]> git.ipfire.org Git - people/ms/dnsmasq.git/blame - src/dnsmasq.c
projects / people / ms / dnsmasq.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
typo
[people/ms/dnsmasq.git] / src / dnsmasq.c
CommitLineData
59546085 1/* dnsmasq is Copyright (c) 2000-2012 Simon Kelley
9e4abcb5
SK		 2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
824af85b
SK		 5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
9e4abcb5
SK		 8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
824af85b 12
73a08a24
SK		 13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
9e4abcb5
SK		 15*/
16
c72daea8
SK		 17/* Declare static char *compiler_opts in config.h */
18#define DNSMASQ_COMPILE_OPTS
19
9e4abcb5
SK		 20#include "dnsmasq.h"
21
5aabfc78
SK		 22struct daemon *daemon;
23
5aabfc78
SK		 24static volatile pid_t pid = 0;
25static volatile int pipewrite;
9e4abcb5 26
5aabfc78
SK		 27static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp);
28static void check_dns_listeners(fd_set *set, time_t now);
3be34541 29static void sig_handler(int sig);
5aabfc78 30static void async_event(int pipe, time_t now);
c72daea8
SK		 31static void fatal_event(struct event_desc *ev, char *msg);
32static int read_event(int fd, struct event_desc *evp, char **msg);
9e4abcb5
SK		 33
34int main (int argc, char **argv)
35{
de37951c 36 int bind_fallback = 0;
9009d746 37 time_t now;
9e4abcb5 38 struct sigaction sigact;
26128d27 39 struct iname *if_tmp;
1a6bca81
SK		 40 int piperead, pipefd[2], err_pipe[2];
41 struct passwd *ent_pw = NULL;
c72daea8 42#if defined(HAVE_SCRIPT)
1a6bca81
SK		 43 uid_t script_uid = 0;
44 gid_t script_gid = 0;
7622fc06
SK		 45#endif
46 struct group *gp = NULL;
5aabfc78 47 long i, max_fd = sysconf(_SC_OPEN_MAX);
1a6bca81
SK		 48 char *baduser = NULL;
49 int log_err;
50#if defined(HAVE_LINUX_NETWORK)
51 cap_user_header_t hdr = NULL;
52 cap_user_data_t data = NULL;
53#endif
1f776932 54 struct dhcp_context *context;
5aabfc78 55
824af85b 56#ifdef LOCALEDIR
b8187c80
SK		 57 setlocale(LC_ALL, "");
58 bindtextdomain("dnsmasq", LOCALEDIR);
59 textdomain("dnsmasq");
60#endif
61
9e4abcb5
SK		 62 sigact.sa_handler = sig_handler;
63 sigact.sa_flags = 0;
64 sigemptyset(&sigact.sa_mask);
65 sigaction(SIGUSR1, &sigact, NULL);
5aabfc78 66 sigaction(SIGUSR2, &sigact, NULL);
9e4abcb5
SK		 67 sigaction(SIGHUP, &sigact, NULL);
68 sigaction(SIGTERM, &sigact, NULL);
44a2a316 69 sigaction(SIGALRM, &sigact, NULL);
feba5c1d
SK		 70 sigaction(SIGCHLD, &sigact, NULL);
71
72 /* ignore SIGPIPE */
73 sigact.sa_handler = SIG_IGN;
74 sigaction(SIGPIPE, &sigact, NULL);
9e4abcb5 75
5aabfc78
SK		 76 umask(022); /* known umask, create leases and pid files as 0644 */
77
78 read_opts(argc, argv, compile_opts);
79
3be34541
SK		 80 if (daemon->edns_pktsz < PACKETSZ)
81 daemon->edns_pktsz = PACKETSZ;
0a852541
SK		 82 daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ?
83 daemon->edns_pktsz : DNSMASQ_PACKETSZ;
84 daemon->packet = safe_malloc(daemon->packet_buff_sz);
1a6bca81 85
c72daea8
SK		 86 daemon->addrbuff = safe_malloc(ADDRSTRLEN);
87
4f7b304f 88
7622fc06 89#ifdef HAVE_DHCP
3be34541 90 if (!daemon->lease_file)
9e4abcb5 91 {
52b92f4d 92 if (daemon->dhcp || daemon->dhcp6)
3be34541 93 daemon->lease_file = LEASEFILE;
9e4abcb5 94 }
7622fc06 95#endif
9e4abcb5 96
a2761754
SK		 97 /* Close any file descriptors we inherited apart from std{in|out|err}
98
99 Ensure that at least stdin, stdout and stderr (fd 0, 1, 2) exist,
100 otherwise file descriptors we create can end up being 0, 1, or 2
101 and then get accidentally closed later when we make 0, 1, and 2
102 open to /dev/null. Normally we'll be started with 0, 1 and 2 open,
103 but it's not guaranteed. By opening /dev/null three times, we
104 ensure that we're not using those fds for real stuff. */
5aabfc78
SK		 105 for (i = 0; i < max_fd; i++)
106 if (i != STDOUT_FILENO && i != STDERR_FILENO && i != STDIN_FILENO)
107 close(i);
a2761754
SK		 108 else
109 open("/dev/null", O_RDWR);
5aabfc78 110
801ca9a7
SK		 111#ifndef HAVE_LINUX_NETWORK
112# if !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR))
28866e95 113 if (!option_bool(OPT_NOWILD))
de37951c
SK		 114 {
115 bind_fallback = 1;
28866e95 116 set_option_bool(OPT_NOWILD);
de37951c 117 }
801ca9a7 118# endif
2b5bae9a
SK		 119
120 /* -- bind-dynamic not supported on !Linux, fall back to --bind-interfaces */
54dd393f 121 if (option_bool(OPT_CLEVERBIND))
2b5bae9a
SK		 122 {
123 bind_fallback = 1;
124 set_option_bool(OPT_NOWILD);
236e072c 125 reset_option_bool(OPT_CLEVERBIND);
2b5bae9a 126 }
309331f5 127#endif
2b5bae9a 128
832af0ba 129#ifndef HAVE_TFTP
9b40cbf5 130 if (option_bool(OPT_TFTP))
5aabfc78 131 die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL, EC_BADCONF);
832af0ba
SK		 132#endif
133
7de060b0
SK		 134#ifdef HAVE_CONNTRACK
135 if (option_bool(OPT_CONNTRACK) && (daemon->query_port != 0 || daemon->osport))
136 die (_("Cannot use --conntrack AND --query-port"), NULL, EC_BADCONF);
137#else
138 if (option_bool(OPT_CONNTRACK))
139 die(_("Conntrack support not available: set HAVE_CONNTRACK in src/config.h"), NULL, EC_BADCONF);
140#endif
141
824af85b
SK		 142#ifdef HAVE_SOLARIS_NETWORK
143 if (daemon->max_logs != 0)
144 die(_("asychronous logging is not available under Solaris"), NULL, EC_BADCONF);
145#endif
146
572b41eb
SK		 147#ifdef __ANDROID__
148 if (daemon->max_logs != 0)
149 die(_("asychronous logging is not available under Android"), NULL, EC_BADCONF);
150#endif
151
4820dce9
SK		 152#ifndef HAVE_AUTH
153 if (daemon->authserver)
154 die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL, EC_BADCONF);
155#endif
156
1a6bca81
SK		 157 rand_init();
158
5aabfc78 159 now = dnsmasq_time();
4f7b304f
SK		 160
161 /* Create a serial at startup is not configured. */
162 if (daemon->authinterface && daemon->soa_sn == 0)
163#ifdef HAVE_BROKEN_RTC
164 die(_("zone serial must be configured in --auth-soa"));
165#else
166 daemon->soa_sn = now;
167#endif
5aabfc78 168
7622fc06 169#ifdef HAVE_DHCP
