp_tmp->flags & CONTEXT_RA_STATELESS) ? |
2b127a1e | 661 | _("%s stateless on %s%.0s%.0s") : |
22407048 | 662 | (dhcp_tmp->flags & CONTEXT_STATIC) ? |
2b127a1e | 663 | _("%s, static leases only on %.0s%s, %s") : |
30cd9666 | 664 | (dhcp_tmp->flags & CONTEXT_PROXY) ? |
2b127a1e SK |
665 | _("%s, proxy on subnet %.0s%s%.0s") : |
666 | _("%s, IP range %s -- %s, %s"), | |
667 | (family != AF_INET) ? "DHCPv6" : "DHCP", | |
30cd9666 | 668 | daemon->dhcp_buff, daemon->dhcp_buff3, daemon->namebuff); |
c8257540 | 669 | |
30cd9666 | 670 | if (dhcp_tmp->flags & CONTEXT_RA_NAME) |
c8257540 | 671 | my_syslog(MS_DHCP | LOG_INFO, _("DHCPv4-derived IPv6 names on %s"), |
0c0d4793 | 672 | daemon->dhcp_buff2); |
c8257540 SK |
673 | if (dhcp_tmp->flags & (CONTEXT_RA_ONLY | CONTEXT_RA_NAME | CONTEXT_RA_STATELESS)) |
674 | { | |
675 | if (!(dhcp_tmp->flags & CONTEXT_DEPRECATE)) | |
676 | { | |
677 | char *p = daemon->namebuff; | |
678 | p += sprintf(p, _("prefix valid ")); | |
679 | prettyprint_time(p, dhcp_tmp->lease_time > 7200 ? dhcp_tmp->lease_time : 7200); | |
680 | } | |
681 | my_syslog(MS_DHCP | LOG_INFO, _("SLAAC on %s %s"), | |
0c0d4793 | 682 | daemon->dhcp_buff2, daemon->namebuff); |
c8257540 | 683 | } |
52b92f4d SK |
684 | } |
685 | ||
686 | #ifdef HAVE_DHCP6 | |
687 | if (family == AF_INET) | |
688 | { | |
689 | family = AF_INET6; | |
c5ad4e79 SK |
690 | if (daemon->ra_contexts) |
691 | dhcp_tmp = daemon->ra_contexts; | |
692 | else | |
693 | dhcp_tmp = daemon->dhcp6; | |
52b92f4d | 694 | goto again; |
feba5c1d | 695 | } |
52b92f4d SK |
696 | #endif |
697 | ||
26128d27 | 698 | } |
7622fc06 | 699 | #endif |
26128d27 | 700 | |
52b92f4d | 701 | |
832af0ba | 702 | #ifdef HAVE_TFTP |
8bc4cece | 703 | if (option_bool(OPT_TFTP)) |
832af0ba | 704 | { |
832af0ba | 705 | #ifdef FD_SETSIZE |
5aabfc78 | 706 | if (FD_SETSIZE < (unsigned)max_fd) |
832af0ba SK |
707 | max_fd = FD_SETSIZE; |
708 | #endif | |
709 | ||
7622fc06 | 710 | my_syslog(MS_TFTP | LOG_INFO, "TFTP %s%s %s", |
f2621c7f SK |
711 | daemon->tftp_prefix ? _("root is ") : _("enabled"), |
712 | daemon->tftp_prefix ? daemon->tftp_prefix: "", | |
28866e95 | 713 | option_bool(OPT_TFTP_SECURE) ? _("secure mode") : ""); |
f2621c7f | 714 | |
832af0ba | 715 | /* This is a guess, it assumes that for small limits, |
f2621c7f | 716 | disjoint files might be served, but for large limits, |
832af0ba SK |
717 | a single file will be sent to may clients (the file only needs |
718 | one fd). */ | |
719 | ||
720 | max_fd -= 30; /* use other than TFTP */ | |
721 | ||
722 | if (max_fd < 0) | |
723 | max_fd = 5; | |
724 | else if (max_fd < 100) | |
725 | max_fd = max_fd/2; | |
726 | else | |
727 | max_fd = max_fd - 20; | |
824af85b SK |
728 | |
729 | /* if we have to use a limited range of ports, | |
730 | that will limit the number of transfers */ | |
731 | if (daemon->start_tftp_port != 0 && | |
732 | daemon->end_tftp_port - daemon->start_tftp_port + 1 < max_fd) | |
733 | max_fd = daemon->end_tftp_port - daemon->start_tftp_port + 1; | |
832af0ba SK |
734 | |
735 | if (daemon->tftp_max > max_fd) | |
736 | { | |
737 | daemon->tftp_max = max_fd; | |
7622fc06 | 738 | my_syslog(MS_TFTP | LOG_WARNING, |
f2621c7f SK |
739 | _("restricting maximum simultaneous TFTP transfers to %d"), |
740 | daemon->tftp_max); | |
832af0ba SK |
741 | } |
742 | } | |
743 | #endif | |
744 | ||
1a6bca81 SK |
745 | /* finished start-up - release original process */ |
746 | if (err_pipe[1] != -1) | |
747 | close(err_pipe[1]); | |
9e4abcb5 | 748 | |
824af85b SK |
749 | if (daemon->port != 0) |
750 | check_servers(); | |
751 | ||
7cebd20f SK |
752 | pid = getpid(); |
753 | ||
5e9e0efb | 754 | while (1) |
9e4abcb5 | 755 | { |
1697269c | 756 | int maxfd = -1; |
5e9e0efb | 757 | struct timeval t, *tp = NULL; |
3d8df260 | 758 | fd_set rset, wset, eset; |
9e4abcb5 SK |
759 | |
760 | FD_ZERO(&rset); | |
3d8df260 SK |
761 | FD_ZERO(&wset); |
762 | FD_ZERO(&eset); | |
9e4abcb5 | 763 | |
1697269c SK |
764 | /* if we are out of resources, find how long we have to wait |
765 | for some to come free, we'll loop around then and restart | |
766 | listening for queries */ | |
5aabfc78 | 767 | if ((t.tv_sec = set_dns_listeners(now, &rset, &maxfd)) != 0) |
1697269c SK |
768 | { |
769 | t.tv_usec = 0; | |
770 | tp = &t; | |
771 | } | |
772 | ||
832af0ba SK |
