Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / dnsmasq / 5658bcb797978c3472335d93554405aba8236f66 / . / src / dnsmasq.c
blob: 5d05f28954d63cfa79db53c54092d29b0d4a4fe6 [file] [log] [blame]
San Mehatffd68722010-01-20 09:56:15 -0800[diff] [blame]1/* dnsmasq is Copyright (c) 2000-2009 Simon Kelley
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
15*/
16
17#include "dnsmasq.h"
18
19struct daemon *daemon;
20
21static char *compile_opts =
22#ifndef HAVE_IPV6
23"no-"
24#endif
25"IPv6 "
26#ifndef HAVE_GETOPT_LONG
27"no-"
28#endif
29"GNU-getopt "
30#ifdef HAVE_BROKEN_RTC
31"no-RTC "
32#endif
33#ifdef NO_FORK
34"no-MMU "
35#endif
36#ifndef HAVE_DBUS
37"no-"
38#endif
39"DBus "
40#ifndef LOCALEDIR
41"no-"
42#endif
43"I18N "
44#ifndef HAVE_DHCP
45"no-"
46#endif
47"DHCP "
48#if defined(HAVE_DHCP) && !defined(HAVE_SCRIPT)
49"no-scripts "
50#endif
51#ifndef HAVE_TFTP
52"no-"
53#endif
54"TFTP";
55
56
57
58static volatile pid_t pid = 0;
59static volatile int pipewrite;
60
61static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp);
62static void check_dns_listeners(fd_set *set, time_t now);
63static void sig_handler(int sig);
64static void async_event(int pipe, time_t now);
65static void fatal_event(struct event_desc *ev);
66static void poll_resolv(void);
67
68int main (int argc, char **argv)
69{
70 int bind_fallback = 0;
71 time_t now;
72 struct sigaction sigact;
73 struct iname *if_tmp;
74 int piperead, pipefd[2], err_pipe[2];
75 struct passwd *ent_pw = NULL;
76#if defined(HAVE_DHCP) && defined(HAVE_SCRIPT)
77 uid_t script_uid = 0;
78 gid_t script_gid = 0;
79#endif
80 struct group *gp = NULL;
81 long i, max_fd = sysconf(_SC_OPEN_MAX);
82 char *baduser = NULL;
83 int log_err;
84#if defined(HAVE_LINUX_NETWORK)
85 cap_user_header_t hdr = NULL;
86 cap_user_data_t data = NULL;
87#endif
88
89#ifdef LOCALEDIR
90 setlocale(LC_ALL, "");
91 bindtextdomain("dnsmasq", LOCALEDIR);
92 textdomain("dnsmasq");
93#endif
94
95 sigact.sa_handler = sig_handler;
96 sigact.sa_flags = 0;
97 sigemptyset(&sigact.sa_mask);
98 sigaction(SIGUSR1, &sigact, NULL);
99 sigaction(SIGUSR2, &sigact, NULL);
100 sigaction(SIGHUP, &sigact, NULL);
101 sigaction(SIGTERM, &sigact, NULL);
102 sigaction(SIGALRM, &sigact, NULL);
103 sigaction(SIGCHLD, &sigact, NULL);
104
105 /* ignore SIGPIPE */
106 sigact.sa_handler = SIG_IGN;
107 sigaction(SIGPIPE, &sigact, NULL);
108
109 umask(022); /* known umask, create leases and pid files as 0644 */
110
111 read_opts(argc, argv, compile_opts);
112
113 if (daemon->edns_pktsz < PACKETSZ)
114 daemon->edns_pktsz = PACKETSZ;
115 daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ?
116 daemon->edns_pktsz : DNSMASQ_PACKETSZ;
117 daemon->packet = safe_malloc(daemon->packet_buff_sz);
118
119#ifdef HAVE_DHCP
120 if (!daemon->lease_file)
121 {
122 if (daemon->dhcp)
123 daemon->lease_file = LEASEFILE;
124 }
125#endif
126
127 /* Close any file descriptors we inherited apart from std{in|out|err} */
128 for (i = 0; i < max_fd; i++)
129 if (i != STDOUT_FILENO && i != STDERR_FILENO && i != STDIN_FILENO)
130 close(i);
131
132#ifdef HAVE_LINUX_NETWORK
133 netlink_init();
134#elif !(defined(IP_RECVDSTADDR) && \
135 defined(IP_RECVIF) && \
136 defined(IP_SENDSRCADDR))
137 if (!(daemon->options & OPT_NOWILD))
138 {
139 bind_fallback = 1;
140 daemon->options |= OPT_NOWILD;
141 }
142#endif
143
144#ifndef HAVE_TFTP
145 if (daemon->options & OPT_TFTP)
146 die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL, EC_BADCONF);
147#endif
148
149#ifdef HAVE_SOLARIS_NETWORK
150 if (daemon->max_logs != 0)
151 die(_("asychronous logging is not available under Solaris"), NULL, EC_BADCONF);
152#endif
153
154 rand_init();
155
156 now = dnsmasq_time();
157
158#ifdef HAVE_DHCP
159 if (daemon->dhcp)
160 {
161 /* Note that order matters here, we must call lease_init before
