dnsmasq.c revision ffd68729961f7383f2e35494a03ccdef20f86c98
1/* dnsmasq is Copyright (c) 2000-2009 Simon Kelley 2 3 This program is free software; you can redistribute it and/or modify 4 it under the terms of the GNU General Public License as published by 5 the Free Software Foundation; version 2 dated June, 1991, or 6 (at your option) version 3 dated 29 June, 2007. 7 8 This program is distributed in the hope that it will be useful, 9 but WITHOUT ANY WARRANTY; without even the implied warranty of 10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 GNU General Public License for more details. 12 13 You should have received a copy of the GNU General Public License 14 along with this program. If not, see <http://www.gnu.org/licenses/>. 15*/ 16 17#include "dnsmasq.h" 18 19struct daemon *daemon; 20 21static char *compile_opts = 22#ifndef HAVE_IPV6 23"no-" 24#endif 25"IPv6 " 26#ifndef HAVE_GETOPT_LONG 27"no-" 28#endif 29"GNU-getopt " 30#ifdef HAVE_BROKEN_RTC 31"no-RTC " 32#endif 33#ifdef NO_FORK 34"no-MMU " 35#endif 36#ifndef HAVE_DBUS 37"no-" 38#endif 39"DBus " 40#ifndef LOCALEDIR 41"no-" 42#endif 43"I18N " 44#ifndef HAVE_DHCP 45"no-" 46#endif 47"DHCP " 48#if defined(HAVE_DHCP) && !defined(HAVE_SCRIPT) 49"no-scripts " 50#endif 51#ifndef HAVE_TFTP 52"no-" 53#endif 54"TFTP"; 55 56 57 58static volatile pid_t pid = 0; 59static volatile int pipewrite; 60 61static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp); 62static void check_dns_listeners(fd_set *set, time_t now); 63static void sig_handler(int sig); 64static void async_event(int pipe, time_t now); 65static void fatal_event(struct event_desc *ev); 66static void poll_resolv(void); 67 68int main (int argc, char **argv) 69{ 70 int bind_fallback = 0; 71 time_t now; 72 struct sigaction sigact; 73 struct iname *if_tmp; 74 int piperead, pipefd[2], err_pipe[2]; 75 struct passwd *ent_pw = NULL; 76#if defined(HAVE_DHCP) && defined(HAVE_SCRIPT) 77 uid_t script_uid = 0; 78 gid_t script_gid = 0; 79#endif 80 struct group *gp = NULL; 81 long i, max_fd = sysconf(_SC_OPEN_MAX); 82 char *baduser = NULL; 83 int log_err; 84#if defined(HAVE_LINUX_NETWORK) 85 cap_user_header_t hdr = NULL; 86 cap_user_data_t data = NULL; 87#endif 88 89#ifdef LOCALEDIR 90 setlocale(LC_ALL, ""); 91 bindtextdomain("dnsmasq", LOCALEDIR); 92 textdomain("dnsmasq"); 93#endif 94 95 sigact.sa_handler = sig_handler; 96 sigact.sa_flags = 0; 97 sigemptyset(&sigact.sa_mask); 98 sigaction(SIGUSR1, &sigact, NULL); 99 sigaction(SIGUSR2, &sigact, NULL); 100 sigaction(SIGHUP, &sigact, NULL); 101 sigaction(SIGTERM, &sigact, NULL); 102 sigaction(SIGALRM, &sigact, NULL); 103 sigaction(SIGCHLD, &sigact, NULL); 104 105 /* ignore SIGPIPE */ 106 sigact.sa_handler = SIG_IGN; 107 sigaction(SIGPIPE, &sigact, NULL); 108 109 umask(022); /* known umask, create leases and pid files as 0644 */ 110 111 read_opts(argc, argv, compile_opts); 112 113 if (daemon->edns_pktsz < PACKETSZ) 114 daemon->edns_pktsz = PACKETSZ; 115 daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ? 116 daemon->edns_pktsz : DNSMASQ_PACKETSZ; 117 daemon->packet = safe_malloc(daemon->packet_buff_sz); 118 119#ifdef HAVE_DHCP 120 if (!daemon->lease_file) 121 { 122 if (daemon->dhcp) 123 daemon->lease_file = LEASEFILE; 124 } 125#endif 126 127 /* Close any file descriptors we inherited apart from std{in|out|err} */ 128 for (i = 0; i < max_fd; i++) 129 if (i != STDOUT_FILENO && i != STDERR_FILENO && i != STDIN_FILENO) 130 close(i); 131 132#ifdef HAVE_LINUX_NETWORK 133 netlink_init(); 134#elif !(defined(IP_RECVDSTADDR) && \ 135 defined(IP_RECVIF) && \ 136 defined(IP_SENDSRCADDR)) 137 if (!