773 | /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */ |
774 | if (daemon->tftp_trans || | |
28866e95 | 775 | (option_bool(OPT_DBUS) && !daemon->dbus)) |
5e9e0efb | 776 | { |
1697269c SK |
777 | t.tv_sec = 0; |
778 | t.tv_usec = 250000; | |
5e9e0efb | 779 | tp = &t; |
5e9e0efb | 780 | } |
74c95c25 SK |
781 | /* Wake every second whilst waiting for DAD to complete */ |
782 | else if (is_dad_listeners()) | |
783 | { | |
784 | t.tv_sec = 1; | |
785 | t.tv_usec = 0; | |
786 | tp = &t; | |
787 | } | |
44a2a316 | 788 | |
832af0ba | 789 | #ifdef HAVE_DBUS |
5aabfc78 | 790 | set_dbus_listeners(&maxfd, &rset, &wset, &eset); |
5e9e0efb SK |
791 | #endif |
792 | ||
7622fc06 | 793 | #ifdef HAVE_DHCP |
5e9e0efb SK |
794 | if (daemon->dhcp) |
795 | { | |
796 | FD_SET(daemon->dhcpfd, &rset); | |
1697269c | 797 | bump_maxfd(daemon->dhcpfd, &maxfd); |
316e2730 SK |
798 | if (daemon->pxefd != -1) |
799 | { | |
800 | FD_SET(daemon->pxefd, &rset); | |
801 | bump_maxfd(daemon->pxefd, &maxfd); | |
802 | } | |
5e9e0efb | 803 | } |
7622fc06 | 804 | #endif |
cdeda28f | 805 | |
52b92f4d SK |
806 | #ifdef HAVE_DHCP6 |
807 | if (daemon->dhcp6) | |
808 | { | |
809 | FD_SET(daemon->dhcp6fd, &rset); | |
c5ad4e79 | 810 | bump_maxfd(daemon->dhcp6fd, &maxfd); |
5d71d834 SK |
811 | } |
812 | ||
813 | if (daemon->ra_contexts) | |
814 | { | |
815 | FD_SET(daemon->icmp6fd, &rset); | |
816 | bump_maxfd(daemon->icmp6fd, &maxfd); | |
52b92f4d SK |
817 | } |
818 | #endif | |
819 | ||
5e9e0efb SK |
820 | #ifdef HAVE_LINUX_NETWORK |
821 | FD_SET(daemon->netlinkfd, &rset); | |
1697269c | 822 | bump_maxfd(daemon->netlinkfd, &maxfd); |
3d8df260 | 823 | #endif |
3d8df260 | 824 | |
5e9e0efb | 825 | FD_SET(piperead, &rset); |
1697269c SK |
826 | bump_maxfd(piperead, &maxfd); |
827 | ||
7622fc06 | 828 | #ifdef HAVE_DHCP |
1f15b81d | 829 | # ifdef HAVE_SCRIPT |
5aabfc78 | 830 | while (helper_buf_empty() && do_script_run(now)); |
1697269c | 831 | |
a9530964 SK |
832 | # ifdef HAVE_TFTP |
833 | while (helper_buf_empty() && do_tftp_script_run()); | |
834 | # endif | |
835 | ||
1697269c SK |
836 | if (!helper_buf_empty()) |
837 | { | |
838 | FD_SET(daemon->helperfd, &wset); | |
839 | bump_maxfd(daemon->helperfd, &maxfd); | |
840 | } | |
7622fc06 | 841 | # else |
5aabfc78 SK |
842 | /* need this for other side-effects */ |
843 | while (do_script_run(now)); | |
a9530964 SK |
844 | |
845 | # ifdef HAVE_TFTP | |
846 | while (do_tftp_script_run()); | |
847 | # endif | |
848 | ||
7622fc06 | 849 | # endif |
5aabfc78 | 850 | #endif |
7622fc06 | 851 | |
f2621c7f SK |
852 | /* must do this just before select(), when we know no |
853 | more calls to my_syslog() can occur */ | |
854 | set_log_writer(&wset, &maxfd); | |
855 | ||
5e9e0efb SK |
856 | if (select(maxfd+1, &rset, &wset, &eset, tp) < 0) |
857 | { | |
858 | /* otherwise undefined after error */ | |
859 | FD_ZERO(&rset); FD_ZERO(&wset); FD_ZERO(&eset); | |
860 | } | |
861 | ||
862 | now = dnsmasq_time(); | |
9e4abcb5 | 863 | |
f2621c7f | 864 | check_log_writer(&wset); |
74c95c25 SK |
865 | |
866 | /* Check the interfaces to see if any have exited DAD state | |
867 | and if so, bind the address. */ | |
868 | if (is_dad_listeners()) | |
869 | { | |
870 | enumerate_interfaces(); | |
871 | /* NB, is_dad_listeners() == 1 --> we're binding interfaces */ | |
872 | create_bound_listeners(0); | |
873 | } | |
f2621c7f | 874 | |
c52e1897 SK |
875 | #ifdef HAVE_LINUX_NETWORK |
876 | if (FD_ISSET(daemon->netlinkfd, &rset)) | |
877 | netlink_multicast(); | |
878 | #endif | |
879 | ||
9e4abcb5 | 880 | /* Check for changes to resolv files once per second max. */ |
3d8df260 | 881 | /* Don't go silent for long periods if the clock goes backwards. */ |
9009d746 SK |
882 | if (daemon->last_resolv == 0 || |
883 | difftime(now, daemon->last_resolv) > 1.0 || | |
884 | difftime(now, daemon->last_resolv) < -1.0) | |
9e4abcb5 | 885 | { |
8ef5ada2 SK |
886 | /* poll_resolv doesn't need to reload first time through, since |
887 | that's queued anyway. */ | |
33820b7e | 888 | |
8ef5ada2 SK |
889 | poll_resolv(0, daemon->last_resolv != 0, now); |
890 | daemon->last_resolv = now; | |
9e4abcb5 | 891 | } |
5aabfc78 | 892 | |
5e9e0efb | 893 | if (FD_ISSET(piperead, &rset)) |
5aabfc78 | 894 | async_event(piperead, now); |
7cebd20f | 895 | |
3d8df260 SK |
896 | #ifdef HAVE_DBUS |