162 creating any file descriptors which shouldn't be leaked
163 to the lease-script init process. */
164 lease_init(now);
165 dhcp_init();
166 }
167#endif
168
169 if (!enumerate_interfaces())
170 die(_("failed to find list of interfaces: %s"), NULL, EC_MISC);
171
172 if (daemon->options & OPT_NOWILD)
173 {
174 daemon->listeners = create_bound_listeners();
175
176 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
177 if (if_tmp->name && !if_tmp->used)
178 die(_("unknown interface %s"), if_tmp->name, EC_BADNET);
179
180 for (if_tmp = daemon->if_addrs; if_tmp; if_tmp = if_tmp->next)
181 if (!if_tmp->used)
182 {
183 prettyprint_addr(&if_tmp->addr, daemon->namebuff);
184 die(_("no interface with address %s"), daemon->namebuff, EC_BADNET);
185 }
186 }
187 else if ((daemon->port != 0 || (daemon->options & OPT_TFTP)) &&
188 !(daemon->listeners = create_wildcard_listeners()))
189 die(_("failed to create listening socket: %s"), NULL, EC_BADNET);
190
191 if (daemon->port != 0)
192 cache_init();
193
194 if (daemon->options & OPT_DBUS)
195#ifdef HAVE_DBUS
196 {
197 char *err;
198 daemon->dbus = NULL;
199 daemon->watches = NULL;
200 if ((err = dbus_init()))
201 die(_("DBus error: %s"), err, EC_MISC);
202 }
203#else
204 die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL, EC_BADCONF);
205#endif
206
207 if (daemon->port != 0)
208 pre_allocate_sfds();
209
210#if defined(HAVE_DHCP) && defined(HAVE_SCRIPT)
211 /* Note getpwnam returns static storage */
212 if (daemon->dhcp && daemon->lease_change_command && daemon->scriptuser)
213 {
214 if ((ent_pw = getpwnam(daemon->scriptuser)))
215 {
216 script_uid = ent_pw->pw_uid;
217 script_gid = ent_pw->pw_gid;
218 }
219 else
220 baduser = daemon->scriptuser;
221 }
222#endif
223
224 if (daemon->username && !(ent_pw = getpwnam(daemon->username)))
225 baduser = daemon->username;
226 else if (daemon->groupname && !(gp = getgrnam(daemon->groupname)))
227 baduser = daemon->groupname;
228
229 if (baduser)
230 die(_("unknown user or group: %s"), baduser, EC_BADCONF);
231
232 /* implement group defaults, "dip" if available, or group associated with uid */
233 if (!daemon->group_set && !gp)
234 {
235 if (!(gp = getgrnam(CHGRP)) && ent_pw)
236 gp = getgrgid(ent_pw->pw_gid);
237
238 /* for error message */
239 if (gp)
240 daemon->groupname = gp->gr_name;
241 }
242
243#if defined(HAVE_LINUX_NETWORK)
244 /* determine capability API version here, while we can still
245 call safe_malloc */
246 if (ent_pw && ent_pw->pw_uid != 0)
247 {
248 int capsize = 1; /* for header version 1 */
249 hdr = safe_malloc(sizeof(*hdr));
250
251 /* find version supported by kernel */
252 memset(hdr, 0, sizeof(*hdr));
253 capget(hdr, NULL);
254
255 if (hdr->version != LINUX_CAPABILITY_VERSION_1)
256 {
257 /* if unknown version, use largest supported version (3) */
258 if (hdr->version != LINUX_CAPABILITY_VERSION_2)
259 hdr->version = LINUX_CAPABILITY_VERSION_3;
260 capsize = 2;
261 }
262
263 data = safe_malloc(sizeof(*data) * capsize);
264 memset(data, 0, sizeof(*data) * capsize);
265 }
266#endif
267
268 /* Use a pipe to carry signals and other events back to the event loop
269 in a race-free manner and another to carry errors to daemon-invoking process */
270 safe_pipe(pipefd, 1);
271
272 piperead = pipefd[0];
273 pipewrite = pipefd[1];
274 /* prime the pipe to load stuff first time. */
275 send_event(pipewrite, EVENT_RELOAD, 0);
276
277 err_pipe[1] = -1;
278
279 if (!(daemon->options & OPT_DEBUG))
280 {
281 int nullfd;
282
283 /* The following code "daemonizes" the process.
284 See Stevens section 12.4 */
285
286 if (chdir("/") != 0)
287 die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC);
288
289#ifndef NO_FORK
290 if (!(daemon->options & OPT_NO_FORK))
291 {
292 pid_t pid;
293
294 /* pipe to carry errors back to original process.