52b92f4d 170 if (daemon->dhcp || daemon->dhcp6)
1f776932
SK		 171 {
172
173# ifdef HAVE_DHCP6
174 if (daemon->dhcp6)
175 {
176 daemon->doing_ra = option_bool(OPT_RA);
177
178 for (context = daemon->dhcp6; context; context = context->next)
179 {
180 if (context->flags & CONTEXT_DHCP)
181 daemon->doing_dhcp6 = 1;
bb86e858 182 if (context->flags & CONTEXT_RA)
1f776932 183 daemon->doing_ra = 1;
bb86e858
SK		 184#ifndef HAVE_LINUX_NETWORK
185 if (context->flags & CONTEXT_TEMPLATE)
9d299494 186 die (_("dhcp-range constructor not available on this platform"), NULL, EC_BADCONF);
bb86e858 187#endif
1f776932
SK		 188 }
189 }
190# endif
191
5aabfc78
SK		 192 /* Note that order matters here, we must call lease_init before
193 creating any file descriptors which shouldn't be leaked
4cb1b320
SK		 194 to the lease-script init process. We need to call common_init
195 before lease_init to allocate buffers it uses.*/
1f776932
SK		 196 if (daemon->dhcp || daemon->doing_dhcp6)
197 {
198 dhcp_common_init();
199 lease_init(now);
200 }
201
52b92f4d
SK		 202 if (daemon->dhcp)
203 dhcp_init();
1f776932 204
843c96b4 205# ifdef HAVE_DHCP6
1f776932
SK		 206 if (daemon->doing_ra)
207 ra_init(now);
843c96b4 208
1f776932
SK		 209 if (daemon->doing_dhcp6)
210 dhcp6_init();
801ca9a7 211# endif
1f776932 212 }
801ca9a7
SK		 213
214#endif
215
216#ifdef HAVE_LINUX_NETWORK
801ca9a7 217 netlink_init();
8445f5d2 218
54dd393f
SK		 219 if (option_bool(OPT_NOWILD) && option_bool(OPT_CLEVERBIND))
220 die(_("cannot set --bind-interfaces and --bind-dynamic"), NULL, EC_BADCONF);
801ca9a7
SK		 221#endif
222
223#ifdef HAVE_DHCP6
224 /* after netlink_init */
1f776932 225 if (daemon->doing_dhcp6 || daemon->doing_ra)
843c96b4 226 join_multicast();
801ca9a7 227#endif
8445f5d2 228
5aabfc78
SK		 229 if (!enumerate_interfaces())
230 die(_("failed to find list of interfaces: %s"), NULL, EC_MISC);
843c96b4 231
54dd393f 232 if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND))
de37951c 233 {
74c95c25 234 create_bound_listeners(1);
54dd393f
SK		 235
236 if (!option_bool(OPT_CLEVERBIND))
237 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
238 if (if_tmp->name && !if_tmp->used)
239 die(_("unknown interface %s"), if_tmp->name, EC_BADNET);
9380ba70
SK		 240
241#if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP)
242 /* after enumerate_interfaces() */
243 if (daemon->dhcp)
244 {
245 bindtodevice(daemon->dhcpfd);
246 if (daemon->enable_pxe)
247 bindtodevice(daemon->pxefd);
248 }
249#endif
250
251#if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP6)
252 if (daemon->dhcp6)
253 bindtodevice(daemon->dhcp6fd);
254#endif
de37951c 255 }
28866e95 256 else
74c95c25 257 create_wildcard_listeners();
de37951c 258
824af85b
SK		 259 if (daemon->port != 0)
260 cache_init();
1a6bca81 261
28866e95 262 if (option_bool(OPT_DBUS))
3d8df260
SK		 263#ifdef HAVE_DBUS
264 {
265 char *err;
266 daemon->dbus = NULL;
267 daemon->watches = NULL;
5aabfc78
SK		 268 if ((err = dbus_init()))
269 die(_("DBus error: %s"), err, EC_MISC);
3d8df260
SK		 270 }
271#else
5aabfc78 272 die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL, EC_BADCONF);
3d8df260
SK		 273#endif
274
824af85b
SK		 275 if (daemon->port != 0)
276 pre_allocate_sfds();
1a6bca81 277
c72daea8 278#if defined(HAVE_SCRIPT)
1a6bca81 279 /* Note getpwnam returns static storage */
843c96b4
SK		 280 if ((daemon->dhcp || daemon->dhcp6) &&
281 daemon->scriptuser &&
c72daea8 282 (daemon->lease_change_command || daemon->luascript))
1a6bca81
SK		 283 {
284 if ((ent_pw = getpwnam(daemon->scriptuser)))
285 {
286 script_uid = ent_pw->pw_uid;
287 script_gid = ent_pw->pw_gid;
288 }
289 else
290 baduser = daemon->scriptuser;
291 }
7622fc06 292#endif
9e4abcb5 293
1a6bca81
SK		 294 if (daemon->username && !(ent_pw = getpwnam(daemon->username)))
295 baduser = daemon->username;
296 else if (daemon->groupname && !(gp = getgrnam(daemon->groupname)))
297 baduser = daemon->groupname;
298
299 if (baduser)
300 die(_("unknown user or group: %s"), baduser, EC_BADCONF);
301
302 /* implement group defaults, "dip" if available, or group associated with uid */
303 if (!daemon->group_set && !gp)
304 {
305 if (!(gp = getgrnam(CHGRP)) && ent_pw)
306 gp = getgrgid(ent_pw->pw_gid);
307
308 /* for error message */
309 if (gp)
310 daemon->groupname = gp->gr_name;
311 }
312
313#if defined(HAVE_LINUX_NETWORK)
314 /* determine capability API version here, while we can still
315 call safe_malloc */
316 if (ent_pw && ent_pw->pw_uid != 0)
317 {
1a6bca81 318 int capsize = 1; /* for header version 1 */
3927da46
SK		 319 hdr = safe_malloc(sizeof(*hdr));
320
1a6bca81
SK		 321 /* find version supported by kernel */
322 memset(hdr, 0, sizeof(*hdr));
323 capget(hdr, NULL);
324
325 if (hdr->version != LINUX_CAPABILITY_VERSION_1)
326 {
327 /* if unknown version, use largest supported version (3) */
328 if (hdr->version != LINUX_CAPABILITY_VERSION_2)
329 hdr->version = LINUX_CAPABILITY_VERSION_3;
330 capsize = 2;
331 }
332
333 data = safe_malloc(sizeof(*data) * capsize);
334 memset(data, 0, sizeof(*data) * capsize);
335 }
336#endif
337
5aabfc78 338 /* Use a pipe to carry signals and other events back to the event loop
1a6bca81
SK		 339 in a race-free manner and another to carry errors to daemon-invoking process */
340 safe_pipe(pipefd, 1);
5e9e0efb
SK		 341
342 piperead = pipefd[0];
343 pipewrite = pipefd[1];
344 /* prime the pipe to load stuff first time. */
c72daea8 345 send_event(pipewrite, EVENT_RELOAD, 0, NULL);
1a6bca81
SK		 346
347 err_pipe[1] = -1;
1697269c 348
28866e95 349 if (!option_bool(OPT_DEBUG))
9e4abcb5 350 {
9e4abcb5
SK		 351 /* The following code "daemonizes" the process.
352 See Stevens section 12.4 */
1a6bca81 353
9e038946
SK		 354 if (chdir("/") != 0)
355 die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC);
356
1697269c 357#ifndef NO_FORK
28866e95 358 if (!option_bool(OPT_NO_FORK))
3be34541 359 {
5aabfc78 360 pid_t pid;
3be34541 361
1a6bca81
SK		 362 /* pipe to carry errors back to original process.