(daemon->options & OPT_NOWILD)) 138 { 139 bind_fallback = 1; 140 daemon->options |= OPT_NOWILD; 141 } 142#endif 143 144#ifndef HAVE_TFTP 145 if (daemon->options & OPT_TFTP) 146 die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL, EC_BADCONF); 147#endif 148 149#ifdef HAVE_SOLARIS_NETWORK 150 if (daemon->max_logs != 0) 151 die(_("asychronous logging is not available under Solaris"), NULL, EC_BADCONF); 152#endif 153 154 rand_init(); 155 156 now = dnsmasq_time(); 157 158#ifdef HAVE_DHCP 159 if (daemon->dhcp) 160 { 161 /* Note that order matters here, we must call lease_init before 162 creating any file descriptors which shouldn't be leaked 163 to the lease-script init process. */ 164 lease_init(now); 165 dhcp_init(); 166 } 167#endif 168 169 if (!enumerate_interfaces()) 170 die(_("failed to find list of interfaces: %s"), NULL, EC_MISC); 171 172 if (daemon->options & OPT_NOWILD) 173 { 174 daemon->listeners = create_bound_listeners(); 175 176 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next) 177 if (if_tmp->name && !if_tmp->used) 178 die(_("unknown interface %s"), if_tmp->name, EC_BADNET); 179 180 for (if_tmp = daemon->if_addrs; if_tmp; if_tmp = if_tmp->next) 181 if (!if_tmp->used) 182 { 183 prettyprint_addr(&if_tmp->addr, daemon->namebuff); 184 die(_("no interface with address %s"), daemon->namebuff, EC_BADNET); 185 } 186 } 187 else if ((daemon->port != 0 || (daemon->options & OPT_TFTP)) && 188 !(daemon->listeners = create_wildcard_listeners())) 189 die(_("failed to create listening socket: %s"), NULL, EC_BADNET); 190 191 if (daemon->port != 0) 192 cache_init(); 193 194 if (daemon->options & OPT_DBUS) 195#ifdef HAVE_DBUS 196 { 197 char *err; 198 daemon->dbus = NULL; 199 daemon->watches = NULL; 200 if ((err = dbus_init())) 201 die(_("DBus error: %s"), err, EC_MISC); 202 } 203#else 204 die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL, EC_BADCONF); 205#endif 206 207 if (daemon->port != 0) 208 pre_allocate_sfds(); 209 210#if defined(HAVE_DHCP) && defined(HAVE_SCRIPT) 211 /* Note getpwnam returns static storage */ 212 if (daemon->dhcp && daemon->lease_change_command && daemon->scriptuser) 213 { 214 if ((ent_pw = getpwnam(daemon->scriptuser))) 215 { 216 script_uid = ent_pw->pw_uid; 217 script_gid = ent_pw->pw_gid; 218 } 219 else 220 baduser = daemon->scriptuser; 221 } 222#endif 223 224 if (daemon->username && !(ent_pw = getpwnam(daemon->username))) 225 baduser = daemon->username; 226 else if (daemon->groupname && !(gp = getgrnam(daemon->groupname))) 227 baduser = daemon->groupname; 228 229 if (baduser) 230 die(_("unknown user or group: %s"), baduser, EC_BADCONF); 231 232 /* implement group defaults, "dip" if available, or group associated with uid */ 233 if (!daemon->group_set && !gp) 234 { 235 if (!(gp = getgrnam(CHGRP)) && ent_pw) 236 gp = getgrgid(ent_pw->pw_gid); 237 238 /* for error message */ 239 if (gp) 240 daemon->groupname = gp->gr_name; 241 } 242 243#if defined(HAVE_LINUX_NETWORK) 244 /* determine capability API version here, while we can still 245 call safe_malloc */ 246 if (ent_pw && ent_pw->pw_uid != 0) 247 { 248 int capsize = 1; /* for header version 1 */ 249 hdr = safe_malloc(sizeof(*hdr)); 250 251 /* find version supported by kernel */ 252 memset(hdr, 0, sizeof(*hdr)); 253 capget(hdr, NULL); 254 255 if (hdr->version != LINUX_CAPABILITY_VERSION_1) 256 { 257 /* if unknown version, use largest supported version (3) */ 258 if (hdr->version != LINUX_CAPABILITY_VERSION_2) 259 hdr->version = LINUX_CAPABILITY_VERSION_3; 260 capsize = 2; 261 } 262 263 data = safe_malloc(sizeof(*data) * capsize); 264 memset(data, 0, sizeof(*data) * capsize); 265 } 266#endif 267 268 /* Use a pipe to carry signals and other events back to the event loop 269 in a race-free manner and another to carry errors to daemon-invoking process */ 270 safe_pipe(pipefd, 1); 271 272 piperead = pipefd[0]; 273 pipewrite = pipefd[1]; 274 /* prime the pipe to load stuff first time. */ 275 send_event(pipewrite, EVENT_RELOAD, 0); 276 277 err_pipe[1] = -1; 278 279 if (!(daemon->options & OPT_DEBUG)) 280 { 281 int nullfd; 282 283 /* The following code "daemonizes" the process. 284 See Stevens section 12.4 */ 285 286 if (chdir("/") != 0) 287 die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC); 288 289#ifndef NO_FORK 290 if (!(daemon->options & OPT_NO_FORK)) 291 { 292 pid_t pid; 293 294 /* pipe to carry errors back to original process. 