295 When startup is complete we close this and the process terminates. */
296 safe_pipe(err_pipe, 0);
297
298 if ((pid = fork()) == -1)
299 /* fd == -1 since we've not forked, never returns. */
300 send_event(-1, EVENT_FORK_ERR, errno);
301
302 if (pid != 0)
303 {
304 struct event_desc ev;
305
306 /* close our copy of write-end */
307 close(err_pipe[1]);
308
309 /* check for errors after the fork */
310 if (read_write(err_pipe[0], (unsigned char *)&ev, sizeof(ev), 1))
311 fatal_event(&ev);
312
313 _exit(EC_GOOD);
314 }
315
316 close(err_pipe[0]);
317
318 /* NO calls to die() from here on. */
319
320 setsid();
321
322 if ((pid = fork()) == -1)
323 send_event(err_pipe[1], EVENT_FORK_ERR, errno);
324
325 if (pid != 0)
326 _exit(0);
327 }
328#endif
329
330 /* write pidfile _after_ forking ! */
331 if (daemon->runfile)
332 {
333 FILE *pidfile;
334
335 /* only complain if started as root */
336 if ((pidfile = fopen(daemon->runfile, "w")))
337 {
338 fprintf(pidfile, "%d\n", (int) getpid());
339 fclose(pidfile);
340 }
341 else if (getuid() == 0)
342 {
343 send_event(err_pipe[1], EVENT_PIDFILE, errno);
344 _exit(0);
345 }
346 }
347
348 /* open stdout etc to /dev/null */
349 nullfd = open("/dev/null", O_RDWR);
350 dup2(nullfd, STDOUT_FILENO);
351 dup2(nullfd, STDERR_FILENO);
352 dup2(nullfd, STDIN_FILENO);
353 close(nullfd);
354 }
355
356 log_err = log_start(ent_pw, err_pipe[1]);
357
358 /* if we are to run scripts, we need to fork a helper before dropping root. */
359 daemon->helperfd = -1;
360#if defined(HAVE_DHCP) && defined(HAVE_SCRIPT)
361 if (daemon->dhcp && daemon->lease_change_command)
362 daemon->helperfd = create_helper(pipewrite, err_pipe[1], script_uid, script_gid, max_fd);
363#endif
364
365 if (!(daemon->options & OPT_DEBUG) && getuid() == 0)
366 {
367 int bad_capabilities = 0;
368 gid_t dummy;
369
370 /* remove all supplimentary groups */
371 if (gp &&
372 (setgroups(0, &dummy) == -1 ||
373 setgid(gp->gr_gid) == -1))
374 {
375 send_event(err_pipe[1], EVENT_GROUP_ERR, errno);
376 _exit(0);
377 }
378
379 if (ent_pw && ent_pw->pw_uid != 0)
380 {
381#if defined(HAVE_LINUX_NETWORK)
382 /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
383 CAP_NET_RAW (for icmp) if we're doing dhcp */
384 data->effective = data->permitted = data->inheritable =
385 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID);
386
387 /* Tell kernel to not clear capabilities when dropping root */
San Mehat5658bcb2010-01-20 10:16:30 -0800[diff] [blame^]388 if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1)
San Mehatffd68722010-01-20 09:56:15 -0800[diff] [blame]389 bad_capabilities = errno;
390
391#elif defined(HAVE_SOLARIS_NETWORK)
392 /* http://developers.sun.com/solaris/articles/program_privileges.html */
393 priv_set_t *priv_set;
394
395 if (!(priv_set = priv_str_to_set("basic", ",", NULL)) ||
396 priv_addset(priv_set, PRIV_NET_ICMPACCESS) == -1 ||
397 priv_addset(priv_set, PRIV_SYS_NET_CONFIG) == -1)
398 bad_capabilities = errno;
399
400 if (priv_set && bad_capabilities == 0)
401 {
402 priv_inverse(priv_set);
403
404 if (setppriv(PRIV_OFF, PRIV_LIMIT, priv_set) == -1)
405 bad_capabilities = errno;
406 }
407
408 if (priv_set)
409 priv_freeset(priv_set);
410
411#endif
412
413 if (bad_capabilities != 0)
414 {
415 send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities);
416 _exit(0);
417 }
418
419 /* finally drop root */
420 if (setuid(ent_pw->pw_uid) == -1)
421 {
422 send_event(err_pipe[1], EVENT_USER_ERR, errno);
423 _exit(0);
424 }
425
426#ifdef HAVE_LINUX_NETWORK
427 data->effective = data->permitted =
428 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW);
429 data->inheritable = 0;
430
431 /* lose the setuid and setgid capbilities */
432 if (capset(hdr, data) == -1)
433 {
434 send_event(err_pipe[1], EVENT_CAP_ERR, errno);
435 _exit(0);
436 }
437#endif
438
439 }
440 }
441
442#ifdef HAVE_LINUX_NETWORK
443 if (daemon->options & OPT_DEBUG)
San Mehat5658bcb2010-01-20 10:16:30 -0800[diff] [blame^]444 prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
San Mehatffd68722010-01-20 09:56:15 -0800[diff] [blame]445#endif
446
447 if (daemon->port == 0)
448 my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION);
449 else if (daemon->cachesize != 0)
450 my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize);
451 else
452 my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION);
453
454 my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts);
455
456#ifdef HAVE_DBUS
457 if (daemon->options & OPT_DBUS)
458 {
459 if (daemon->dbus)
460 my_syslog(LOG_INFO, _("DBus support enabled: connected to system bus"));
461 else
462 my_syslog(LOG_INFO, _("DBus support enabled: bus connection pending"));
463 }
464#endif
465
466 if (log_err != 0)
467 my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"),
468 daemon->log_file, strerror(log_err));
469
470 if (bind_fallback)
471 my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations"));
472
473 if (!(daemon->options & OPT_NOWILD))
474 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
475 if (if_tmp->name && !if_tmp->used)
476 my_syslog(LOG_WARNING, _("warning: interface %s does not currently exist"), if_tmp->name);
477
478 if (daemon->port != 0 && (daemon->options & OPT_NO_RESOLV))
479 {
480 if (daemon->resolv_files && !daemon->resolv_files->is_default)
481 my_syslog(LOG_WARNING, _("warning: ignoring resolv-file flag because no-resolv is set"));
482 daemon->resolv_files = NULL;
483 if (!daemon->servers)
484 my_syslog(LOG_WARNING, _("warning: no upstream servers configured"));
485 }
486
487 if (daemon->max_logs != 0)
488 my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"), daemon->max_logs);
489
490#ifdef HAVE_DHCP
491 if (daemon->dhcp)
492 {
493 struct dhcp_context *dhcp_tmp;
494
495 for (dhcp_tmp = daemon->dhcp; dhcp_tmp; dhcp_tmp = dhcp_tmp->next)
496 {
497 prettyprint_time(daemon->dhcp_buff2, dhcp_tmp->lease_time);
498 strcpy(daemon->dhcp_buff, inet_ntoa(dhcp_tmp->start));
499 my_syslog(MS_DHCP | LOG_INFO,
500 (dhcp_tmp->flags & CONTEXT_STATIC) ?