363 When startup is complete we close this and the process terminates. */
364 safe_pipe(err_pipe, 0);
365
7622fc06
SK		 366 if ((pid = fork()) == -1)
367 /* fd == -1 since we've not forked, never returns. */
c72daea8 368 send_event(-1, EVENT_FORK_ERR, errno, NULL);
9e038946 369
5aabfc78 370 if (pid != 0)
1a6bca81
SK		 371 {
372 struct event_desc ev;
c72daea8
SK		 373 char *msg;
374
1a6bca81
SK		 375 /* close our copy of write-end */
376 close(err_pipe[1]);
377
378 /* check for errors after the fork */
c72daea8
SK		 379 if (read_event(err_pipe[0], &ev, &msg))
380 fatal_event(&ev, msg);
1a6bca81
SK		 381
382 _exit(EC_GOOD);
383 }
384
385 close(err_pipe[0]);
386
387 /* NO calls to die() from here on. */
3be34541 388
5aabfc78 389 setsid();
7622fc06
SK		 390
391 if ((pid = fork()) == -1)
c72daea8 392 send_event(err_pipe[1], EVENT_FORK_ERR, errno, NULL);
7622fc06
SK		 393
394 if (pid != 0)
7cebd20f 395 _exit(0);
3be34541 396 }
9e4abcb5 397#endif
9e038946 398
9e4abcb5 399 /* write pidfile _after_ forking ! */
1a6bca81
SK		 400 if (daemon->runfile)
401 {
79cfefd8
SK		 402 int fd, err = 0;
403
404 sprintf(daemon->namebuff, "%d\n", (int) getpid());
405
406 /* Explanation: Some installations of dnsmasq (eg Debian/Ubuntu) locate the pid-file
407 in a directory which is writable by the non-privileged user that dnsmasq runs as. This
408 allows the daemon to delete the file as part of its shutdown. This is a security hole to the
409 extent that an attacker running as the unprivileged user could replace the pidfile with a
410 symlink, and have the target of that symlink overwritten as root next time dnsmasq starts.
411
412 The folowing code first deletes any existing file, and then opens it with the O_EXCL flag,
413 ensuring that the open() fails should there be any existing file (because the unlink() failed,
414 or an attacker exploited the race between unlink() and open()). This ensures that no symlink
415 attack can succeed.
416
417 Any compromise of the non-privileged user still theoretically allows the pid-file to be
418 replaced whilst dnsmasq is running. The worst that could allow is that the usual
419 "shutdown dnsmasq" shell command could be tricked into stopping any other process.
420
421 Note that if dnsmasq is started as non-root (eg for testing) it silently ignores
422 failure to write the pid-file.
423 */
424
425 unlink(daemon->runfile);
1a6bca81 426
79cfefd8 427 if ((fd = open(daemon->runfile, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH)) == -1)
1a6bca81 428 {
79cfefd8
SK		 429 /* only complain if started as root */
430 if (getuid() == 0)
431 err = 1;
1a6bca81 432 }
79cfefd8
SK		 433 else
434 {
435 if (!read_write(fd, (unsigned char *)daemon->namebuff, strlen(daemon->namebuff), 0))
436 err = 1;
437
438 while (!err && close(fd) == -1)
439 if (!retry_send())
440 err = 1;
441 }
442
443 if (err)
1a6bca81 444 {
c72daea8 445 send_event(err_pipe[1], EVENT_PIDFILE, errno, daemon->runfile);
1a6bca81
SK		 446 _exit(0);
447 }
9e4abcb5 448 }
1697269c
SK		 449 }
450
8ef5ada2
SK		 451 log_err = log_start(ent_pw, err_pipe[1]);
452
28866e95 453 if (!option_bool(OPT_DEBUG))
8ef5ada2
SK		 454 {
455 /* open stdout etc to /dev/null */
456 int nullfd = open("/dev/null", O_RDWR);
457 dup2(nullfd, STDOUT_FILENO);
458 dup2(nullfd, STDERR_FILENO);
459 dup2(nullfd, STDIN_FILENO);
460 close(nullfd);
461 }
1a6bca81
SK		 462
463 /* if we are to run scripts, we need to fork a helper before dropping root. */
464 daemon->helperfd = -1;
c72daea8 465#ifdef HAVE_SCRIPT
52b92f4d 466 if ((daemon->dhcp || daemon->dhcp6) && (daemon->lease_change_command || daemon->luascript))
1a6bca81 467 daemon->helperfd = create_helper(pipewrite, err_pipe[1], script_uid, script_gid, max_fd);
5aabfc78 468#endif
5aabfc78 469
28866e95 470 if (!option_bool(OPT_DEBUG) && getuid() == 0)
1697269c 471 {
1a6bca81
SK		 472 int bad_capabilities = 0;
473 gid_t dummy;
474
475 /* remove all supplimentary groups */
476 if (gp &&
477 (setgroups(0, &dummy) == -1 ||
478 setgid(gp->gr_gid) == -1))
9e4abcb5 479 {
c72daea8 480 send_event(err_pipe[1], EVENT_GROUP_ERR, errno, daemon->groupname);
1a6bca81 481 _exit(0);
7cebd20f 482 }
1a6bca81 483
7cebd20f 484 if (ent_pw && ent_pw->pw_uid != 0)
1697269c 485 {
74c95c25 486#if defined(HAVE_LINUX_NETWORK)
1697269c 487 /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
74c95c25 488 CAP_NET_RAW (for icmp) if we're doing dhcp. If we have yet to bind
54dd393f
SK		 489 ports because of DAD, or we're doing it dynamically,
490 we need CAP_NET_BIND_SERVICE too. */
491 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
74c95c25
SK		 492 data->effective = data->permitted = data->inheritable =
493 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) |
494 (1 << CAP_SETUID) | (1 << CAP_NET_BIND_SERVICE);
495 else
496 data->effective = data->permitted = data->inheritable =
497 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID);
5e9e0efb 498
1697269c 499 /* Tell kernel to not clear capabilities when dropping root */
572b41eb 500 if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1)
1697269c 501 bad_capabilities = errno;
1a6bca81 502
7622fc06 503#elif defined(HAVE_SOLARIS_NETWORK)
824af85b
SK		 504 /* http://developers.sun.com/solaris/articles/program_privileges.html */
505 priv_set_t *priv_set;
506
507 if (!(priv_set = priv_str_to_set("basic", ",", NULL)) ||
508 priv_addset(priv_set, PRIV_NET_ICMPACCESS) == -1 ||
509 priv_addset(priv_set, PRIV_SYS_NET_CONFIG) == -1)
510 bad_capabilities = errno;
511
512 if (priv_set && bad_capabilities == 0)
513 {
514 priv_inverse(priv_set);
515
516 if (setppriv(PRIV_OFF, PRIV_LIMIT, priv_set) == -1)
517 bad_capabilities = errno;
518 }
519
520 if (priv_set)
521 priv_freeset(priv_set);
522
824af85b
SK		 523#endif
524
1a6bca81 525 if (bad_capabilities != 0)
1697269c 526 {
c72daea8 527 send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities, NULL);
1a6bca81
SK		 528 _exit(0);
529 }
530
531 /* finally drop root */
532 if (setuid(ent_pw->pw_uid) == -1)
533 {
c72daea8 534 send_event(err_pipe[1], EVENT_USER_ERR, errno, daemon->username);
1a6bca81
SK		 535 _exit(0);
536 }
537
1697269c 538#ifdef HAVE_LINUX_NETWORK
54dd393f 539 if (is_dad_listeners() || option_bool(OPT_CLEVERBIND))
74c95c25
SK		 540 data->effective = data->permitted =