897 | /* if we didn't create a DBus connection, retry now. */ | |
28866e95 | 898 | if (option_bool(OPT_DBUS) && !daemon->dbus) |
3d8df260 SK |
899 | { |
900 | char *err; | |
5aabfc78 | 901 | if ((err = dbus_init())) |
f2621c7f | 902 | my_syslog(LOG_WARNING, _("DBus error: %s"), err); |
3d8df260 | 903 | if (daemon->dbus) |
f2621c7f | 904 | my_syslog(LOG_INFO, _("connected to system DBus")); |
3d8df260 | 905 | } |
5aabfc78 | 906 | check_dbus_listeners(&rset, &wset, &eset); |
3d8df260 | 907 | #endif |
824af85b | 908 | |
5aabfc78 | 909 | check_dns_listeners(&rset, now); |
832af0ba SK |
910 | |
911 | #ifdef HAVE_TFTP | |
5aabfc78 | 912 | check_tftp_listeners(&rset, now); |
832af0ba SK |
913 | #endif |
914 | ||
7622fc06 | 915 | #ifdef HAVE_DHCP |
316e2730 SK |
916 | if (daemon->dhcp) |
917 | { | |
918 | if (FD_ISSET(daemon->dhcpfd, &rset)) | |
919 | dhcp_packet(now, 0); | |
920 | if (daemon->pxefd != -1 && FD_ISSET(daemon->pxefd, &rset)) | |
921 | dhcp_packet(now, 1); | |
922 | } | |
1697269c | 923 | |
52b92f4d | 924 | #ifdef HAVE_DHCP6 |
18c63eff SK |
925 | if (daemon->dhcp6 && FD_ISSET(daemon->dhcp6fd, &rset)) |
926 | dhcp6_packet(now); | |
c5ad4e79 | 927 | |
18c63eff SK |
928 | if (daemon->ra_contexts && FD_ISSET(daemon->icmp6fd, &rset)) |
929 | icmp6_packet(); | |
52b92f4d SK |
930 | #endif |
931 | ||
1f15b81d | 932 | # ifdef HAVE_SCRIPT |
1697269c | 933 | if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset)) |
5aabfc78 | 934 | helper_write(); |
7622fc06 | 935 | # endif |
5aabfc78 SK |
936 | #endif |
937 | ||
9e4abcb5 | 938 | } |
9e4abcb5 SK |
939 | } |
940 | ||
3be34541 SK |
941 | static void sig_handler(int sig) |
942 | { | |
5e9e0efb | 943 | if (pid == 0) |
3be34541 | 944 | { |
1697269c SK |
945 | /* ignore anything other than TERM during startup |
946 | and in helper proc. (helper ignore TERM too) */ | |
5e9e0efb | 947 | if (sig == SIGTERM) |
5aabfc78 | 948 | exit(EC_MISC); |
3be34541 | 949 | } |
5aabfc78 | 950 | else if (pid != getpid()) |
5e9e0efb | 951 | { |
1697269c | 952 | /* alarm is used to kill TCP children after a fixed time. */ |
5e9e0efb | 953 | if (sig == SIGALRM) |
7cebd20f | 954 | _exit(0); |
3be34541 | 955 | } |
5aabfc78 SK |
956 | else |
957 | { | |
958 | /* master process */ | |
959 | int event, errsave = errno; | |
960 | ||
961 | if (sig == SIGHUP) | |
962 | event = EVENT_RELOAD; | |
963 | else if (sig == SIGCHLD) | |
964 | event = EVENT_CHILD; | |
965 | else if (sig == SIGALRM) | |
966 | event = EVENT_ALARM; | |
967 | else if (sig == SIGTERM) | |
968 | event = EVENT_TERM; | |
969 | else if (sig == SIGUSR1) | |
970 | event = EVENT_DUMP; | |
971 | else if (sig == SIGUSR2) | |
972 | event = EVENT_REOPEN; | |
973 | else | |
974 | return; | |
975 | ||
c72daea8 | 976 | send_event(pipewrite, event, 0, NULL); |
5aabfc78 SK |
977 | errno = errsave; |
978 | } | |
979 | } | |
980 | ||
353ae4d2 SK |
981 | /* now == 0 -> queue immediate callback */ |
982 | void send_alarm(time_t event, time_t now) | |
741c2952 | 983 | { |
884a6dfe | 984 | if (now == 0 || event != 0) |
353ae4d2 | 985 | { |
884a6dfe SK |
986 | /* alarm(0) or alarm(-ve) doesn't do what we want.... */ |
987 | if ((now == 0 || difftime(event, now) <= 0.0)) | |
988 | send_event(pipewrite, EVENT_ALARM, 0, NULL); | |
989 | else | |
990 | alarm((unsigned)difftime(event, now)); | |
353ae4d2 | 991 | } |
741c2952 SK |
992 | } |
993 | ||
c72daea8 | 994 | void send_event(int fd, int event, int data, char *msg) |
5aabfc78 SK |
995 | { |
996 | struct event_desc ev; | |
c72daea8 SK |
997 | struct iovec iov[2]; |
998 | ||
5aabfc78 SK |
999 | ev.event = event; |
1000 | ev.data = data; | |
c72daea8 SK |
1001 | ev.msg_sz = msg ? strlen(msg) : 0; |
1002 | ||
1003 | iov[0].iov_base = &ev; | |
1004 | iov[0].iov_len = sizeof(ev); | |
1005 | iov[1].iov_base = msg; | |
1006 | iov[1].iov_len = ev.msg_sz; | |
1a6bca81 SK |
1007 | |
1008 | /* error pipe, debug mode. */ | |
1009 | if (fd == -1) | |
c72daea8 | 1010 | fatal_event(&ev, msg); |
1a6bca81 SK |
1011 | else |
1012 | /* pipe is non-blocking and struct event_desc is smaller than | |
1013 | PIPE_BUF, so this either fails or writes everything */ | |
c72daea8 | 1014 | while (writev(fd, iov, msg ? 2 : 1) == -1 && errno == EINTR); |
5aabfc78 SK |
1015 | } |
1016 | ||
c72daea8 SK |
1017 | /* NOTE: the memory used to return msg is leaked: use msgs in events only |