501 _("DHCP, static leases only on %.0s%s, lease time %s") :
502 (dhcp_tmp->flags & CONTEXT_PROXY) ?
503 _("DHCP, proxy on subnet %.0s%s%.0s") :
504 _("DHCP, IP range %s -- %s, lease time %s"),
505 daemon->dhcp_buff, inet_ntoa(dhcp_tmp->end), daemon->dhcp_buff2);
506 }
507 }
508#endif
509
510#ifdef HAVE_TFTP
511 if (daemon->options & OPT_TFTP)
512 {
513#ifdef FD_SETSIZE
514 if (FD_SETSIZE < (unsigned)max_fd)
515 max_fd = FD_SETSIZE;
516#endif
517
518 my_syslog(MS_TFTP | LOG_INFO, "TFTP %s%s %s",
519 daemon->tftp_prefix ? _("root is ") : _("enabled"),
520 daemon->tftp_prefix ? daemon->tftp_prefix: "",
521 daemon->options & OPT_TFTP_SECURE ? _("secure mode") : "");
522
523 /* This is a guess, it assumes that for small limits,
524 disjoint files might be served, but for large limits,
525 a single file will be sent to may clients (the file only needs
526 one fd). */
527
528 max_fd -= 30; /* use other than TFTP */
529
530 if (max_fd < 0)
531 max_fd = 5;
532 else if (max_fd < 100)
533 max_fd = max_fd/2;
534 else
535 max_fd = max_fd - 20;
536
537 /* if we have to use a limited range of ports,
538 that will limit the number of transfers */
539 if (daemon->start_tftp_port != 0 &&
540 daemon->end_tftp_port - daemon->start_tftp_port + 1 < max_fd)
541 max_fd = daemon->end_tftp_port - daemon->start_tftp_port + 1;
542
543 if (daemon->tftp_max > max_fd)
544 {
545 daemon->tftp_max = max_fd;
546 my_syslog(MS_TFTP | LOG_WARNING,
547 _("restricting maximum simultaneous TFTP transfers to %d"),
548 daemon->tftp_max);
549 }
550 }
551#endif
552
553 /* finished start-up - release original process */
554 if (err_pipe[1] != -1)
555 close(err_pipe[1]);
556
557 if (daemon->port != 0)
558 check_servers();
559
560 pid = getpid();
561
562 while (1)
563 {
564 int maxfd = -1;
565 struct timeval t, *tp = NULL;
566 fd_set rset, wset, eset;
567
568 FD_ZERO(&rset);
569 FD_ZERO(&wset);
570 FD_ZERO(&eset);
571
572 /* if we are out of resources, find how long we have to wait
573 for some to come free, we'll loop around then and restart
574 listening for queries */
575 if ((t.tv_sec = set_dns_listeners(now, &rset, &maxfd)) != 0)
576 {
577 t.tv_usec = 0;
578 tp = &t;
579 }
580
581 /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */
582 if (daemon->tftp_trans ||
583 ((daemon->options & OPT_DBUS) && !daemon->dbus))
584 {
585 t.tv_sec = 0;
586 t.tv_usec = 250000;
587 tp = &t;
588 }
589
590#ifdef HAVE_DBUS
591 set_dbus_listeners(&maxfd, &rset, &wset, &eset);
592#endif
593
594#ifdef HAVE_DHCP
595 if (daemon->dhcp)
596 {
597 FD_SET(daemon->dhcpfd, &rset);
598 bump_maxfd(daemon->dhcpfd, &maxfd);
599 }
600#endif
601
602#ifdef HAVE_LINUX_NETWORK
603 FD_SET(daemon->netlinkfd, &rset);
604 bump_maxfd(daemon->netlinkfd, &maxfd);
605#endif
606
607 FD_SET(piperead, &rset);
608 bump_maxfd(piperead, &maxfd);
609
610#ifdef HAVE_DHCP
611# ifdef HAVE_SCRIPT
612 while (helper_buf_empty() && do_script_run(now));
613
614 if (!helper_buf_empty())
615 {
616 FD_SET(daemon->helperfd, &wset);
617 bump_maxfd(daemon->helperfd, &maxfd);
618 }
619# else
620 /* need this for other side-effects */
621 while (do_script_run(now));
622# endif
623#endif
624
625 /* must do this just before select(), when we know no
626 more calls to my_syslog() can occur */
627 set_log_writer(&wset, &maxfd);
628
629 if (select(maxfd+1, &rset, &wset, &eset, tp) < 0)
630 {
631 /* otherwise undefined after error */
632 FD_ZERO(&rset); FD_ZERO(&wset); FD_ZERO(&eset);
633 }
634
635 now = dnsmasq_time();
636
637 check_log_writer(&wset);
638
639 /* Check for changes to resolv files once per second max. */
640 /* Don't go silent for long periods if the clock goes backwards. */
641 if (daemon->last_resolv == 0 ||
642 difftime(now, daemon->last_resolv) > 1.0 ||
643 difftime(now, daemon->last_resolv) < -1.0)
644 {
645 daemon->last_resolv = now;
646
647 if (daemon->port != 0 && !(daemon->options & OPT_NO_POLL))
648 poll_resolv();
649 }
650
651 if (FD_ISSET(piperead, &rset))
652 async_event(piperead, now);
653