295 When startup is complete we close this and the process terminates. */ 296 safe_pipe(err_pipe, 0); 297 298 if ((pid = fork()) == -1) 299 /* fd == -1 since we've not forked, never returns. */ 300 send_event(-1, EVENT_FORK_ERR, errno); 301 302 if (pid != 0) 303 { 304 struct event_desc ev; 305 306 /* close our copy of write-end */ 307 close(err_pipe[1]); 308 309 /* check for errors after the fork */ 310 if (read_write(err_pipe[0], (unsigned char *)&ev, sizeof(ev), 1)) 311 fatal_event(&ev); 312 313 _exit(EC_GOOD); 314 } 315 316 close(err_pipe[0]); 317 318 /* NO calls to die() from here on. */ 319 320 setsid(); 321 322 if ((pid = fork()) == -1) 323 send_event(err_pipe[1], EVENT_FORK_ERR, errno); 324 325 if (pid != 0) 326 _exit(0); 327 } 328#endif 329 330 /* write pidfile _after_ forking ! */ 331 if (daemon->runfile) 332 { 333 FILE *pidfile; 334 335 /* only complain if started as root */ 336 if ((pidfile = fopen(daemon->runfile, "w"))) 337 { 338 fprintf(pidfile, "%d\n", (int) getpid()); 339 fclose(pidfile); 340 } 341 else if (getuid() == 0) 342 { 343 send_event(err_pipe[1], EVENT_PIDFILE, errno); 344 _exit(0); 345 } 346 } 347 348 /* open stdout etc to /dev/null */ 349 nullfd = open("/dev/null", O_RDWR); 350 dup2(nullfd, STDOUT_FILENO); 351 dup2(nullfd, STDERR_FILENO); 352 dup2(nullfd, STDIN_FILENO); 353 close(nullfd); 354 } 355 356 log_err = log_start(ent_pw, err_pipe[1]); 357 358 /* if we are to run scripts, we need to fork a helper before dropping root. */ 359 daemon->helperfd = -1; 360#if defined(HAVE_DHCP) && defined(HAVE_SCRIPT) 361 if (daemon->dhcp && daemon->lease_change_command) 362 daemon->helperfd = create_helper(pipewrite, err_pipe[1], script_uid, script_gid, max_fd); 363#endif 364 365 if (!(daemon->options & OPT_DEBUG) && getuid() == 0) 366 { 367 int bad_capabilities = 0; 368 gid_t dummy; 369 370 /* remove all supplimentary groups */ 371 if (gp && 372 (setgroups(0, &dummy) == -1 || 373 setgid(gp->gr_gid) == -1)) 374 { 375 send_event(err_pipe[1], EVENT_GROUP_ERR, errno); 376 _exit(0); 377 } 378 379 if (ent_pw && ent_pw->pw_uid != 0) 380 { 381#if defined(HAVE_LINUX_NETWORK) 382 /* On linux, we keep CAP_NETADMIN (for ARP-injection) and 383 CAP_NET_RAW (for icmp) if we're doing dhcp */ 384 data->effective = data->permitted = data->inheritable = 385 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID); 386 387 /* Tell kernel to not clear capabilities when dropping root */ 388 if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1) == -1) 389 bad_capabilities = errno; 390 391#elif defined(HAVE_SOLARIS_NETWORK) 392 /* http://developers.sun.com/solaris/articles/program_privileges.html */ 393 priv_set_t *priv_set; 394 395 if (!(priv_set = priv_str_to_set("basic", ",", NULL)) || 396 priv_addset(priv_set, PRIV_NET_ICMPACCESS) == -1 || 397 priv_addset(priv_set, PRIV_SYS_NET_CONFIG) == -1) 398 bad_capabilities = errno; 399 400 if (priv_set && bad_capabilities == 0) 401 { 402 priv_inverse(priv_set); 403 404 if (setppriv(PRIV_OFF, PRIV_LIMIT, priv_set) == -1) 405 bad_capabilities = errno; 406 } 407 408 if (priv_set) 409 priv_freeset(priv_set); 410 411#endif 412 413 if (bad_capabilities != 0) 414 { 415 send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities); 416 _exit(0); 417 } 418 419 /* finally drop root */ 420 if (setuid(ent_pw->pw_uid) == -1) 421 { 422 send_event(err_pipe[1], EVENT_USER_ERR, errno); 423 _exit(0); 424 } 425 426#ifdef HAVE_LINUX_NETWORK 427 data->effective = data->permitted = 428 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW); 429 data->inheritable = 0; 430 431 /* lose the setuid and setgid capbilities */ 432 if (capset(hdr, data) == -1) 433 { 434 send_event(err_pipe[1], EVENT_CAP_ERR, errno); 435 _exit(0); 436 } 437#endif 438 439 } 440 } 441 442#ifdef HAVE_LINUX_NETWORK 443 if (daemon->options & OPT_DEBUG) 444 prctl(PR_SET_DUMPABLE, 1); 445#endif 446 447 if (daemon->port == 0) 448 my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION); 449 else if (daemon->cachesize != 0) 450 my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize); 451 else 452 my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION); 453 454 my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts); 455 456#ifdef HAVE_DBUS 457 if (daemon->options & OPT_DBUS) 458 { 459 if (daemon->dbus) 460 my_syslog(LOG_INFO, _("DBus support enabled: connected to system bus")); 461 else 462 my_syslog(LOG_INFO, _("DBus support enabled: bus connection pending")); 463 } 464#endif 465 466 if (log_err != 0) 467 my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"), 468 daemon->log_file, strerror(log_err)); 469 470 if (bind_fallback) 471 my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations")); 472 473 if (!