541 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_NET_BIND_SERVICE);
542 else
543 data->effective = data->permitted =
544 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW);
1a6bca81
SK		 545 data->inheritable = 0;
546
547 /* lose the setuid and setgid capbilities */
548 if (capset(hdr, data) == -1)
549 {
c72daea8 550 send_event(err_pipe[1], EVENT_CAP_ERR, errno, NULL);
1a6bca81 551 _exit(0);
1697269c 552 }
1a6bca81
SK		 553#endif
554
9e4abcb5
SK		 555 }
556 }
1697269c 557
1697269c 558#ifdef HAVE_LINUX_NETWORK
28866e95 559 if (option_bool(OPT_DEBUG))
572b41eb 560 prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
1697269c 561#endif
9e4abcb5 562
8b3ae2fd 563#ifdef HAVE_TFTP
8bc4cece 564 if (option_bool(OPT_TFTP))
8b3ae2fd
SK		 565 {
566 DIR *dir;
567 struct tftp_prefix *p;
568
569 if (daemon->tftp_prefix)
570 {
571 if (!((dir = opendir(daemon->tftp_prefix))))
572 {
573 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, daemon->tftp_prefix);
574 _exit(0);
575 }
576 closedir(dir);
577 }
578
579 for (p = daemon->if_prefix; p; p = p->next)
580 {
581 if (!((dir = opendir(p->prefix))))
582 {
583 send_event(err_pipe[1], EVENT_TFTP_ERR, errno, p->prefix);
584 _exit(0);
585 }
586 closedir(dir);
587 }
588 }
589#endif
590
824af85b
SK		 591 if (daemon->port == 0)
592 my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION);
593 else if (daemon->cachesize != 0)
f2621c7f 594 my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize);
9e4abcb5 595 else
f2621c7f 596 my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION);
1697269c 597
f2621c7f 598 my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts);
1697269c 599
3d8df260 600#ifdef HAVE_DBUS
28866e95 601 if (option_bool(OPT_DBUS))
3d8df260
SK		 602 {
603 if (daemon->dbus)
f2621c7f 604 my_syslog(LOG_INFO, _("DBus support enabled: connected to system bus"));
3d8df260 605 else
f2621c7f 606 my_syslog(LOG_INFO, _("DBus support enabled: bus connection pending"));
3d8df260
SK		 607 }
608#endif
609
1a6bca81
SK		 610 if (log_err != 0)
611 my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"),
612 daemon->log_file, strerror(log_err));
613
de37951c 614 if (bind_fallback)
f2621c7f 615 my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations"));
de37951c 616
28866e95 617 if (!option_bool(OPT_NOWILD))
26128d27
SK		 618 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
619 if (if_tmp->name && !if_tmp->used)
f2621c7f 620 my_syslog(LOG_WARNING, _("warning: interface %s does not currently exist"), if_tmp->name);
5e9e0efb 621
28866e95 622 if (daemon->port != 0 && option_bool(OPT_NO_RESOLV))
208b65c5
SK		 623 {
624 if (daemon->resolv_files && !daemon->resolv_files->is_default)
f2621c7f 625 my_syslog(LOG_WARNING, _("warning: ignoring resolv-file flag because no-resolv is set"));
208b65c5 626 daemon->resolv_files = NULL;
1b7ecd11 627 if (!daemon->servers)
f2621c7f 628 my_syslog(LOG_WARNING, _("warning: no upstream servers configured"));
208b65c5
SK		 629 }
630
f2621c7f
SK		 631 if (daemon->max_logs != 0)
632 my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"), daemon->max_logs);
1f776932 633
f2621c7f 634
7622fc06 635#ifdef HAVE_DHCP
1f776932
SK		 636 for (context = daemon->dhcp; context; context = context->next)
637 log_context(AF_INET, context);
52b92f4d 638
1f776932
SK		 639# ifdef HAVE_DHCP6
640 for (context = daemon->dhcp6; context; context = context->next)
641 log_context(AF_INET6, context);
642
643 if (daemon->doing_dhcp6 || daemon->doing_ra)
644 dhcp_construct_contexts(now);
645
646 if (option_bool(OPT_RA))
647 my_syslog(MS_DHCP | LOG_INFO, _("IPv6 router advertisement enabled"));
648# endif
26128d27 649
8445f5d2
SK		 650 /* after dhcp_contruct_contexts */
651 if (daemon->dhcp || daemon->doing_dhcp6)
652 lease_find_interfaces(now);
1f776932 653#endif
52b92f4d 654
832af0ba 655#ifdef HAVE_TFTP
8bc4cece 656 if (option_bool(OPT_TFTP))
832af0ba 657 {
832af0ba 658#ifdef FD_SETSIZE
5aabfc78 659 if (FD_SETSIZE < (unsigned)max_fd)
832af0ba
SK		 660 max_fd = FD_SETSIZE;
661#endif
662
7622fc06 663 my_syslog(MS_TFTP | LOG_INFO, "TFTP %s%s %s",
f2621c7f
SK		 664 daemon->tftp_prefix ? _("root is ") : _("enabled"),
665 daemon->tftp_prefix ? daemon->tftp_prefix: "",
28866e95 666 option_bool(OPT_TFTP_SECURE) ? _("secure mode") : "");
f2621c7f 667
832af0ba 668 /* This is a guess, it assumes that for small limits,
f2621c7f 669 disjoint files might be served, but for large limits,
832af0ba
SK		 670 a single file will be sent to may clients (the file only needs
671 one fd). */
672
673 max_fd -= 30; /* use other than TFTP */
674
675 if (max_fd < 0)
676 max_fd = 5;
677 else if (max_fd < 100)
678 max_fd = max_fd/2;
679 else
680 max_fd = max_fd - 20;
824af85b
SK		 681
682 /* if we have to use a limited range of ports,
683 that will limit the number of transfers */
684 if (daemon->start_tftp_port != 0 &&
685 daemon->end_tftp_port - daemon->start_tftp_port + 1 < max_fd)
686 max_fd = daemon->end_tftp_port - daemon->start_tftp_port + 1;
832af0ba
SK		 687
688 if (daemon->tftp_max > max_fd)
689 {
690 daemon->tftp_max = max_fd;
7622fc06 691 my_syslog(MS_TFTP | LOG_WARNING,
f2621c7f
SK		 692 _("restricting maximum simultaneous TFTP transfers to %d"),
693 daemon->tftp_max);
832af0ba
SK		 694 }
695 }
696#endif
697
1a6bca81
SK		 698 /* finished start-up - release original process */
699 if (err_pipe[1] != -1)
700 close(err_pipe[1]);
9e4abcb5 701
824af85b
SK		 702 if (daemon->port != 0)
703 check_servers();
704
7cebd20f
SK		 705 pid = getpid();
706
5e9e0efb 707 while (1)
9e4abcb5 708 {
1697269c 709 int maxfd = -1;
5e9e0efb 710 struct timeval t, *tp = NULL;
3d8df260 711 fd_set rset, wset, eset;
9e4abcb5
SK		 712
713 FD_ZERO(&rset);
3d8df260
SK		 714 FD_ZERO(&wset);
715 FD_ZERO(&eset);
9e4abcb5 716
1697269c
SK		 717 /* if we are out of resources, find how long we have to wait
718 for some to come free, we'll loop around then and restart
719 listening for queries */
5aabfc78 720 if ((t.tv_sec = set_dns_listeners(now, &rset, &maxfd)) != 0)
1697269c
SK		 721 {
722 t.tv_usec = 0;
723 tp = &t;
724 }
725
832af0ba
SK		 726 /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */
727 if (daemon->tftp_trans ||
28866e95 728 (option_bool(OPT_DBUS) && !daemon->dbus))
5e9e0efb 729 {
1697269c
SK		 730 t.tv_sec = 0;