654#ifdef HAVE_LINUX_NETWORK
655 if (FD_ISSET(daemon->netlinkfd, &rset))
656 netlink_multicast();
657#endif
658
659#ifdef HAVE_DBUS
660 /* if we didn't create a DBus connection, retry now. */
661 if ((daemon->options & OPT_DBUS) && !daemon->dbus)
662 {
663 char *err;
664 if ((err = dbus_init()))
665 my_syslog(LOG_WARNING, _("DBus error: %s"), err);
666 if (daemon->dbus)
667 my_syslog(LOG_INFO, _("connected to system DBus"));
668 }
669 check_dbus_listeners(&rset, &wset, &eset);
670#endif
671
672 check_dns_listeners(&rset, now);
673
674#ifdef HAVE_TFTP
675 check_tftp_listeners(&rset, now);
676#endif
677
678#ifdef HAVE_DHCP
679 if (daemon->dhcp && FD_ISSET(daemon->dhcpfd, &rset))
680 dhcp_packet(now);
681
682# ifdef HAVE_SCRIPT
683 if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset))
684 helper_write();
685# endif
686#endif
687
688 }
689}
690
691static void sig_handler(int sig)
692{
693 if (pid == 0)
694 {
695 /* ignore anything other than TERM during startup
696 and in helper proc. (helper ignore TERM too) */
697 if (sig == SIGTERM)
698 exit(EC_MISC);
699 }
700 else if (pid != getpid())
701 {
702 /* alarm is used to kill TCP children after a fixed time. */
703 if (sig == SIGALRM)
704 _exit(0);
705 }
706 else
707 {
708 /* master process */
709 int event, errsave = errno;
710
711 if (sig == SIGHUP)
712 event = EVENT_RELOAD;
713 else if (sig == SIGCHLD)
714 event = EVENT_CHILD;
715 else if (sig == SIGALRM)
716 event = EVENT_ALARM;
717 else if (sig == SIGTERM)
718 event = EVENT_TERM;
719 else if (sig == SIGUSR1)
720 event = EVENT_DUMP;
721 else if (sig == SIGUSR2)
722 event = EVENT_REOPEN;
723 else
724 return;
725
726 send_event(pipewrite, event, 0);
727 errno = errsave;
728 }
729}
730
731void send_event(int fd, int event, int data)
732{
733 struct event_desc ev;
734
735 ev.event = event;
736 ev.data = data;
737
738 /* error pipe, debug mode. */
739 if (fd == -1)
740 fatal_event(&ev);
741 else
742 /* pipe is non-blocking and struct event_desc is smaller than
743 PIPE_BUF, so this either fails or writes everything */
744 while (write(fd, &ev, sizeof(ev)) == -1 && errno == EINTR);
745}
746
747static void fatal_event(struct event_desc *ev)
748{
749 errno = ev->data;
750
751 switch (ev->event)
752 {
753 case EVENT_DIE:
754 exit(0);
755
756 case EVENT_FORK_ERR:
757 die(_("cannot fork into background: %s"), NULL, EC_MISC);
758
759 case EVENT_PIPE_ERR:
760 die(_("failed to create helper: %s"), NULL, EC_MISC);
761
762 case EVENT_CAP_ERR:
763 die(_("setting capabilities failed: %s"), NULL, EC_MISC);
764
765 case EVENT_USER_ERR:
766 case EVENT_HUSER_ERR:
767 die(_("failed to change user-id to %s: %s"),
768 ev->event == EVENT_USER_ERR ? daemon->username : daemon->scriptuser,
769 EC_MISC);
770
771 case EVENT_GROUP_ERR:
772 die(_("failed to change group-id to %s: %s"), daemon->groupname, EC_MISC);
773
774 case EVENT_PIDFILE:
775 die(_("failed to open pidfile %s: %s"), daemon->runfile, EC_FILE);
776
777 case EVENT_LOG_ERR:
778 die(_("cannot open %s: %s"), daemon->log_file ? daemon->log_file : "log", EC_FILE);
779 }
780}
781
782static void async_event(int pipe, time_t now)
783{
784 pid_t p;
785 struct event_desc ev;
786 int i;
787
788 if (read_write(pipe, (unsigned char *)&ev, sizeof(ev), 1))
789 switch (ev.event)
790 {
791 case EVENT_RELOAD:
792 clear_cache_and_reload(now);
793 if (daemon->port != 0 && daemon->resolv_files && (daemon->options & OPT_NO_POLL))
794 {
795 reload_servers(daemon->resolv_files->name);
796 check_servers();
797 }
798#ifdef HAVE_DHCP
799 rerun_scripts();
800#endif
801 break;
802
803 case EVENT_DUMP:
804 if (daemon->port != 0)
805 dump_cache(now);
806 break;
807
808 case EVENT_ALARM:
809#ifdef HAVE_DHCP
810 if (daemon->dhcp)
811 {
812 lease_prune(NULL, now);
813 lease_update_file(now);
814 }
815#endif
816 break;
817
818 case EVENT_CHILD:
819 /* See Stevens 5.10 */
820 while ((p = waitpid(-1, NULL, WNOHANG)) != 0)
821 if (p == -1)
822 {
823 if (errno != EINTR)
824 break;
825 }
826 else
827 for (i = 0 ; i < MAX_PROCS; i++)