(daemon->options & OPT_NOWILD)) 474 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next) 475 if (if_tmp->name && !if_tmp->used) 476 my_syslog(LOG_WARNING, _("warning: interface %s does not currently exist"), if_tmp->name); 477 478 if (daemon->port != 0 && (daemon->options & OPT_NO_RESOLV)) 479 { 480 if (daemon->resolv_files && !daemon->resolv_files->is_default) 481 my_syslog(LOG_WARNING, _("warning: ignoring resolv-file flag because no-resolv is set")); 482 daemon->resolv_files = NULL; 483 if (!daemon->servers) 484 my_syslog(LOG_WARNING, _("warning: no upstream servers configured")); 485 } 486 487 if (daemon->max_logs != 0) 488 my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"), daemon->max_logs); 489 490#ifdef HAVE_DHCP 491 if (daemon->dhcp) 492 { 493 struct dhcp_context *dhcp_tmp; 494 495 for (dhcp_tmp = daemon->dhcp; dhcp_tmp; dhcp_tmp = dhcp_tmp->next) 496 { 497 prettyprint_time(daemon->dhcp_buff2, dhcp_tmp->lease_time); 498 strcpy(daemon->dhcp_buff, inet_ntoa(dhcp_tmp->start)); 499 my_syslog(MS_DHCP | LOG_INFO, 500 (dhcp_tmp->flags & CONTEXT_STATIC) ? 501 _("DHCP, static leases only on %.0s%s, lease time %s") : 502 (dhcp_tmp->flags & CONTEXT_PROXY) ? 503 _("DHCP, proxy on subnet %.0s%s%.0s") : 504 _("DHCP, IP range %s -- %s, lease time %s"), 505 daemon->dhcp_buff, inet_ntoa(dhcp_tmp->end), daemon->dhcp_buff2); 506 } 507 } 508#endif 509 510#ifdef HAVE_TFTP 511 if (daemon->options & OPT_TFTP) 512 { 513#ifdef FD_SETSIZE 514 if (FD_SETSIZE < (unsigned)max_fd) 515 max_fd = FD_SETSIZE; 516#endif 517 518 my_syslog(MS_TFTP | LOG_INFO, "TFTP %s%s %s", 519 daemon->tftp_prefix ? _("root is ") : _("enabled"), 520 daemon->tftp_prefix ? daemon->tftp_prefix: "", 521 daemon->options & OPT_TFTP_SECURE ? _("secure mode") : ""); 522 523 /* This is a guess, it assumes that for small limits, 524 disjoint files might be served, but for large limits, 525 a single file will be sent to may clients (the file only needs 526 one fd). */ 527 528 max_fd -= 30; /* use other than TFTP */ 529 530 if (max_fd < 0) 531 max_fd = 5; 532 else if (max_fd < 100) 533 max_fd = max_fd/2; 534 else 535 max_fd = max_fd - 20; 536 537 /* if we have to use a limited range of ports, 538 that will limit the number of transfers */ 539 if (daemon->start_tftp_port != 0 && 540 daemon->end_tftp_port - daemon->start_tftp_port + 1 < max_fd) 541 max_fd = daemon->end_tftp_port - daemon->start_tftp_port + 1; 542 543 if (daemon->tftp_max > max_fd) 544 { 545 daemon->tftp_max = max_fd; 546 my_syslog(MS_TFTP | LOG_WARNING, 547 _("restricting maximum simultaneous TFTP transfers to %d"), 548 daemon->tftp_max); 549 } 550 } 551#endif 552 553 /* finished start-up - release original process */ 554 if (err_pipe[1] != -1) 555 close(err_pipe[1]); 556 557 if (daemon->port != 0) 558 check_servers(); 559 560 pid = getpid(); 561 562 while (1) 563 { 564 int maxfd = -1; 565 struct timeval t, *tp = NULL; 566 fd_set rset, wset, eset; 567 568 FD_ZERO(&rset); 569 FD_ZERO(&wset); 570 FD_ZERO(&eset); 571 572 /* if we are out of resources, find how long we have to wait 573 for some to come free, we'll loop around then and restart 574 listening for queries */ 575 if ((t.tv_sec = set_dns_listeners(now, &rset, &maxfd)) != 0) 576 { 577 t.tv_usec = 0; 578 tp = &t; 579 } 580 581 /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */ 582 if (daemon->tftp_trans || 583 ((daemon->options & OPT_DBUS) && !daemon->dbus)) 584 { 585 t.tv_sec = 0; 586 t.tv_usec = 250000; 587 tp = &t; 588 } 589 590#ifdef HAVE_DBUS 591 set_dbus_listeners(&maxfd, &rset, &wset, &eset); 592#endif 593 594#ifdef HAVE_DHCP 595 if (daemon->dhcp) 596 { 597 FD_SET(daemon->dhcpfd, &rset); 598 bump_maxfd(daemon->dhcpfd, &maxfd); 599 } 600#endif 601 602#ifdef HAVE_LINUX_NETWORK 603 FD_SET(daemon->netlinkfd, &rset); 604 bump_maxfd(daemon->netlinkfd, &maxfd); 605#endif 606 607 FD_SET(piperead, &rset); 608 bump_maxfd(piperead, &maxfd); 609 610#ifdef HAVE_DHCP 611# ifdef HAVE_SCRIPT 612 while (helper_buf_empty() && do_script_run(now)); 613 614 if (!helper_buf_empty()) 615 { 616 FD_SET(daemon->helperfd, &wset); 617 bump_maxfd(daemon->helperfd, &maxfd); 618 } 619# else 