1018 | to describe fatal errors. */ | |
1019 | static int read_event(int fd, struct event_desc *evp, char **msg) | |
1020 | { | |
1021 | char *buf; | |
1022 | ||
1023 | if (!read_write(fd, (unsigned char *)evp, sizeof(struct event_desc), 1)) | |
1024 | return 0; | |
1025 | ||
1026 | *msg = NULL; | |
1027 | ||
1028 | if (evp->msg_sz != 0 && | |
1029 | (buf = malloc(evp->msg_sz + 1)) && | |
1030 | read_write(fd, (unsigned char *)buf, evp->msg_sz, 1)) | |
1031 | { | |
1032 | buf[evp->msg_sz] = 0; | |
1033 | *msg = buf; | |
1034 | } | |
1035 | ||
1036 | return 1; | |
1037 | } | |
1038 | ||
1039 | static void fatal_event(struct event_desc *ev, char *msg) | |
1a6bca81 SK |
1040 | { |
1041 | errno = ev->data; | |
1042 | ||
1043 | switch (ev->event) | |
1044 | { | |
1045 | case EVENT_DIE: | |
1046 | exit(0); | |
7622fc06 SK |
1047 | |
1048 | case EVENT_FORK_ERR: | |
1049 | die(_("cannot fork into background: %s"), NULL, EC_MISC); | |
1a6bca81 SK |
1050 | |
1051 | case EVENT_PIPE_ERR: | |
1052 | die(_("failed to create helper: %s"), NULL, EC_MISC); | |
1053 | ||
1054 | case EVENT_CAP_ERR: | |
1055 | die(_("setting capabilities failed: %s"), NULL, EC_MISC); | |
1056 | ||
1057 | case EVENT_USER_ERR: | |
c72daea8 | 1058 | die(_("failed to change user-id to %s: %s"), msg, EC_MISC); |
1a6bca81 SK |
1059 | |
1060 | case EVENT_GROUP_ERR: | |
c72daea8 | 1061 | die(_("failed to change group-id to %s: %s"), msg, EC_MISC); |
1a6bca81 SK |
1062 | |
1063 | case EVENT_PIDFILE: | |
c72daea8 | 1064 | die(_("failed to open pidfile %s: %s"), msg, EC_FILE); |
1a6bca81 SK |
1065 | |
1066 | case EVENT_LOG_ERR: | |
c72daea8 SK |
1067 | die(_("cannot open log %s: %s"), msg, EC_FILE); |
1068 | ||
1069 | case EVENT_LUA_ERR: | |
1070 | die(_("failed to load Lua script: %s"), msg, EC_MISC); | |
8b3ae2fd SK |
1071 | |
1072 | case EVENT_TFTP_ERR: | |
1073 | die(_("TFTP directory %s inaccessible: %s"), msg, EC_FILE); | |
1a6bca81 SK |
1074 | } |
1075 | } | |
1076 | ||
5aabfc78 SK |
1077 | static void async_event(int pipe, time_t now) |
1078 | { | |
1079 | pid_t p; | |
1080 | struct event_desc ev; | |
1081 | int i; | |
c72daea8 SK |
1082 | char *msg; |
1083 | ||
1084 | /* NOTE: the memory used to return msg is leaked: use msgs in events only | |
1085 | to describe fatal errors. */ | |
1086 | ||
1087 | if (read_event(pipe, &ev, &msg)) | |
5aabfc78 SK |
1088 | switch (ev.event) |
1089 | { | |
1090 | case EVENT_RELOAD: | |
1091 | clear_cache_and_reload(now); | |
28866e95 | 1092 | if (daemon->port != 0 && daemon->resolv_files && option_bool(OPT_NO_POLL)) |
5aabfc78 SK |
1093 | { |
1094 | reload_servers(daemon->resolv_files->name); | |
1095 | check_servers(); | |
1096 | } | |
7622fc06 | 1097 | #ifdef HAVE_DHCP |
5aabfc78 | 1098 | rerun_scripts(); |
7622fc06 | 1099 | #endif |
5aabfc78 SK |
1100 | break; |
1101 | ||
1102 | case EVENT_DUMP: | |
824af85b SK |
1103 | if (daemon->port != 0) |
1104 | dump_cache(now); | |
5aabfc78 SK |
1105 | break; |
1106 | ||
1107 | case EVENT_ALARM: | |
7622fc06 | 1108 | #ifdef HAVE_DHCP |
52b92f4d | 1109 | if (daemon->dhcp || daemon->dhcp6) |
5aabfc78 SK |
1110 | { |
1111 | lease_prune(NULL, now); | |
1112 | lease_update_file(now); | |
1113 | } | |
843c96b4 SK |
1114 | #ifdef HAVE_DHCP6 |
1115 | else if (daemon->ra_contexts) | |
353ae4d2 SK |
1116 | /* Not doing DHCP, so no lease system, manage alarms for ra only */ |
1117 | send_alarm(periodic_ra(now), now); | |
843c96b4 | 1118 | #endif |
7622fc06 | 1119 | #endif |
5aabfc78 SK |
1120 | break; |
1121 | ||
1122 | case EVENT_CHILD: | |
1123 | /* See Stevens 5.10 */ | |
1124 | while ((p = waitpid(-1, NULL, WNOHANG)) != 0) | |
1125 | if (p == -1) | |
1126 | { | |
1127 | if (errno != EINTR) | |
1128 | break; | |
1129 | } | |
1130 | else | |
1131 | for (i = 0 ; i < MAX_PROCS; i++) | |
1132 | if (daemon->tcp_pids[i] == p) | |
1133 | daemon->tcp_pids[i] = 0; | |
1134 | break; | |
1135 | ||
1136 | case EVENT_KILLED: | |
c72daea8 | 1137 | my_syslog(LOG_WARNING, _("script process killed by signal %d"), ev.data); |
5aabfc78 SK |
1138 | break; |
1139 | ||
1140 | case EVENT_EXITED: | |
c72daea8 | 1141 | my_syslog(LOG_WARNING, _("script process exited with status %d"), ev.data); |
5aabfc78 SK |
1142 | break; |
1143 | ||
1144 | case EVENT_EXEC_ERR: | |
9e038946 SK |
1145 | my_syslog(LOG_ERR, _("failed to execute %s: %s"), |