828 if (daemon->tcp_pids[i] == p)
829 daemon->tcp_pids[i] = 0;
830 break;
831
832 case EVENT_KILLED:
833 my_syslog(LOG_WARNING, _("child process killed by signal %d"), ev.data);
834 break;
835
836 case EVENT_EXITED:
837 my_syslog(LOG_WARNING, _("child process exited with status %d"), ev.data);
838 break;
839
840 case EVENT_EXEC_ERR:
841 my_syslog(LOG_ERR, _("failed to execute %s: %s"),
842 daemon->lease_change_command, strerror(ev.data));
843 break;
844
845 /* necessary for fatal errors in helper */
846 case EVENT_HUSER_ERR:
847 case EVENT_DIE:
848 fatal_event(&ev);
849 break;
850
851 case EVENT_REOPEN:
852 /* Note: this may leave TCP-handling processes with the old file still open.
853 Since any such process will die in CHILD_LIFETIME or probably much sooner,
854 we leave them logging to the old file. */
855 if (daemon->log_file != NULL)
856 log_reopen(daemon->log_file);
857 break;
858
859 case EVENT_TERM:
860 /* Knock all our children on the head. */
861 for (i = 0; i < MAX_PROCS; i++)
862 if (daemon->tcp_pids[i] != 0)
863 kill(daemon->tcp_pids[i], SIGALRM);
864
865#if defined(HAVE_DHCP) && defined(HAVE_SCRIPT)
866 /* handle pending lease transitions */
867 if (daemon->helperfd != -1)
868 {
869 /* block in writes until all done */
870 if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1)
871 fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK);
872 do {
873 helper_write();
874 } while (!helper_buf_empty() || do_script_run(now));
875 close(daemon->helperfd);
876 }
877#endif
878
879 if (daemon->lease_stream)
880 fclose(daemon->lease_stream);
881
882 if (daemon->runfile)
883 unlink(daemon->runfile);
884
885 my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM"));
886 flush_log();
887 exit(EC_GOOD);
888 }
889}
890
891static void poll_resolv()
892{
893 struct resolvc *res, *latest;
894 struct stat statbuf;
895 time_t last_change = 0;
896 /* There may be more than one possible file.
897 Go through and find the one which changed _last_.
898 Warn of any which can't be read. */
899 for (latest = NULL, res = daemon->resolv_files; res; res = res->next)
900 if (stat(res->name, &statbuf) == -1)
901 {
902 if (!res->logged)
903 my_syslog(LOG_WARNING, _("failed to access %s: %s"), res->name, strerror(errno));
904 res->logged = 1;
905 }
906 else
907 {
908 res->logged = 0;
909 if (statbuf.st_mtime != res->mtime)
910 {
911 res->mtime = statbuf.st_mtime;
912 if (difftime(statbuf.st_mtime, last_change) > 0.0)
913 {
914 last_change = statbuf.st_mtime;
915 latest = res;
916 }
917 }
918 }
919
920 if (latest)
921 {
922 static int warned = 0;
923 if (reload_servers(latest->name))
924 {
925 my_syslog(LOG_INFO, _("reading %s"), latest->name);
926 warned = 0;
927 check_servers();
928 if (daemon->options & OPT_RELOAD)
929 cache_reload();
930 }
931 else
932 {
933 latest->mtime = 0;
934 if (!warned)
935 {
936 my_syslog(LOG_WARNING, _("no servers found in %s, will retry"), latest->name);
937 warned = 1;
938 }
939 }
940 }
941}
942
943void clear_cache_and_reload(time_t now)
944{
945 if (daemon->port != 0)
946 cache_reload();
947
948#ifdef HAVE_DHCP
949 if (daemon->dhcp)
950 {
951 if (daemon->options & OPT_ETHERS)
952 dhcp_read_ethers();
953 reread_dhcp();
954 dhcp_update_configs(daemon->dhcp_conf);
955 check_dhcp_hosts(0);
956 lease_update_from_configs();
957 lease_update_file(now);
958 lease_update_dns();
959 }
960#endif
961}
962
963static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp)
964{
965 struct serverfd *serverfdp;
966 struct listener *listener;
967 int wait = 0, i;
968
969#ifdef HAVE_TFTP
970 int tftp = 0;
971 struct tftp_transfer *transfer;
972 for (transfer = daemon->tftp_trans; transfer; transfer = transfer->next)
973 {
974 tftp++;
975 FD_SET(transfer->sockfd, set);
976 bump_maxfd(transfer->sockfd, maxfdp);
977 }
978#endif
979
980 /* will we be able to get memory? */
981 if (daemon->port != 0)
982 get_new_frec(now, &wait);
983
984 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
985 {
986 FD_SET(serverfdp->fd, set);