620 /* need this for other side-effects */ 621 while (do_script_run(now)); 622# endif 623#endif 624 625 /* must do this just before select(), when we know no 626 more calls to my_syslog() can occur */ 627 set_log_writer(&wset, &maxfd); 628 629 if (select(maxfd+1, &rset, &wset, &eset, tp) < 0) 630 { 631 /* otherwise undefined after error */ 632 FD_ZERO(&rset); FD_ZERO(&wset); FD_ZERO(&eset); 633 } 634 635 now = dnsmasq_time(); 636 637 check_log_writer(&wset); 638 639 /* Check for changes to resolv files once per second max. */ 640 /* Don't go silent for long periods if the clock goes backwards. */ 641 if (daemon->last_resolv == 0 || 642 difftime(now, daemon->last_resolv) > 1.0 || 643 difftime(now, daemon->last_resolv) < -1.0) 644 { 645 daemon->last_resolv = now; 646 647 if (daemon->port != 0 && !(daemon->options & OPT_NO_POLL)) 648 poll_resolv(); 649 } 650 651 if (FD_ISSET(piperead, &rset)) 652 async_event(piperead, now); 653 654#ifdef HAVE_LINUX_NETWORK 655 if (FD_ISSET(daemon->netlinkfd, &rset)) 656 netlink_multicast(); 657#endif 658 659#ifdef HAVE_DBUS 660 /* if we didn't create a DBus connection, retry now. */ 661 if ((daemon->options & OPT_DBUS) && !daemon->dbus) 662 { 663 char *err; 664 if ((err = dbus_init())) 665 my_syslog(LOG_WARNING, _("DBus error: %s"), err); 666 if (daemon->dbus) 667 my_syslog(LOG_INFO, _("connected to system DBus")); 668 } 669 check_dbus_listeners(&rset, &wset, &eset); 670#endif 671 672 check_dns_listeners(&rset, now); 673 674#ifdef HAVE_TFTP 675 check_tftp_listeners(&rset, now); 676#endif 677 678#ifdef HAVE_DHCP 679 if (daemon->dhcp && FD_ISSET(daemon->dhcpfd, &rset)) 680 dhcp_packet(now); 681 682# ifdef HAVE_SCRIPT 683 if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset)) 684 helper_write(); 685# endif 686#endif 687 688 } 689} 690 691static void sig_handler(int sig) 692{ 693 if (pid == 0) 694 { 695 /* ignore anything other than TERM during startup 696 and in helper proc. (helper ignore TERM too) */ 697 if (sig == SIGTERM) 698 exit(EC_MISC); 699 } 700 else if (pid != getpid()) 701 { 702 /* alarm is used to kill TCP children after a fixed time. */ 703 if (sig == SIGALRM) 704 _exit(0); 705 } 706 else 707 { 708 /* master process */ 709 int event, errsave = errno; 710 711 if (sig == SIGHUP) 712 event = EVENT_RELOAD; 713 else if (sig == SIGCHLD) 714 event = EVENT_CHILD; 715 else if (sig == SIGALRM) 716 event = EVENT_ALARM; 717 else if (sig == SIGTERM) 718 event = EVENT_TERM; 719 else if (sig == SIGUSR1) 720 event = EVENT_DUMP; 721 else if (sig == SIGUSR2) 722 event = EVENT_REOPEN; 723 else 724 return; 725 726 send_event(pipewrite, event, 0); 727 errno = errsave; 728 } 729} 730 731void send_event(int fd, int event, int data) 732{ 733 struct event_desc ev; 734 735 ev.event = event; 736 ev.data = data; 737 738 /* error pipe, debug mode. */ 739 if (fd == -1) 740 fatal_event(&ev); 741 else 742 /* pipe is non-blocking and struct event_desc is smaller than 743 PIPE_BUF, so this either fails or writes everything */ 744 while (write(fd, &ev, sizeof(ev)) == -1 && errno == EINTR); 745} 746 747static void fatal_event(struct event_desc *ev) 748{ 749 errno = ev->data; 750 751 switch (ev->event) 752 { 753 case EVENT_DIE: 754 exit(0); 755 756 case EVENT_FORK_ERR: 757 die(_("cannot fork into background: %s"), NULL, EC_MISC); 758 759 case EVENT_PIPE_ERR: 760 die(_("failed to create helper: %s"), NULL, EC_MISC); 761 762 case EVENT_CAP_ERR: 763 die(_("setting capabilities failed: %s"), NULL, EC_MISC); 764 765 case EVENT_USER_ERR: 766 case EVENT_HUSER_ERR: 767 die(_("failed to change user-id to %s: %s"), 768 ev->event == EVENT_USER_ERR ? daemon->username : daemon->scriptuser, 769 EC_MISC); 770 771 case EVENT_GROUP_ERR: 772 die(_("failed to change group-id to %s: %s"), daemon->groupname, EC_MISC); 773 774 case EVENT_PIDFILE: 775 die(_("failed to open pidfile %s: %s"), daemon->runfile, EC_FILE); 776 777 case EVENT_LOG_ERR: 778 die(_("cannot open %s: %s"), daemon->log_file ? daemon->log_file : "log", EC_FILE); 779 } 780} 781 782static void async_event(int pipe, time_t now) 783{ 784 pid_t p; 785 struct event_desc ev; 786 int i; 787 788 if (read_write(pipe, (unsigned char *)&ev, sizeof(ev), 1)) 789 switch (ev.event) 790 { 791 case EVENT_RELOAD: 792 clear_cache_and_reload(now); 793 if (daemon->port != 0 && daemon->resolv_files && (daemon->options & OPT_NO_POLL)) 794 { 795 reload_servers(daemon->resolv_files->name); 796 check_servers(); 797 } 798#ifdef HAVE_DHCP 799 rerun_scripts(); 800#endif 801 break; 802 803 case EVENT_DUMP: 804 if (daemon->port != 0) 805 dump_cache(now); 806 break; 807 808 case EVENT_ALARM: 809#ifdef HAVE_DHCP 810 if (daemon->dhcp) 811 { 812 lease_prune(NULL, now); 813 lease_update_file(now); 814 } 815#endif 816 break; 817 818 case EVENT_CHILD: 819 /* See Stevens 5.10 */ 820 while ((p = waitpid(-1, NULL, WNOHANG)) != 0) 821 if (p == -1) 822 { 823 if (errno != EINTR) 824 break; 825 } 826 else 827 for (i = 0 ; i < MAX_PROCS; i++) 828 if (daemon->tcp_pids[i] == p) 829 daemon->tcp_pids[i] = 0; 830 break; 831 832 case EVENT_KILLED: 833 my_syslog(LOG_WARNING, _("child process killed by signal %d"), ev.data); 834 break; 835 836 case EVENT_EXITED: 837 my_syslog(LOG_WARNING, _("child process exited with status %d"), ev.data); 838 break; 839 840 case EVENT_EXEC_ERR: 841 my_syslog(LOG_ERR, _("failed to execute %s: %s"), 842 daemon->lease_change_command, strerror(ev.data)); 843 break; 844 845 /* necessary for fatal errors in helper */ 846 case EVENT_HUSER_ERR: 847 case EVENT_DIE: 848 fatal_event(&ev); 849 break; 850 851 case EVENT_REOPEN: 852 /* Note: this may leave TCP-handling processes with the old file still open. 853 Since any such process will die in CHILD_LIFETIME or probably much sooner, 854 we leave them logging to the old file. */ 855 if (daemon->log_file != NULL) 856 log_reopen(daemon->log_file); 857 break; 858 859 case EVENT_TERM: 860 /* Knock all our children on the head. */ 861 for (i = 0; i < MAX_PROCS; i++) 862 if (daemon->tcp_pids[i] != 0) 863 kill(daemon->tcp_pids[i], SIGALRM); 864 865#if defined(HAVE_DHCP) && defined(HAVE_SCRIPT) 866 /* handle pending lease transitions */ 867 if (daemon->helperfd != -1) 868 { 869 /* block in writes until all done */ 870 if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1) 871 fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK); 872 do { 873 helper_write(); 874 } while (!helper_buf_empty() || do_script_run(now)); 875 close(daemon->helperfd); 876 } 877#endif 878 879 if (daemon->lease_stream) 880 fclose(daemon->lease_stream); 881 882 if (daemon->runfile) 883 unlink(daemon->runfile); 884 885 my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM")); 886 flush_log(); 887 exit(EC_GOOD); 888 } 889} 890 891static void poll_resolv() 892{ 893 struct resolvc *res, *latest; 894 struct stat statbuf; 895 time_t last_change = 0; 896 /* There may be more than one possible file. 897 Go through and find the one which changed _last_. 898 Warn of any which can't be read. */ 899 for (latest = NULL, res = daemon->resolv_files; res; res = res->next) 900 if (stat(res->name, &statbuf) == -1) 901 { 902 if (!res->logged) 903 my_syslog(LOG_WARNING, _("failed to access %s: %s"), res->name, strerror(errno)); 904 res->logged = 1; 905 } 906 else 907 { 908 res->logged = 0; 909 if (statbuf.st_mtime != res->mtime) 910 { 911 res->mtime = statbuf.st_mtime; 912 if (difftime(statbuf.st_mtime, last_change) > 0.0) 913 { 914 last_change = statbuf.st_mtime; 915 latest = res; 916 } 917 } 918 } 919 920 if (latest) 921 { 922 static int warned = 0; 923 if (reload_servers(latest->name)) 924 { 925 my_syslog(LOG_INFO, _("reading %s"), latest->name); 926 warned = 0; 927 check_servers(); 928 if (daemon->options & OPT_RELOAD) 929 cache_reload(); 930 } 931 else 932 { 933 latest->mtime = 0; 934 if (!warned) 935 { 936 my_syslog(LOG_WARNING, _("no servers found in %s, will retry"), latest->name); 937 warned = 1; 938 } 939 } 940 } 941} 942 943void clear_cache_and_reload(time_t now) 944{ 945 if (daemon->port != 0) 946 cache_reload(); 947 948#ifdef HAVE_DHCP 949 if (daemon->dhcp) 950 { 951 if (daemon->options & OPT_ETHERS) 952 dhcp_read_ethers(); 953 reread_dhcp(); 954 dhcp_update_configs(daemon->dhcp_conf); 955 check_dhcp_hosts(0); 956 lease_update_from_configs(); 957 lease_update_file(now); 958 lease_update_dns(); 959 } 960#endif 961} 962 963static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp) 964{ 965 struct serverfd *serverfdp; 966 struct listener *listener; 967 int wait = 0, i; 968 969#ifdef HAVE_TFTP 970 int tftp = 0; 971 struct tftp_transfer *transfer; 972 for (transfer = daemon->tftp_trans; transfer; transfer = transfer->next) 973 { 974 tftp++; 975 FD_SET(transfer->sockfd, set); 976 bump_maxfd(transfer->sockfd, maxfdp); 977 } 978#endif 979 980 /* will we be able to get memory? */ 981 if (daemon->port != 0) 982 get_new_frec(now, &wait); 983 984 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next) 985 { 986 FD_SET(serverfdp->fd, set); 987 bump_maxfd(serverfdp->fd, maxfdp); 988 } 989 990 if (daemon->port != 0 && !daemon->osport) 991 for (i = 0; i < RANDOM_SOCKS; i++) 992 if (daemon->randomsocks[i].refcount != 0) 993 { 994 FD_SET(daemon->randomsocks[i].fd, set); 995 bump_maxfd(daemon->randomsocks[i].fd, maxfdp); 996 } 997 998 for (listener = daemon->listeners; listener; listener = listener->next) 999 { 1000 /* only listen for queries if we have resources */ 1001 if (listener->fd != -1 && wait == 0) 1002 { 1003 FD_SET(listener->fd, set); 1004 bump_maxfd(listener->fd, maxfdp); 1005 } 1006 1007 /* death of a child goes through the select loop, so 1008 we don't need to explicitly arrange to wake up here */ 1009 if (listener->tcpfd != -1) 1010 for (i = 0; i < MAX_PROCS; i++) 1011 if (daemon->tcp_pids[i] == 0) 1012 { 1013 FD_SET(listener->tcpfd, set); 1014 bump_maxfd(listener->tcpfd, maxfdp); 1015 break; 1016 } 1017 1018#ifdef HAVE_TFTP 1019 if (tftp <= daemon->tftp_max && listener->tftpfd != -1) 1020 { 1021 FD_SET(listener->tftpfd, set); 1022 bump_maxfd(listener->tftpfd, maxfdp); 1023 } 1024#endif 1025 1026 } 1027 1028 return wait; 1029} 1030 1031static void check_dns_listeners(fd_set *set, time_t now) 1032{ 1033 struct serverfd *serverfdp; 1034 struct listener *listener; 1035 int i; 1036 1037 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next) 1038 if (FD_ISSET(serverfdp->fd, set)) 1039 reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now); 1040 1041 if (daemon->port != 0 && !daemon->osport) 1042 for (i = 0; i < RANDOM_SOCKS; i++) 1043 if (daemon->randomsocks[i].refcount != 0 && 1044 FD_ISSET(daemon->randomsocks[i].fd, set)) 1045 reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now); 1046 1047 for (listener = daemon->listeners; listener; listener = listener->next) 1048 { 1049 if (listener->fd != -1 && FD_ISSET(listener->fd, set)) 1050 receive_query(listener, now); 1051 1052#ifdef HAVE_TFTP 1053 if (listener->tftpfd != -1 && FD_ISSET(listener->tftpfd, set)) 1054 tftp_request(listener, now); 1055#endif 1056 1057 if (listener->tcpfd != -1 && FD_ISSET(listener->tcpfd, set)) 1058 { 1059 int confd; 1060 struct irec *iface = NULL; 1061 pid_t p; 1062 1063 while((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR); 1064 1065 if (confd == -1) 1066 continue; 1067 1068 if (daemon->options & OPT_NOWILD) 1069 iface = listener->iface; 1070 else 1071 { 1072 union mysockaddr tcp_addr; 1073 socklen_t tcp_len = sizeof(union mysockaddr); 1074 /* Check for allowed interfaces when binding the wildcard address: 1075 we do this by looking for an interface with the same address as 1076 the local address of the TCP connection, then looking to see if that's 1077 an allowed interface. As a side effect, we get the netmask of the 1078 interface too, for localisation. */ 1079 1080 /* interface may be new since startup */ 1081 if (enumerate_interfaces() && 1082 getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) != -1) 1083 for (iface = daemon->interfaces; iface; iface = iface->next) 1084 if (sockaddr_isequal(&iface->addr, &tcp_addr)) 1085 break; 1086 } 1087 1088 if (!iface) 1089 { 1090 shutdown(confd, SHUT_RDWR); 1091 close(confd); 1092 } 1093#ifndef NO_FORK 1094 else if (!(daemon->options & OPT_DEBUG) && (p = fork()) != 0) 1095 { 1096 if (p != -1) 1097 { 1098 int i; 1099 for (i = 0; i < MAX_PROCS; i++) 1100 if (daemon->tcp_pids[i] == 0) 1101 { 1102 daemon->tcp_pids[i] = p; 1103 break; 1104 } 1105 } 1106 close(confd); 1107 } 1108#endif 1109 else 1110 { 1111 unsigned char *buff; 1112 struct server *s; 1113 int flags; 1114 struct in_addr dst_addr_4; 1115 1116 dst_addr_4.s_addr = 0; 1117 1118 /* Arrange for SIGALARM after CHILD_LIFETIME seconds to 1119 terminate the process. */ 1120 if (!