1146 | daemon->lease_change_command, strerror(ev.data)); | |
5aabfc78 SK |
1147 | break; |
1148 | ||
1a6bca81 | 1149 | /* necessary for fatal errors in helper */ |
c72daea8 | 1150 | case EVENT_USER_ERR: |
1a6bca81 | 1151 | case EVENT_DIE: |
c72daea8 SK |
1152 | case EVENT_LUA_ERR: |
1153 | fatal_event(&ev, msg); | |
9e038946 SK |
1154 | break; |
1155 | ||
5aabfc78 SK |
1156 | case EVENT_REOPEN: |
1157 | /* Note: this may leave TCP-handling processes with the old file still open. | |
1158 | Since any such process will die in CHILD_LIFETIME or probably much sooner, | |
1159 | we leave them logging to the old file. */ | |
1160 | if (daemon->log_file != NULL) | |
1161 | log_reopen(daemon->log_file); | |
1162 | break; | |
1163 | ||
1164 | case EVENT_TERM: | |
1165 | /* Knock all our children on the head. */ | |
1166 | for (i = 0; i < MAX_PROCS; i++) | |
1167 | if (daemon->tcp_pids[i] != 0) | |
1168 | kill(daemon->tcp_pids[i], SIGALRM); | |
1169 | ||
c72daea8 | 1170 | #if defined(HAVE_SCRIPT) |
5aabfc78 SK |
1171 | /* handle pending lease transitions */ |
1172 | if (daemon->helperfd != -1) | |
1173 | { | |
1174 | /* block in writes until all done */ | |
1175 | if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1) | |
1176 | fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK); | |
1177 | do { | |
1178 | helper_write(); | |
1179 | } while (!helper_buf_empty() || do_script_run(now)); | |
1180 | close(daemon->helperfd); | |
1181 | } | |
1182 | #endif | |
1183 | ||
1184 | if (daemon->lease_stream) | |
1185 | fclose(daemon->lease_stream); | |
73a08a24 SK |
1186 | |
1187 | if (daemon->runfile) | |
1188 | unlink(daemon->runfile); | |
5aabfc78 SK |
1189 | |
1190 | my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM")); | |
1191 | flush_log(); | |
1192 | exit(EC_GOOD); | |
1193 | } | |
3be34541 SK |
1194 | } |
1195 | ||
8ef5ada2 | 1196 | void poll_resolv(int force, int do_reload, time_t now) |
5aabfc78 SK |
1197 | { |
1198 | struct resolvc *res, *latest; | |
1199 | struct stat statbuf; | |
1200 | time_t last_change = 0; | |
1201 | /* There may be more than one possible file. | |
1202 | Go through and find the one which changed _last_. | |
1203 | Warn of any which can't be read. */ | |
8ef5ada2 | 1204 | |
28866e95 | 1205 | if (daemon->port == 0 || option_bool(OPT_NO_POLL)) |
8ef5ada2 SK |
1206 | return; |
1207 | ||
5aabfc78 SK |
1208 | for (latest = NULL, res = daemon->resolv_files; res; res = res->next) |
1209 | if (stat(res->name, &statbuf) == -1) | |
1210 | { | |
8ef5ada2 SK |
1211 | if (force) |
1212 | { | |
1213 | res->mtime = 0; | |
1214 | continue; | |
1215 | } | |
1216 | ||
5aabfc78 SK |
1217 | if (!res->logged) |
1218 | my_syslog(LOG_WARNING, _("failed to access %s: %s"), res->name, strerror(errno)); | |
1219 | res->logged = 1; | |
8ef5ada2 SK |
1220 | |
1221 | if (res->mtime != 0) | |
1222 | { | |
1223 | /* existing file evaporated, force selection of the latest | |
1224 | file even if its mtime hasn't changed since we last looked */ | |
1225 | poll_resolv(1, do_reload, now); | |
1226 | return; | |
1227 | } | |
5aabfc78 SK |
1228 | } |
1229 | else | |
1230 | { | |
1231 | res->logged = 0; | |
8ef5ada2 SK |
1232 | if (force || (statbuf.st_mtime != res->mtime)) |
1233 | { | |
1234 | res->mtime = statbuf.st_mtime; | |
5aabfc78 SK |
1235 | if (difftime(statbuf.st_mtime, last_change) > 0.0) |
1236 | { | |
1237 | last_change = statbuf.st_mtime; | |
1238 | latest = res; | |
1239 | } | |
1240 | } | |
1241 | } | |
1242 | ||
1243 | if (latest) | |
1244 | { | |
1245 | static int warned = 0; | |
1246 | if (reload_servers(latest->name)) | |
1247 | { | |
1248 | my_syslog(LOG_INFO, _("reading %s"), latest->name); | |
1249 | warned = 0; | |
1250 | check_servers(); | |
28866e95 | 1251 | if (option_bool(OPT_RELOAD) && do_reload) |
8ef5ada2 | 1252 | clear_cache_and_reload(now); |
5aabfc78 SK |
1253 | } |
1254 | else | |
1255 | { | |
1256 | latest->mtime = 0; | |
1257 | if (!warned) | |
1258 | { | |
1259 | my_syslog(LOG_WARNING, _("no servers found in %s, will retry"), latest->name); | |
1260 | warned = 1; | |
1261 | } | |
1262 | } | |
1263 | } | |
1264 | } | |
3d8df260 | 1265 | |
5aabfc78 | 1266 | void clear_cache_and_reload(time_t now) |
3d8df260 | 1267 | { |
824af85b | 1268 | if (daemon->port != 0) |
7622fc06 | 1269 | cache_reload(); |
824af85b | 1270 | |
7622fc06 | 1271 | #ifdef HAVE_DHCP |