987 bump_maxfd(serverfdp->fd, maxfdp);
988 }
989
990 if (daemon->port != 0 && !daemon->osport)
991 for (i = 0; i < RANDOM_SOCKS; i++)
992 if (daemon->randomsocks[i].refcount != 0)
993 {
994 FD_SET(daemon->randomsocks[i].fd, set);
995 bump_maxfd(daemon->randomsocks[i].fd, maxfdp);
996 }
997
998 for (listener = daemon->listeners; listener; listener = listener->next)
999 {
1000 /* only listen for queries if we have resources */
1001 if (listener->fd != -1 && wait == 0)
1002 {
1003 FD_SET(listener->fd, set);
1004 bump_maxfd(listener->fd, maxfdp);
1005 }
1006
1007 /* death of a child goes through the select loop, so
1008 we don't need to explicitly arrange to wake up here */
1009 if (listener->tcpfd != -1)
1010 for (i = 0; i < MAX_PROCS; i++)
1011 if (daemon->tcp_pids[i] == 0)
1012 {
1013 FD_SET(listener->tcpfd, set);
1014 bump_maxfd(listener->tcpfd, maxfdp);
1015 break;
1016 }
1017
1018#ifdef HAVE_TFTP
1019 if (tftp <= daemon->tftp_max && listener->tftpfd != -1)
1020 {
1021 FD_SET(listener->tftpfd, set);
1022 bump_maxfd(listener->tftpfd, maxfdp);
1023 }
1024#endif
1025
1026 }
1027
1028 return wait;
1029}
1030
1031static void check_dns_listeners(fd_set *set, time_t now)
1032{
1033 struct serverfd *serverfdp;
1034 struct listener *listener;
1035 int i;
1036
1037 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1038 if (FD_ISSET(serverfdp->fd, set))
1039 reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now);
1040
1041 if (daemon->port != 0 && !daemon->osport)
1042 for (i = 0; i < RANDOM_SOCKS; i++)
1043 if (daemon->randomsocks[i].refcount != 0 &&
1044 FD_ISSET(daemon->randomsocks[i].fd, set))
1045 reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now);
1046
1047 for (listener = daemon->listeners; listener; listener = listener->next)
1048 {
1049 if (listener->fd != -1 && FD_ISSET(listener->fd, set))
1050 receive_query(listener, now);
1051
1052#ifdef HAVE_TFTP
1053 if (listener->tftpfd != -1 && FD_ISSET(listener->tftpfd, set))
1054 tftp_request(listener, now);
1055#endif
1056
1057 if (listener->tcpfd != -1 && FD_ISSET(listener->tcpfd, set))
1058 {
1059 int confd;
1060 struct irec *iface = NULL;
1061 pid_t p;
1062
1063 while((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR);
1064
1065 if (confd == -1)
1066 continue;
1067
1068 if (daemon->options & OPT_NOWILD)
1069 iface = listener->iface;
1070 else
1071 {
1072 union mysockaddr tcp_addr;
1073 socklen_t tcp_len = sizeof(union mysockaddr);
1074 /* Check for allowed interfaces when binding the wildcard address:
1075 we do this by looking for an interface with the same address as
1076 the local address of the TCP connection, then looking to see if that's
1077 an allowed interface. As a side effect, we get the netmask of the
1078 interface too, for localisation. */
1079
1080 /* interface may be new since startup */
1081 if (enumerate_interfaces() &&
1082 getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) != -1)
1083 for (iface = daemon->interfaces; iface; iface = iface->next)
1084 if (sockaddr_isequal(&iface->addr, &tcp_addr))
1085 break;
1086 }
1087
1088 if (!iface)
1089 {
1090 shutdown(confd, SHUT_RDWR);
1091 close(confd);
1092 }
1093#ifndef NO_FORK
1094 else if (!(daemon->options & OPT_DEBUG) && (p = fork()) != 0)
1095 {
1096 if (p != -1)
1097 {
1098 int i;
1099 for (i = 0; i < MAX_PROCS; i++)
1100 if (daemon->tcp_pids[i] == 0)
1101 {
1102 daemon->tcp_pids[i] = p;
1103 break;
1104 }
1105 }
1106 close(confd);
1107 }
1108#endif
1109 else
1110 {
1111 unsigned char *buff;
1112 struct server *s;
1113 int flags;
1114 struct in_addr dst_addr_4;
1115
1116 dst_addr_4.s_addr = 0;
1117
1118 /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
1119 terminate the process. */
1120 if (!(daemon->options & OPT_DEBUG))
1121 alarm(CHILD_LIFETIME);
1122
1123 /* start with no upstream connections. */
1124 for (s = daemon->servers; s; s = s->next)
1125 s->tcpfd = -1;
1126
1127 /* The connected socket inherits non-blocking
1128 attribute from the listening socket.