731 t.tv_usec = 250000;
5e9e0efb 732 tp = &t;
5e9e0efb 733 }
74c95c25
SK		 734 /* Wake every second whilst waiting for DAD to complete */
735 else if (is_dad_listeners())
736 {
737 t.tv_sec = 1;
738 t.tv_usec = 0;
739 tp = &t;
740 }
44a2a316 741
832af0ba 742#ifdef HAVE_DBUS
5aabfc78 743 set_dbus_listeners(&maxfd, &rset, &wset, &eset);
5e9e0efb
SK		 744#endif
745
7622fc06 746#ifdef HAVE_DHCP
5e9e0efb
SK		 747 if (daemon->dhcp)
748 {
749 FD_SET(daemon->dhcpfd, &rset);
1697269c 750 bump_maxfd(daemon->dhcpfd, &maxfd);
316e2730
SK		 751 if (daemon->pxefd != -1)
752 {
753 FD_SET(daemon->pxefd, &rset);
754 bump_maxfd(daemon->pxefd, &maxfd);
755 }
5e9e0efb 756 }
7622fc06 757#endif
cdeda28f 758
52b92f4d 759#ifdef HAVE_DHCP6
1f776932 760 if (daemon->doing_dhcp6)
52b92f4d
SK		 761 {
762 FD_SET(daemon->dhcp6fd, &rset);
c5ad4e79 763 bump_maxfd(daemon->dhcp6fd, &maxfd);
5d71d834
SK		 764 }
765
1f776932 766 if (daemon->doing_ra)
5d71d834
SK		 767 {
768 FD_SET(daemon->icmp6fd, &rset);
769 bump_maxfd(daemon->icmp6fd, &maxfd);
52b92f4d
SK		 770 }
771#endif
772
5e9e0efb
SK		 773#ifdef HAVE_LINUX_NETWORK
774 FD_SET(daemon->netlinkfd, &rset);
1697269c 775 bump_maxfd(daemon->netlinkfd, &maxfd);
3d8df260 776#endif
3d8df260 777
5e9e0efb 778 FD_SET(piperead, &rset);
1697269c
SK		 779 bump_maxfd(piperead, &maxfd);
780
7622fc06 781#ifdef HAVE_DHCP
1f15b81d 782# ifdef HAVE_SCRIPT
5aabfc78 783 while (helper_buf_empty() && do_script_run(now));
1697269c 784
a9530964
SK		 785# ifdef HAVE_TFTP
786 while (helper_buf_empty() && do_tftp_script_run());
787# endif
788
1697269c
SK		 789 if (!helper_buf_empty())
790 {
791 FD_SET(daemon->helperfd, &wset);
792 bump_maxfd(daemon->helperfd, &maxfd);
793 }
7622fc06 794# else
5aabfc78
SK		 795 /* need this for other side-effects */
796 while (do_script_run(now));
a9530964
SK		 797
798# ifdef HAVE_TFTP
799 while (do_tftp_script_run());
800# endif
801
7622fc06 802# endif
5aabfc78 803#endif
7622fc06 804
f2621c7f
SK		 805 /* must do this just before select(), when we know no
806 more calls to my_syslog() can occur */
807 set_log_writer(&wset, &maxfd);
808
5e9e0efb
SK		 809 if (select(maxfd+1, &rset, &wset, &eset, tp) < 0)
810 {
811 /* otherwise undefined after error */
812 FD_ZERO(&rset); FD_ZERO(&wset); FD_ZERO(&eset);
813 }
814
815 now = dnsmasq_time();
9e4abcb5 816
f2621c7f 817 check_log_writer(&wset);
74c95c25
SK		 818
819 /* Check the interfaces to see if any have exited DAD state
820 and if so, bind the address. */
821 if (is_dad_listeners())
822 {
823 enumerate_interfaces();
824 /* NB, is_dad_listeners() == 1 --> we're binding interfaces */
825 create_bound_listeners(0);
826 }
f2621c7f 827
c52e1897
SK		 828#ifdef HAVE_LINUX_NETWORK
829 if (FD_ISSET(daemon->netlinkfd, &rset))
1f776932 830 netlink_multicast(now);
c52e1897
SK		 831#endif
832
9e4abcb5 833 /* Check for changes to resolv files once per second max. */
3d8df260 834 /* Don't go silent for long periods if the clock goes backwards. */
9009d746
SK		 835 if (daemon->last_resolv == 0 ||
836 difftime(now, daemon->last_resolv) > 1.0 ||
837 difftime(now, daemon->last_resolv) < -1.0)
9e4abcb5 838 {
8ef5ada2
SK		 839 /* poll_resolv doesn't need to reload first time through, since
840 that's queued anyway. */
33820b7e 841
8ef5ada2
SK		 842 poll_resolv(0, daemon->last_resolv != 0, now);
843 daemon->last_resolv = now;
9e4abcb5 844 }
5aabfc78 845
5e9e0efb 846 if (FD_ISSET(piperead, &rset))
5aabfc78 847 async_event(piperead, now);
7cebd20f 848
3d8df260
SK		 849#ifdef HAVE_DBUS
850 /* if we didn't create a DBus connection, retry now. */
28866e95 851 if (option_bool(OPT_DBUS) && !daemon->dbus)
3d8df260
SK		 852 {
853 char *err;
5aabfc78 854 if ((err = dbus_init()))
f2621c7f 855 my_syslog(LOG_WARNING, _("DBus error: %s"), err);
3d8df260 856 if (daemon->dbus)
f2621c7f 857 my_syslog(LOG_INFO, _("connected to system DBus"));
3d8df260 858 }
5aabfc78 859 check_dbus_listeners(&rset, &wset, &eset);
3d8df260 860#endif
824af85b 861
5aabfc78 862 check_dns_listeners(&rset, now);
832af0ba
SK		 863
864#ifdef HAVE_TFTP
5aabfc78 865 check_tftp_listeners(&rset, now);
832af0ba
SK		 866#endif
867
7622fc06 868#ifdef HAVE_DHCP
316e2730
SK		 869 if (daemon->dhcp)
870 {
871 if (FD_ISSET(daemon->dhcpfd, &rset))
872 dhcp_packet(now, 0);
873 if (daemon->pxefd != -1 && FD_ISSET(daemon->pxefd, &rset))
874 dhcp_packet(now, 1);
875 }
1697269c 876
52b92f4d 877#ifdef HAVE_DHCP6
1f776932 878 if (daemon->doing_dhcp6 && FD_ISSET(daemon->dhcp6fd, &rset))
18c63eff 879 dhcp6_packet(now);
c5ad4e79 880
1f776932
SK		 881 if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
882 icmp6_packet(now);
52b92f4d
SK		 883#endif
884
1f15b81d 885# ifdef HAVE_SCRIPT
1697269c 886 if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset))
5aabfc78 887 helper_write();
7622fc06 888# endif
5aabfc78
SK		 889#endif
890
9e4abcb5 891 }
9e4abcb5
SK		 892}
893
3be34541
SK		 894static void sig_handler(int sig)
895{
5e9e0efb 896 if (pid == 0)
3be34541 897 {
1697269c
SK		 898 /* ignore anything other than TERM during startup
899 and in helper proc. (helper ignore TERM too) */
5e9e0efb 900 if (sig == SIGTERM)
5aabfc78 901 exit(EC_MISC);
3be34541 902 }
5aabfc78 903 else if (pid != getpid())
5e9e0efb 904 {
1697269c 905 /* alarm is used to kill TCP children after a fixed time. */
5e9e0efb 906 if (sig == SIGALRM)
7cebd20f 907 _exit(0);
3be34541 908 }
5aabfc78
SK		 909 else
910 {
911 /* master process */
912 int event, errsave = errno;
913
914 if (sig == SIGHUP)
915 event = EVENT_RELOAD;
916 else if (sig == SIGCHLD)
917 event = EVENT_CHILD;
918 else if (sig == SIGALRM)
919 event = EVENT_ALARM;
920 else if (sig == SIGTERM)
921 event = EVENT_TERM;
922 else if (sig == SIGUSR1)
923 event = EVENT_DUMP;
924 else if (sig == SIGUSR2)
925 event = EVENT_REOPEN;
926 else
927 return;
928
c72daea8 929 send_event(pipewrite, event, 0, NULL);
5aabfc78
SK		 930 errno = errsave;
931 }
932}
933
353ae4d2
SK		 934/* now == 0 -> queue immediate callback */
935void send_alarm(time_t event, time_t now)
741c2952 936{
884a6dfe 937 if (now == 0 || event != 0)
353ae4d2 938 {
884a6dfe
SK		 939 /* alarm(0) or alarm(-ve) doesn't do what we want.... */
940 if ((now == 0 || difftime(event, now) <= 0.0))
941 send_event(pipewrite, EVENT_ALARM, 0, NULL);
942 else
943 alarm((unsigned)difftime(event, now));