(daemon->options & OPT_DEBUG)) 1121 alarm(CHILD_LIFETIME); 1122 1123 /* start with no upstream connections. */ 1124 for (s = daemon->servers; s; s = s->next) 1125 s->tcpfd = -1; 1126 1127 /* The connected socket inherits non-blocking 1128 attribute from the listening socket. 1129 Reset that here. */ 1130 if ((flags = fcntl(confd, F_GETFL, 0)) != -1) 1131 fcntl(confd, F_SETFL, flags & ~O_NONBLOCK); 1132 1133 if (listener->family == AF_INET) 1134 dst_addr_4 = iface->addr.in.sin_addr; 1135 1136 buff = tcp_request(confd, now, dst_addr_4, iface->netmask); 1137 1138 shutdown(confd, SHUT_RDWR); 1139 close(confd); 1140 1141 if (buff) 1142 free(buff); 1143 1144 for (s = daemon->servers; s; s = s->next) 1145 if (s->tcpfd != -1) 1146 { 1147 shutdown(s->tcpfd, SHUT_RDWR); 1148 close(s->tcpfd); 1149 } 1150#ifndef NO_FORK 1151 if (!(daemon->options & OPT_DEBUG)) 1152 { 1153 flush_log(); 1154 _exit(0); 1155 } 1156#endif 1157 } 1158 } 1159 } 1160} 1161 1162#ifdef HAVE_DHCP 1163int make_icmp_sock(void) 1164{ 1165 int fd; 1166 int zeroopt = 0; 1167 1168 if ((fd = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1) 1169 { 1170 if (!fix_fd(fd) || 1171 setsockopt(fd, SOL_SOCKET, SO_DONTROUTE, &zeroopt, sizeof(zeroopt)) == -1) 1172 { 1173 close(fd); 1174 fd = -1; 1175 } 1176 } 1177 1178 return fd; 1179} 1180 1181int icmp_ping(struct in_addr addr) 1182{ 1183 /* Try and get an ICMP echo from a machine. */ 1184 1185 /* Note that whilst in the three second wait, we check for 1186 (and service) events on the DNS and TFTP sockets, (so doing that 1187 better not use any resources our caller has in use...) 1188 but we remain deaf to signals or further DHCP packets. */ 1189 1190 int fd; 1191 struct sockaddr_in saddr; 1192 struct { 1193 struct ip ip; 1194 struct icmp icmp; 1195 } packet; 1196 unsigned short id = rand16(); 1197 unsigned int i, j; 1198 int gotreply = 0; 1199 time_t start, now; 1200 1201#if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK) 1202 if ((fd = make_icmp_sock()) == -1) 1203 return 0; 1204#else 1205 int opt = 2000; 1206 fd = daemon->dhcp_icmp_fd; 1207 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt)); 1208#endif 1209 1210 saddr.sin_family = AF_INET; 1211 saddr.sin_port = 0; 1212 saddr.sin_addr = addr; 1213#ifdef HAVE_SOCKADDR_SA_LEN 1214 saddr.sin_len = sizeof(struct sockaddr_in); 1215#endif 1216 1217 memset(&packet.icmp, 0, sizeof(packet.icmp)); 1218 packet.icmp.icmp_type = ICMP_ECHO; 1219 packet.icmp.icmp_id = id; 1220 for (j = 0, i = 0; i < sizeof(struct icmp) / 2; i++) 1221 j += ((u16 *)&packet.icmp)[i]; 1222 while (j>>16) 1223 j = (j & 0xffff) + (j >> 16); 1224 packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j; 1225 1226 while (sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0, 1227 (struct sockaddr *)&saddr, sizeof(saddr)) == -1 && 1228 retry_send()); 1229 1230 for (now = start = dnsmasq_time(); 1231 difftime(now, start) < (float)PING_WAIT;) 1232 { 1233 struct timeval tv; 1234 fd_set rset, wset; 1235 struct sockaddr_in faddr; 1236 int maxfd = fd; 1237 socklen_t len = sizeof(faddr); 1238 1239 tv.tv_usec = 250000; 1240 tv.tv_sec = 0; 1241 1242 FD_ZERO(&rset); 1243 FD_ZERO(&wset); 1244 FD_SET(fd, &rset); 1245 set_dns_listeners(now, &rset, &maxfd); 1246 set_log_writer(&wset, &maxfd); 1247 1248 if (select(maxfd+1, &rset, &wset, NULL, &tv) < 0) 1249 { 1250 FD_ZERO(&rset); 1251 FD_ZERO(&wset); 1252 } 1253 1254 now = dnsmasq_time(); 1255 1256 check_log_writer(&wset); 1257 check_dns_listeners(&rset, now); 1258 1259#ifdef HAVE_TFTP 1260 check_tftp_listeners(&rset, now); 1261#endif 1262 1263 if (FD_ISSET(fd, &rset) && 1264 recvfrom(fd, &packet, sizeof(packet), 0, 1265 (struct sockaddr *)&faddr, &len) == sizeof(packet) && 1266 saddr.sin_addr.s_addr == faddr.sin_addr.s_addr && 1267 packet.icmp.icmp_type == ICMP_ECHOREPLY && 1268 packet.icmp.icmp_seq == 0 && 1269 packet.icmp.icmp_id == id) 1270 { 1271 gotreply = 1; 1272 break; 1273 } 1274 } 1275 1276#if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK) 1277 close(fd); 1278#else 1279 opt = 1; 1280 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt)); 1281#endif 1282 1283 return gotreply; 1284} 1285#endif 1286 1287 1288