1129 Reset that here. */
1130 if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
1131 fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);
1132
1133 if (listener->family == AF_INET)
1134 dst_addr_4 = iface->addr.in.sin_addr;
1135
1136 buff = tcp_request(confd, now, dst_addr_4, iface->netmask);
1137
1138 shutdown(confd, SHUT_RDWR);
1139 close(confd);
1140
1141 if (buff)
1142 free(buff);
1143
1144 for (s = daemon->servers; s; s = s->next)
1145 if (s->tcpfd != -1)
1146 {
1147 shutdown(s->tcpfd, SHUT_RDWR);
1148 close(s->tcpfd);
1149 }
1150#ifndef NO_FORK
1151 if (!(daemon->options & OPT_DEBUG))
1152 {
1153 flush_log();
1154 _exit(0);
1155 }
1156#endif
1157 }
1158 }
1159 }
1160}
1161
1162#ifdef HAVE_DHCP
1163int make_icmp_sock(void)
1164{
1165 int fd;
1166 int zeroopt = 0;
1167
1168 if ((fd = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1)
1169 {
1170 if (!fix_fd(fd) ||
1171 setsockopt(fd, SOL_SOCKET, SO_DONTROUTE, &zeroopt, sizeof(zeroopt)) == -1)
1172 {
1173 close(fd);
1174 fd = -1;
1175 }
1176 }
1177
1178 return fd;
1179}
1180
1181int icmp_ping(struct in_addr addr)
1182{
1183 /* Try and get an ICMP echo from a machine. */
1184
1185 /* Note that whilst in the three second wait, we check for
1186 (and service) events on the DNS and TFTP sockets, (so doing that
1187 better not use any resources our caller has in use...)
1188 but we remain deaf to signals or further DHCP packets. */
1189
1190 int fd;
1191 struct sockaddr_in saddr;
1192 struct {
1193 struct ip ip;
1194 struct icmp icmp;
1195 } packet;
1196 unsigned short id = rand16();
1197 unsigned int i, j;
1198 int gotreply = 0;
1199 time_t start, now;
1200
1201#if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK)
1202 if ((fd = make_icmp_sock()) == -1)
1203 return 0;
1204#else
1205 int opt = 2000;
1206 fd = daemon->dhcp_icmp_fd;
1207 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1208#endif
1209
1210 saddr.sin_family = AF_INET;
1211 saddr.sin_port = 0;
1212 saddr.sin_addr = addr;
1213#ifdef HAVE_SOCKADDR_SA_LEN
1214 saddr.sin_len = sizeof(struct sockaddr_in);
1215#endif
1216
1217 memset(&packet.icmp, 0, sizeof(packet.icmp));
1218 packet.icmp.icmp_type = ICMP_ECHO;
1219 packet.icmp.icmp_id = id;
1220 for (j = 0, i = 0; i < sizeof(struct icmp) / 2; i++)
1221 j += ((u16 *)&packet.icmp)[i];
1222 while (j>>16)
1223 j = (j & 0xffff) + (j >> 16);
1224 packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j;
1225
1226 while (sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0,
1227 (struct sockaddr *)&saddr, sizeof(saddr)) == -1 &&
1228 retry_send());
1229
1230 for (now = start = dnsmasq_time();
1231 difftime(now, start) < (float)PING_WAIT;)
1232 {
1233 struct timeval tv;
1234 fd_set rset, wset;
1235 struct sockaddr_in faddr;
1236 int maxfd = fd;
1237 socklen_t len = sizeof(faddr);
1238
1239 tv.tv_usec = 250000;
1240 tv.tv_sec = 0;
1241
1242 FD_ZERO(&rset);
1243 FD_ZERO(&wset);
1244 FD_SET(fd, &rset);
1245 set_dns_listeners(now, &rset, &maxfd);
1246 set_log_writer(&wset, &maxfd);
1247
1248 if (select(maxfd+1, &rset, &wset, NULL, &tv) < 0)
1249 {
1250 FD_ZERO(&rset);
1251 FD_ZERO(&wset);
1252 }
1253
1254 now = dnsmasq_time();
1255
1256 check_log_writer(&wset);
1257 check_dns_listeners(&rset, now);
1258
1259#ifdef HAVE_TFTP
1260 check_tftp_listeners(&rset, now);
1261#endif
1262
1263 if (FD_ISSET(fd, &rset) &&
1264 recvfrom(fd, &packet, sizeof(packet), 0,
1265 (struct sockaddr *)&faddr, &len) == sizeof(packet) &&
1266 saddr.sin_addr.s_addr == faddr.sin_addr.s_addr &&
1267 packet.icmp.icmp_type == ICMP_ECHOREPLY &&
1268 packet.icmp.icmp_seq == 0 &&
1269 packet.icmp.icmp_id == id)
1270 {
1271 gotreply = 1;
1272 break;
1273 }
1274 }
1275
1276#if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
1277 close(fd);
1278#else
1279 opt = 1;
1280 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1281#endif
1282
1283 return gotreply;
1284}
1285#endif
1286
1287