353ae4d2 944 }
741c2952
SK		 945}
946
c72daea8 947void send_event(int fd, int event, int data, char *msg)
5aabfc78
SK		 948{
949 struct event_desc ev;
c72daea8
SK		 950 struct iovec iov[2];
951
5aabfc78
SK		 952 ev.event = event;
953 ev.data = data;
c72daea8
SK		 954 ev.msg_sz = msg ? strlen(msg) : 0;
955
956 iov[0].iov_base = &ev;
957 iov[0].iov_len = sizeof(ev);
958 iov[1].iov_base = msg;
959 iov[1].iov_len = ev.msg_sz;
1a6bca81
SK		 960
961 /* error pipe, debug mode. */
962 if (fd == -1)
c72daea8 963 fatal_event(&ev, msg);
1a6bca81
SK		 964 else
965 /* pipe is non-blocking and struct event_desc is smaller than
966 PIPE_BUF, so this either fails or writes everything */
c72daea8 967 while (writev(fd, iov, msg ? 2 : 1) == -1 && errno == EINTR);
5aabfc78
SK		 968}
969
c72daea8
SK		 970/* NOTE: the memory used to return msg is leaked: use msgs in events only
971 to describe fatal errors. */
972static int read_event(int fd, struct event_desc *evp, char **msg)
973{
974 char *buf;
975
976 if (!read_write(fd, (unsigned char *)evp, sizeof(struct event_desc), 1))
977 return 0;
978
979 *msg = NULL;
980
981 if (evp->msg_sz != 0 &&
982 (buf = malloc(evp->msg_sz + 1)) &&
983 read_write(fd, (unsigned char *)buf, evp->msg_sz, 1))
984 {
985 buf[evp->msg_sz] = 0;
986 *msg = buf;
987 }
988
989 return 1;
990}
991
992static void fatal_event(struct event_desc *ev, char *msg)
1a6bca81
SK		 993{
994 errno = ev->data;
995
996 switch (ev->event)
997 {
998 case EVENT_DIE:
999 exit(0);
7622fc06
SK		 1000
1001 case EVENT_FORK_ERR:
1002 die(_("cannot fork into background: %s"), NULL, EC_MISC);
1a6bca81
SK		 1003
1004 case EVENT_PIPE_ERR:
1005 die(_("failed to create helper: %s"), NULL, EC_MISC);
1006
1007 case EVENT_CAP_ERR:
1008 die(_("setting capabilities failed: %s"), NULL, EC_MISC);
1009
1010 case EVENT_USER_ERR:
c72daea8 1011 die(_("failed to change user-id to %s: %s"), msg, EC_MISC);
1a6bca81
SK		 1012
1013 case EVENT_GROUP_ERR:
c72daea8 1014 die(_("failed to change group-id to %s: %s"), msg, EC_MISC);
1a6bca81
SK		 1015
1016 case EVENT_PIDFILE:
c72daea8 1017 die(_("failed to open pidfile %s: %s"), msg, EC_FILE);
1a6bca81
SK		 1018
1019 case EVENT_LOG_ERR:
c72daea8
SK		 1020 die(_("cannot open log %s: %s"), msg, EC_FILE);
1021
1022 case EVENT_LUA_ERR:
1023 die(_("failed to load Lua script: %s"), msg, EC_MISC);
8b3ae2fd
SK		 1024
1025 case EVENT_TFTP_ERR:
1026 die(_("TFTP directory %s inaccessible: %s"), msg, EC_FILE);
1a6bca81
SK		 1027 }
1028}
1029
5aabfc78
SK		 1030static void async_event(int pipe, time_t now)
1031{
1032 pid_t p;
1033 struct event_desc ev;
1034 int i;
c72daea8
SK		 1035 char *msg;
1036
1037 /* NOTE: the memory used to return msg is leaked: use msgs in events only
1038 to describe fatal errors. */
1039
1040 if (read_event(pipe, &ev, &msg))
5aabfc78
SK		 1041 switch (ev.event)
1042 {
1043 case EVENT_RELOAD:
1044 clear_cache_and_reload(now);
28866e95 1045 if (daemon->port != 0 && daemon->resolv_files && option_bool(OPT_NO_POLL))
5aabfc78
SK		 1046 {
1047 reload_servers(daemon->resolv_files->name);
1048 check_servers();
1049 }
7622fc06 1050#ifdef HAVE_DHCP
5aabfc78 1051 rerun_scripts();
7622fc06 1052#endif
5aabfc78
SK		 1053 break;
1054
1055 case EVENT_DUMP:
824af85b
SK		 1056 if (daemon->port != 0)
1057 dump_cache(now);
5aabfc78
SK		 1058 break;
1059
1060 case EVENT_ALARM:
7622fc06 1061#ifdef HAVE_DHCP
1f776932 1062 if (daemon->dhcp || daemon->doing_dhcp6)
5aabfc78
SK		 1063 {
1064 lease_prune(NULL, now);
1065 lease_update_file(now);
1066 }
843c96b4 1067#ifdef HAVE_DHCP6
1f776932 1068 else if (daemon->doing_ra)
353ae4d2
SK		 1069 /* Not doing DHCP, so no lease system, manage alarms for ra only */
1070 send_alarm(periodic_ra(now), now);
843c96b4 1071#endif
7622fc06 1072#endif
5aabfc78
SK		 1073 break;
1074
1075 case EVENT_CHILD:
1076 /* See Stevens 5.10 */
1077 while ((p = waitpid(-1, NULL, WNOHANG)) != 0)
1078 if (p == -1)
1079 {
1080 if (errno != EINTR)
1081 break;
1082 }
1083 else
1084 for (i = 0 ; i < MAX_PROCS; i++)
1085 if (daemon->tcp_pids[i] == p)
1086 daemon->tcp_pids[i] = 0;
1087 break;
1088
1089 case EVENT_KILLED:
c72daea8 1090 my_syslog(LOG_WARNING, _("script process killed by signal %d"), ev.data);
5aabfc78
SK		 1091 break;
1092
1093 case EVENT_EXITED:
c72daea8 1094 my_syslog(LOG_WARNING, _("script process exited with status %d"), ev.data);
5aabfc78
SK		 1095 break;
1096
1097 case EVENT_EXEC_ERR:
9e038946
SK		 1098 my_syslog(LOG_ERR, _("failed to execute %s: %s"),
1099 daemon->lease_change_command, strerror(ev.data));
5aabfc78
SK		 1100 break;
1101
1a6bca81 1102 /* necessary for fatal errors in helper */
c72daea8 1103 case EVENT_USER_ERR:
1a6bca81 1104 case EVENT_DIE:
c72daea8
SK		 1105 case EVENT_LUA_ERR:
1106 fatal_event(&ev, msg);
9e038946
SK		 1107 break;
1108
5aabfc78
SK		 1109 case EVENT_REOPEN:
1110 /* Note: this may leave TCP-handling processes with the old file still open.
1111 Since any such process will die in CHILD_LIFETIME or probably much sooner,
1112 we leave them logging to the old file. */
1113 if (daemon->log_file != NULL)
1114 log_reopen(daemon->log_file);
1115 break;
1116
1117 case EVENT_TERM:
1118 /* Knock all our children on the head. */
1119 for (i = 0; i < MAX_PROCS; i++)
1120 if (daemon->tcp_pids[i] != 0)
1121 kill(daemon->tcp_pids[i], SIGALRM);
1122
c72daea8 1123#if defined(HAVE_SCRIPT)
5aabfc78
SK		 1124 /* handle pending lease transitions */
1125 if (daemon->helperfd != -1)
1126 {
1127 /* block in writes until all done */
1128 if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1)
1129 fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK);
1130 do {
1131 helper_write();
1132 } while (!helper_buf_empty() || do_script_run(now));
1133 close(daemon->helperfd);
1134 }
1135#endif
1136
1137 if (daemon->lease_stream)
1138 fclose(daemon->lease_stream);
73a08a24
SK		 1139
1140 if (daemon->runfile)
1141 unlink(daemon->runfile);
5aabfc78
SK		 1142
1143 my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM"));
1144 flush_log();
1145 exit(EC_GOOD);
1146 }
3be34541
SK		 1147}
1148
8ef5ada2 1149void poll_resolv(int force, int do_reload, time_t now)
5aabfc78
SK		 1150{
1151 struct resolvc *res, *latest;
1152 struct stat statbuf;
1153 time_t last_change = 0;
1154 /* There may be more than one possible file.