52b92f4d | 1272 | if (daemon->dhcp || daemon->dhcp6) |
3d8df260 | 1273 | { |
28866e95 | 1274 | if (option_bool(OPT_ETHERS)) |
5aabfc78 | 1275 | dhcp_read_ethers(); |
824af85b | 1276 | reread_dhcp(); |
3d8df260 | 1277 | dhcp_update_configs(daemon->dhcp_conf); |
5aabfc78 SK |
1278 | lease_update_from_configs(); |
1279 | lease_update_file(now); | |
353ae4d2 | 1280 | lease_update_dns(1); |
3d8df260 | 1281 | } |
843c96b4 SK |
1282 | #ifdef HAVE_DHCP6 |
1283 | else if (daemon->ra_contexts) | |
2021c662 SK |
1284 | /* Not doing DHCP, so no lease system, manage |
1285 | alarms for ra only */ | |
1286 | send_alarm(periodic_ra(now), now); | |
843c96b4 | 1287 | #endif |
7622fc06 | 1288 | #endif |
3d8df260 SK |
1289 | } |
1290 | ||
5aabfc78 | 1291 | static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp) |
3be34541 SK |
1292 | { |
1293 | struct serverfd *serverfdp; | |
1294 | struct listener *listener; | |
824af85b | 1295 | int wait = 0, i; |
832af0ba SK |
1296 | |
1297 | #ifdef HAVE_TFTP | |
1298 | int tftp = 0; | |
1299 | struct tftp_transfer *transfer; | |
1300 | for (transfer = daemon->tftp_trans; transfer; transfer = transfer->next) | |
1301 | { | |
1302 | tftp++; | |
1303 | FD_SET(transfer->sockfd, set); | |
1304 | bump_maxfd(transfer->sockfd, maxfdp); | |
1305 | } | |
1306 | #endif | |
1307 | ||
1697269c | 1308 | /* will we be able to get memory? */ |
824af85b SK |
1309 | if (daemon->port != 0) |
1310 | get_new_frec(now, &wait); | |
1697269c | 1311 | |
3be34541 SK |
1312 | for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next) |
1313 | { | |
1314 | FD_SET(serverfdp->fd, set); | |
1697269c | 1315 | bump_maxfd(serverfdp->fd, maxfdp); |
3be34541 | 1316 | } |
1a6bca81 SK |
1317 | |
1318 | if (daemon->port != 0 && !daemon->osport) | |
1319 | for (i = 0; i < RANDOM_SOCKS; i++) | |
1320 | if (daemon->randomsocks[i].refcount != 0) | |
1321 | { | |
1322 | FD_SET(daemon->randomsocks[i].fd, set); | |
1323 | bump_maxfd(daemon->randomsocks[i].fd, maxfdp); | |
1324 | } | |
1325 | ||
3be34541 SK |
1326 | for (listener = daemon->listeners; listener; listener = listener->next) |
1327 | { | |
1697269c | 1328 | /* only listen for queries if we have resources */ |
824af85b | 1329 | if (listener->fd != -1 && wait == 0) |
1697269c SK |
1330 | { |
1331 | FD_SET(listener->fd, set); | |
1332 | bump_maxfd(listener->fd, maxfdp); | |
1333 | } | |
1334 | ||
1335 | /* death of a child goes through the select loop, so | |
1336 | we don't need to explicitly arrange to wake up here */ | |
824af85b SK |
1337 | if (listener->tcpfd != -1) |
1338 | for (i = 0; i < MAX_PROCS; i++) | |
1339 | if (daemon->tcp_pids[i] == 0) | |
1340 | { | |
1341 | FD_SET(listener->tcpfd, set); | |
1342 | bump_maxfd(listener->tcpfd, maxfdp); | |
1343 | break; | |
1344 | } | |
9e4abcb5 | 1345 | |
832af0ba SK |
1346 | #ifdef HAVE_TFTP |
1347 | if (tftp <= daemon->tftp_max && listener->tftpfd != -1) | |
1348 | { | |
1349 | FD_SET(listener->tftpfd, set); | |
1350 | bump_maxfd(listener->tftpfd, maxfdp); | |
1351 | } | |
1352 | #endif | |
1353 | ||
1354 | } | |
1355 | ||
1697269c | 1356 | return wait; |
3be34541 | 1357 | } |
9e4abcb5 | 1358 | |
5aabfc78 | 1359 | static void check_dns_listeners(fd_set *set, time_t now) |
3be34541 SK |
1360 | { |
1361 | struct serverfd *serverfdp; | |
1a6bca81 SK |
1362 | struct listener *listener; |
1363 | int i; | |
1364 | ||
832af0ba SK |
1365 | for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next) |
1366 | if (FD_ISSET(serverfdp->fd, set)) | |
1a6bca81 SK |
1367 | reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now); |
1368 | ||
1369 | if (daemon->port != 0 && !daemon->osport) | |
1370 | for (i = 0; i < RANDOM_SOCKS; i++) | |
1371 | if (daemon->randomsocks[i].refcount != 0 && | |
1372 | FD_ISSET(daemon->randomsocks[i].fd, set)) | |
1373 | reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now); | |
832af0ba SK |
1374 | |
1375 | for (listener = daemon->listeners; listener; listener = listener->next) | |
1376 | { | |
824af85b | 1377 | if (listener->fd != -1 && FD_ISSET(listener->fd, set)) |
5aabfc78 | 1378 | receive_query(listener, now); |
1a6bca81 | 1379 | |
832af0ba SK |
1380 | #ifdef HAVE_TFTP |
1381 | if (listener->tftpfd != -1 && FD_ISSET(listener->tftpfd, set)) | |
5aabfc78 | 1382 | tftp_request(listener, now); |
832af0ba | 1383 | #endif |