1155 Go through and find the one which changed _last_.
1156 Warn of any which can't be read. */
8ef5ada2 1157
28866e95 1158 if (daemon->port == 0 || option_bool(OPT_NO_POLL))
8ef5ada2
SK		 1159 return;
1160
5aabfc78
SK		 1161 for (latest = NULL, res = daemon->resolv_files; res; res = res->next)
1162 if (stat(res->name, &statbuf) == -1)
1163 {
8ef5ada2
SK		 1164 if (force)
1165 {
1166 res->mtime = 0;
1167 continue;
1168 }
1169
5aabfc78
SK		 1170 if (!res->logged)
1171 my_syslog(LOG_WARNING, _("failed to access %s: %s"), res->name, strerror(errno));
1172 res->logged = 1;
8ef5ada2
SK		 1173
1174 if (res->mtime != 0)
1175 {
1176 /* existing file evaporated, force selection of the latest
1177 file even if its mtime hasn't changed since we last looked */
1178 poll_resolv(1, do_reload, now);
1179 return;
1180 }
5aabfc78
SK		 1181 }
1182 else
1183 {
1184 res->logged = 0;
8ef5ada2
SK		 1185 if (force || (statbuf.st_mtime != res->mtime))
1186 {
1187 res->mtime = statbuf.st_mtime;
5aabfc78
SK		 1188 if (difftime(statbuf.st_mtime, last_change) > 0.0)
1189 {
1190 last_change = statbuf.st_mtime;
1191 latest = res;
1192 }
1193 }
1194 }
1195
1196 if (latest)
1197 {
1198 static int warned = 0;
1199 if (reload_servers(latest->name))
1200 {
1201 my_syslog(LOG_INFO, _("reading %s"), latest->name);
1202 warned = 0;
1203 check_servers();
28866e95 1204 if (option_bool(OPT_RELOAD) && do_reload)
8ef5ada2 1205 clear_cache_and_reload(now);
5aabfc78
SK		 1206 }
1207 else
1208 {
1209 latest->mtime = 0;
1210 if (!warned)
1211 {
1212 my_syslog(LOG_WARNING, _("no servers found in %s, will retry"), latest->name);
1213 warned = 1;
1214 }
1215 }
1216 }
1217}
3d8df260 1218
5aabfc78 1219void clear_cache_and_reload(time_t now)
3d8df260 1220{
824af85b 1221 if (daemon->port != 0)
7622fc06 1222 cache_reload();
824af85b 1223
7622fc06 1224#ifdef HAVE_DHCP
1f776932 1225 if (daemon->dhcp || daemon->doing_dhcp6)
3d8df260 1226 {
28866e95 1227 if (option_bool(OPT_ETHERS))
5aabfc78 1228 dhcp_read_ethers();
824af85b 1229 reread_dhcp();
3d8df260 1230 dhcp_update_configs(daemon->dhcp_conf);
5aabfc78
SK		 1231 lease_update_from_configs();
1232 lease_update_file(now);
353ae4d2 1233 lease_update_dns(1);
3d8df260 1234 }
843c96b4 1235#ifdef HAVE_DHCP6
1f776932 1236 else if (daemon->doing_ra)
2021c662
SK		 1237 /* Not doing DHCP, so no lease system, manage
1238 alarms for ra only */
1239 send_alarm(periodic_ra(now), now);
843c96b4 1240#endif
7622fc06 1241#endif
3d8df260
SK		 1242}
1243
5aabfc78 1244static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp)
3be34541
SK		 1245{
1246 struct serverfd *serverfdp;
1247 struct listener *listener;
824af85b 1248 int wait = 0, i;
832af0ba
SK		 1249
1250#ifdef HAVE_TFTP
1251 int tftp = 0;
1252 struct tftp_transfer *transfer;
1253 for (transfer = daemon->tftp_trans; transfer; transfer = transfer->next)
1254 {
1255 tftp++;
1256 FD_SET(transfer->sockfd, set);
1257 bump_maxfd(transfer->sockfd, maxfdp);
1258 }
1259#endif
1260
1697269c 1261 /* will we be able to get memory? */
824af85b
SK		 1262 if (daemon->port != 0)
1263 get_new_frec(now, &wait);
1697269c 1264
3be34541
SK		 1265 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1266 {
1267 FD_SET(serverfdp->fd, set);
1697269c 1268 bump_maxfd(serverfdp->fd, maxfdp);
3be34541 1269 }
1a6bca81
SK		 1270
1271 if (daemon->port != 0 && !daemon->osport)
1272 for (i = 0; i < RANDOM_SOCKS; i++)
1273 if (daemon->randomsocks[i].refcount != 0)
1274 {
1275 FD_SET(daemon->randomsocks[i].fd, set);
1276 bump_maxfd(daemon->randomsocks[i].fd, maxfdp);
1277 }
1278
3be34541
SK		 1279 for (listener = daemon->listeners; listener; listener = listener->next)
1280 {
1697269c 1281 /* only listen for queries if we have resources */
824af85b 1282 if (listener->fd != -1 && wait == 0)
1697269c
SK		 1283 {
1284 FD_SET(listener->fd, set);
1285 bump_maxfd(listener->fd, maxfdp);
1286 }
1287
1288 /* death of a child goes through the select loop, so
1289 we don't need to explicitly arrange to wake up here */
824af85b
SK		 1290 if (listener->tcpfd != -1)
1291 for (i = 0; i < MAX_PROCS; i++)
1292 if (daemon->tcp_pids[i] == 0)
1293 {
1294 FD_SET(listener->tcpfd, set);
1295 bump_maxfd(listener->tcpfd, maxfdp);
1296 break;
1297 }
9e4abcb5 1298
832af0ba
SK		 1299#ifdef HAVE_TFTP
1300 if (tftp <= daemon->tftp_max && listener->tftpfd != -1)
1301 {
1302 FD_SET(listener->tftpfd, set);
1303 bump_maxfd(listener->tftpfd, maxfdp);
1304 }
1305#endif
1306
1307 }
1308
1697269c 1309 return wait;
3be34541 1310}
9e4abcb5 1311
5aabfc78 1312static void check_dns_listeners(fd_set *set, time_t now)
3be34541
SK		 1313{
1314 struct serverfd *serverfdp;
1a6bca81
SK		 1315 struct listener *listener;
1316 int i;
1317
832af0ba
SK		 1318 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1319 if (FD_ISSET(serverfdp->fd, set))
1a6bca81
SK		 1320 reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now);
1321
1322 if (daemon->port != 0 && !daemon->osport)
1323 for (i = 0; i < RANDOM_SOCKS; i++)
1324 if (daemon->randomsocks[i].refcount != 0 &&
1325 FD_ISSET(daemon->randomsocks[i].fd, set))
1326 reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now);
832af0ba
SK		 1327
1328 for (listener = daemon->listeners; listener; listener = listener->next)
1329 {
824af85b 1330 if (listener->fd != -1 && FD_ISSET(listener->fd, set))
5aabfc78 1331 receive_query(listener, now);
1a6bca81 1332
832af0ba
SK		 1333#ifdef HAVE_TFTP
1334 if (listener->tftpfd != -1 && FD_ISSET(listener->tftpfd, set))
5aabfc78 1335 tftp_request(listener, now);
832af0ba 1336#endif
3be34541 1337
824af85b 1338 if (listener->tcpfd != -1 && FD_ISSET(listener->tcpfd, set))
832af0ba
SK		 1339 {
1340 int confd;
1341 struct irec *iface = NULL;
1342 pid_t p;
52d4abf2
SK		 1343 union mysockaddr tcp_addr;
1344 socklen_t tcp_len = sizeof(union mysockaddr);
1345
1346 while ((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR);
832af0ba 1347
52d4abf2
SK		 1348 if (confd == -1 ||
1349 getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) == -1)
832af0ba
SK		 1350 continue;
1351
54dd393f 1352 if (option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND))
52d4abf2 1353 iface = listener->iface; /* May be NULL */
832af0ba
SK		 1354 else
1355 {
832af0ba
SK		 1356 /* Check for allowed interfaces when binding the wildcard address:
1357 we do this by looking for an interface with the same address as
1358 the local address of the TCP connection, then looking to see if that's
1359 an allowed interface. As a side effect, we get the netmask of the
1360 interface too, for localisation. */
3be34541 1361
832af0ba 1362 /* interface may be new since startup */
52d4abf2 1363 if (enumerate_interfaces())
832af0ba
SK		 1364 for (iface = daemon->interfaces; iface; iface = iface->next)
1365 if (sockaddr_isequal(&iface->addr, &tcp_addr))
1366 break;
1367 }
1368
54dd393f 1369 if (!iface && !(option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND)))
832af0ba
SK		 1370 {
1371 shutdown(confd, SHUT_RDWR);
1372 close(confd);
1373 }
59353a6b 1374#ifndef NO_FORK
28866e95 1375 else if (!option_bool(OPT_DEBUG) && (p = fork()) != 0)
832af0ba
SK		 1376 {
1377 if (p != -1)
1378 {
1379 int i;
1380 for (i = 0; i < MAX_PROCS; i++)
1381 if (daemon->tcp_pids[i] == 0)
1382 {
1383 daemon->tcp_pids[i] = p;
1384 break;
1385 }
1386 }
1387 close(confd);
1388 }
1389#endif
1390 else
1391 {
1392 unsigned char *buff;
1393 struct server *s;
1394 int flags;
52d4abf2 1395 struct in_addr netmask;
4f7b304f 1396 int auth_dns;
52d4abf2
SK		 1397
1398 if (iface)
4f7b304f
SK		 1399 {
1400 netmask = iface->netmask;
1401 auth_dns = iface->dns_auth;
1402 }
52d4abf2 1403 else
4f7b304f
SK		 1404 {
1405 netmask.s_addr = 0;
1406 auth_dns = 0;
1407 }
52d4abf2 1408
8ef5ada2
SK		 1409#ifndef NO_FORK
1410 /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
1411 terminate the process. */
28866e95 1412 if (!option_bool(OPT_DEBUG))
832af0ba 1413 alarm(CHILD_LIFETIME);
8ef5ada2
SK		 1414#endif
1415
832af0ba
SK		 1416 /* start with no upstream connections. */
1417 for (s = daemon->servers; s; s = s->next)
7cebd20f 1418 s->tcpfd = -1;
832af0ba
SK		 1419
1420 /* The connected socket inherits non-blocking
1421 attribute from the listening socket.