3be34541 | 1384 | |
824af85b | 1385 | if (listener->tcpfd != -1 && FD_ISSET(listener->tcpfd, set)) |
832af0ba SK |
1386 | { |
1387 | int confd; | |
1388 | struct irec *iface = NULL; | |
1389 | pid_t p; | |
52d4abf2 SK |
1390 | union mysockaddr tcp_addr; |
1391 | socklen_t tcp_len = sizeof(union mysockaddr); | |
1392 | ||
1393 | while ((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR); | |
832af0ba | 1394 | |
52d4abf2 SK |
1395 | if (confd == -1 || |
1396 | getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) == -1) | |
832af0ba SK |
1397 | continue; |
1398 | ||
54dd393f | 1399 | if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND)) |
52d4abf2 | 1400 | iface = listener->iface; /* May be NULL */ |
832af0ba SK |
1401 | else |
1402 | { | |
832af0ba SK |
1403 | /* Check for allowed interfaces when binding the wildcard address: |
1404 | we do this by looking for an interface with the same address as | |
1405 | the local address of the TCP connection, then looking to see if that's | |
1406 | an allowed interface. As a side effect, we get the netmask of the | |
1407 | interface too, for localisation. */ | |
3be34541 | 1408 | |
832af0ba | 1409 | /* interface may be new since startup */ |
52d4abf2 | 1410 | if (enumerate_interfaces()) |
832af0ba SK |
1411 | for (iface = daemon->interfaces; iface; iface = iface->next) |
1412 | if (sockaddr_isequal(&iface->addr, &tcp_addr)) | |
1413 | break; | |
1414 | } | |
1415 | ||
54dd393f | 1416 | if (!iface && !(option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND))) |
832af0ba SK |
1417 | { |
1418 | shutdown(confd, SHUT_RDWR); | |
1419 | close(confd); | |
1420 | } | |
59353a6b | 1421 | #ifndef NO_FORK |
28866e95 | 1422 | else if (!option_bool(OPT_DEBUG) && (p = fork()) != 0) |
832af0ba SK |
1423 | { |
1424 | if (p != -1) | |
1425 | { | |
1426 | int i; | |
1427 | for (i = 0; i < MAX_PROCS; i++) | |
1428 | if (daemon->tcp_pids[i] == 0) | |
1429 | { | |
1430 | daemon->tcp_pids[i] = p; | |
1431 | break; | |
1432 | } | |
1433 | } | |
1434 | close(confd); | |
1435 | } | |
1436 | #endif | |
1437 | else | |
1438 | { | |
1439 | unsigned char *buff; | |
1440 | struct server *s; | |
1441 | int flags; | |
52d4abf2 SK |
1442 | struct in_addr netmask; |
1443 | ||
1444 | if (iface) | |
1445 | netmask = iface->netmask; | |
1446 | else | |
1447 | netmask.s_addr = 0; | |
1448 | ||
8ef5ada2 SK |
1449 | #ifndef NO_FORK |
1450 | /* Arrange for SIGALARM after CHILD_LIFETIME seconds to | |
1451 | terminate the process. */ | |
28866e95 | 1452 | if (!option_bool(OPT_DEBUG)) |
832af0ba | 1453 | alarm(CHILD_LIFETIME); |
8ef5ada2 SK |
1454 | #endif |
1455 | ||
832af0ba SK |
1456 | /* start with no upstream connections. */ |
1457 | for (s = daemon->servers; s; s = s->next) | |
7cebd20f | 1458 | s->tcpfd = -1; |
832af0ba SK |
1459 | |
1460 | /* The connected socket inherits non-blocking | |
1461 | attribute from the listening socket. | |
1462 | Reset that here. */ | |
1463 | if ((flags = fcntl(confd, F_GETFL, 0)) != -1) | |
1464 | fcntl(confd, F_SETFL, flags & ~O_NONBLOCK); | |
1465 | ||
52d4abf2 | 1466 | buff = tcp_request(confd, now, &tcp_addr, netmask); |
7cebd20f | 1467 | |
832af0ba SK |
1468 | shutdown(confd, SHUT_RDWR); |
1469 | close(confd); | |
1470 | ||
1471 | if (buff) | |
1472 | free(buff); | |
1473 | ||
1474 | for (s = daemon->servers; s; s = s->next) | |
1475 | if (s->tcpfd != -1) | |
1476 | { | |
1477 | shutdown(s->tcpfd, SHUT_RDWR); | |
1478 | close(s->tcpfd); | |
1479 | } | |
7cebd20f | 1480 | #ifndef NO_FORK |
28866e95 | 1481 | if (!option_bool(OPT_DEBUG)) |
5aabfc78 SK |
1482 | { |
1483 | flush_log(); | |
1484 | _exit(0); | |
1485 | } | |
59353a6b | 1486 | #endif |
832af0ba SK |
1487 | } |
1488 | } | |
1489 | } | |
3be34541 SK |
1490 | } |
1491 | ||
7622fc06 | 1492 | #ifdef HAVE_DHCP |
5e9e0efb SK |
1493 | int make_icmp_sock(void) |
1494 | { | |
7cebd20f | 1495 | int fd; |
5e9e0efb SK |
1496 | int zeroopt = 0; |
1497 | ||
1498 | if ((fd = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1) | |
1499 | { | |
7cebd20f | 1500 | if (!fix_fd(fd) || |
5e9e0efb SK |
1501 | setsockopt(fd, SOL_SOCKET, SO_DONTROUTE, &zeroopt, sizeof(zeroopt)) == -1) |
1502 | { | |
1503 | close(fd); | |
1504 | fd = -1; | |
1505 | } | |
1506 | } | |
1507 | ||
1508 | return fd; | |
1509 | } | |
1510 | ||
5aabfc78 | 1511 | int icmp_ping(struct in_addr addr) |