1422 Reset that here. */
1423 if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
1424 fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);
1425
4f7b304f 1426 buff = tcp_request(confd, now, &tcp_addr, netmask, auth_dns);
7cebd20f 1427
832af0ba
SK		 1428 shutdown(confd, SHUT_RDWR);
1429 close(confd);
1430
1431 if (buff)
1432 free(buff);
1433
1434 for (s = daemon->servers; s; s = s->next)
1435 if (s->tcpfd != -1)
1436 {
1437 shutdown(s->tcpfd, SHUT_RDWR);
1438 close(s->tcpfd);
1439 }
7cebd20f 1440#ifndef NO_FORK
28866e95 1441 if (!option_bool(OPT_DEBUG))
5aabfc78
SK		 1442 {
1443 flush_log();
1444 _exit(0);
1445 }
59353a6b 1446#endif
832af0ba
SK		 1447 }
1448 }
1449 }
3be34541
SK		 1450}
1451
7622fc06 1452#ifdef HAVE_DHCP
5e9e0efb
SK		 1453int make_icmp_sock(void)
1454{
7cebd20f 1455 int fd;
5e9e0efb
SK		 1456 int zeroopt = 0;
1457
1458 if ((fd = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1)
1459 {
7cebd20f 1460 if (!fix_fd(fd) ||
5e9e0efb
SK		 1461 setsockopt(fd, SOL_SOCKET, SO_DONTROUTE, &zeroopt, sizeof(zeroopt)) == -1)
1462 {
1463 close(fd);
1464 fd = -1;
1465 }
1466 }
1467
1468 return fd;
1469}
1470
5aabfc78 1471int icmp_ping(struct in_addr addr)
3be34541 1472{
5e9e0efb 1473 /* Try and get an ICMP echo from a machine. */
3be34541
SK		 1474
1475 /* Note that whilst in the three second wait, we check for
832af0ba 1476 (and service) events on the DNS and TFTP sockets, (so doing that
3be34541
SK		 1477 better not use any resources our caller has in use...)
1478 but we remain deaf to signals or further DHCP packets. */
1479
5e9e0efb 1480 int fd;
3be34541
SK		 1481 struct sockaddr_in saddr;
1482 struct {
1483 struct ip ip;
1484 struct icmp icmp;
1485 } packet;
1486 unsigned short id = rand16();
1487 unsigned int i, j;
5e9e0efb 1488 int gotreply = 0;
3be34541 1489 time_t start, now;
5e9e0efb 1490
824af85b 1491#if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK)
5e9e0efb
SK		 1492 if ((fd = make_icmp_sock()) == -1)
1493 return 0;
1494#else
1495 int opt = 2000;
1496 fd = daemon->dhcp_icmp_fd;
1497 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1498#endif
1499
3be34541
SK		 1500 saddr.sin_family = AF_INET;
1501 saddr.sin_port = 0;
1502 saddr.sin_addr = addr;
1503#ifdef HAVE_SOCKADDR_SA_LEN
1504 saddr.sin_len = sizeof(struct sockaddr_in);
1505#endif
1506
1507 memset(&packet.icmp, 0, sizeof(packet.icmp));
1508 packet.icmp.icmp_type = ICMP_ECHO;
1509 packet.icmp.icmp_id = id;
1510 for (j = 0, i = 0; i < sizeof(struct icmp) / 2; i++)
1511 j += ((u16 *)&packet.icmp)[i];
1512 while (j>>16)
1513 j = (j & 0xffff) + (j >> 16);
1514 packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j;
1515
5e9e0efb 1516 while (sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0,
fd9fa481
SK		 1517 (struct sockaddr *)&saddr, sizeof(saddr)) == -1 &&
1518 retry_send());
1519
5e9e0efb
SK		 1520 for (now = start = dnsmasq_time();
1521 difftime(now, start) < (float)PING_WAIT;)
fd9fa481
SK		 1522 {
1523 struct timeval tv;
f2621c7f 1524 fd_set rset, wset;
fd9fa481 1525 struct sockaddr_in faddr;
1697269c 1526 int maxfd = fd;
3d8df260 1527 socklen_t len = sizeof(faddr);
fd9fa481
SK		 1528
1529 tv.tv_usec = 250000;
1530 tv.tv_sec = 0;
1531
1532 FD_ZERO(&rset);
f2621c7f 1533 FD_ZERO(&wset);
5e9e0efb 1534 FD_SET(fd, &rset);
5aabfc78 1535 set_dns_listeners(now, &rset, &maxfd);
f2621c7f 1536 set_log_writer(&wset, &maxfd);
c5ad4e79
SK		 1537
1538#ifdef HAVE_DHCP6
1f776932 1539 if (daemon->doing_ra)
c5ad4e79
SK		 1540 {
1541 FD_SET(daemon->icmp6fd, &rset);
1542 bump_maxfd(daemon->icmp6fd, &maxfd);
1543 }
1544#endif
1545
f2621c7f
SK		 1546 if (select(maxfd+1, &rset, &wset, NULL, &tv) < 0)
1547 {
1548 FD_ZERO(&rset);
1549 FD_ZERO(&wset);
1550 }
1551
5e9e0efb 1552 now = dnsmasq_time();
f2621c7f
SK		 1553
1554 check_log_writer(&wset);
5aabfc78 1555 check_dns_listeners(&rset, now);
832af0ba 1556
c5ad4e79 1557#ifdef HAVE_DHCP6
1f776932
SK		 1558 if (daemon->doing_ra && FD_ISSET(daemon->icmp6fd, &rset))
1559 icmp6_packet(now);
c5ad4e79
SK		 1560#endif
1561
832af0ba 1562#ifdef HAVE_TFTP
5aabfc78 1563 check_tftp_listeners(&rset, now);
832af0ba
SK		 1564#endif
1565
5e9e0efb
SK		 1566 if (FD_ISSET(fd, &rset) &&
1567 recvfrom(fd, &packet, sizeof(packet), 0,
fd9fa481
SK		 1568 (struct sockaddr *)&faddr, &len) == sizeof(packet) &&
1569 saddr.sin_addr.s_addr == faddr.sin_addr.s_addr &&
1570 packet.icmp.icmp_type == ICMP_ECHOREPLY &&
1571 packet.icmp.icmp_seq == 0 &&
1572 packet.icmp.icmp_id == id)
1573 {
1574 gotreply = 1;
1575 break;
1576 }
1577 }
1578
824af85b 1579#if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
5e9e0efb
SK		 1580 close(fd);
1581#else
3be34541 1582 opt = 1;
5e9e0efb
SK		 1583 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1584#endif
1585
3be34541
SK		 1586 return gotreply;
1587}
7622fc06 1588#endif
0a852541
SK		 1589
1590
Michael's tree of dnsmasq.