3be34541 | 1512 | { |
5e9e0efb | 1513 | /* Try and get an ICMP echo from a machine. */ |
3be34541 SK |
1514 | |
1515 | /* Note that whilst in the three second wait, we check for | |
832af0ba | 1516 | (and service) events on the DNS and TFTP sockets, (so doing that |
3be34541 SK |
1517 | better not use any resources our caller has in use...) |
1518 | but we remain deaf to signals or further DHCP packets. */ | |
1519 | ||
5e9e0efb | 1520 | int fd; |
3be34541 SK |
1521 | struct sockaddr_in saddr; |
1522 | struct { | |
1523 | struct ip ip; | |
1524 | struct icmp icmp; | |
1525 | } packet; | |
1526 | unsigned short id = rand16(); | |
1527 | unsigned int i, j; | |
5e9e0efb | 1528 | int gotreply = 0; |
3be34541 | 1529 | time_t start, now; |
5e9e0efb | 1530 | |
824af85b | 1531 | #if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK) |
5e9e0efb SK |
1532 | if ((fd = make_icmp_sock()) == -1) |
1533 | return 0; | |
1534 | #else | |
1535 | int opt = 2000; | |
1536 | fd = daemon->dhcp_icmp_fd; | |
1537 | setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt)); | |
1538 | #endif | |
1539 | ||
3be34541 SK |
1540 | saddr.sin_family = AF_INET; |
1541 | saddr.sin_port = 0; | |
1542 | saddr.sin_addr = addr; | |
1543 | #ifdef HAVE_SOCKADDR_SA_LEN | |
1544 | saddr.sin_len = sizeof(struct sockaddr_in); | |
1545 | #endif | |
1546 | ||
1547 | memset(&packet.icmp, 0, sizeof(packet.icmp)); | |
1548 | packet.icmp.icmp_type = ICMP_ECHO; | |
1549 | packet.icmp.icmp_id = id; | |
1550 | for (j = 0, i = 0; i < sizeof(struct icmp) / 2; i++) | |
1551 | j += ((u16 *)&packet.icmp)[i]; | |
1552 | while (j>>16) | |
1553 | j = (j & 0xffff) + (j >> 16); | |
1554 | packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j; | |
1555 | ||
5e9e0efb | 1556 | while (sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0, |
fd9fa481 SK |
1557 | (struct sockaddr *)&saddr, sizeof(saddr)) == -1 && |
1558 | retry_send()); | |
1559 | ||
5e9e0efb SK |
1560 | for (now = start = dnsmasq_time(); |
1561 | difftime(now, start) < (float)PING_WAIT;) | |
fd9fa481 SK |
1562 | { |
1563 | struct timeval tv; | |
f2621c7f | 1564 | fd_set rset, wset; |
fd9fa481 | 1565 | struct sockaddr_in faddr; |
1697269c | 1566 | int maxfd = fd; |
3d8df260 | 1567 | socklen_t len = sizeof(faddr); |
fd9fa481 SK |
1568 | |
1569 | tv.tv_usec = 250000; | |
1570 | tv.tv_sec = 0; | |
1571 | ||
1572 | FD_ZERO(&rset); | |
f2621c7f | 1573 | FD_ZERO(&wset); |
5e9e0efb | 1574 | FD_SET(fd, &rset); |
5aabfc78 | 1575 | set_dns_listeners(now, &rset, &maxfd); |
f2621c7f | 1576 | set_log_writer(&wset, &maxfd); |
c5ad4e79 SK |
1577 | |
1578 | #ifdef HAVE_DHCP6 | |
843c96b4 | 1579 | if (daemon->ra_contexts) |
c5ad4e79 SK |
1580 | { |
1581 | FD_SET(daemon->icmp6fd, &rset); | |
1582 | bump_maxfd(daemon->icmp6fd, &maxfd); | |
1583 | } | |
1584 | #endif | |
1585 | ||
f2621c7f SK |
1586 | if (select(maxfd+1, &rset, &wset, NULL, &tv) < 0) |
1587 | { | |
1588 | FD_ZERO(&rset); | |
1589 | FD_ZERO(&wset); | |
1590 | } | |
1591 | ||
5e9e0efb | 1592 | now = dnsmasq_time(); |
f2621c7f SK |
1593 | |
1594 | check_log_writer(&wset); | |
5aabfc78 | 1595 | check_dns_listeners(&rset, now); |
832af0ba | 1596 | |
c5ad4e79 | 1597 | #ifdef HAVE_DHCP6 |
843c96b4 | 1598 | if (daemon->ra_contexts && FD_ISSET(daemon->icmp6fd, &rset)) |
c5ad4e79 SK |
1599 | icmp6_packet(); |
1600 | #endif | |
1601 | ||
832af0ba | 1602 | #ifdef HAVE_TFTP |
5aabfc78 | 1603 | check_tftp_listeners(&rset, now); |
832af0ba SK |
1604 | #endif |
1605 | ||
5e9e0efb SK |
1606 | if (FD_ISSET(fd, &rset) && |
1607 | recvfrom(fd, &packet, sizeof(packet), 0, | |
fd9fa481 SK |
1608 | (struct sockaddr *)&faddr, &len) == sizeof(packet) && |
1609 | saddr.sin_addr.s_addr == faddr.sin_addr.s_addr && | |
1610 | packet.icmp.icmp_type == ICMP_ECHOREPLY && | |
1611 | packet.icmp.icmp_seq == 0 && | |
1612 | packet.icmp.icmp_id == id) | |
1613 | { | |
1614 | gotreply = 1; | |
1615 | break; | |
1616 | } | |
1617 | } | |
1618 | ||
824af85b | 1619 | #if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK) |
5e9e0efb SK |
1620 | close(fd); |
1621 | #else | |
3be34541 | 1622 | opt = 1; |
5e9e0efb SK |
1623 | setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt)); |
1624 | #endif | |
1625 | ||
3be34541 SK |
1626 | return gotreply; |
1627 | } | |
7622fc06 | 1628 | #endif |
0a852541 SK |
1629 | |
1630 |