1 /* dnsmasq is Copyright (c) 2000-2009 Simon Kelley
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
15 */
16
17 #include "dnsmasq.h"
18
19 struct daemon *daemon;
20
21 static char *compile_opts =
22 #ifndef HAVE_IPV6
23 "no-"
24 #endif
25 "IPv6 "
26 #ifndef HAVE_GETOPT_LONG
27 "no-"
28 #endif
29 "GNU-getopt "
30 #ifdef HAVE_BROKEN_RTC
31 "no-RTC "
32 #endif
33 #ifdef NO_FORK
34 "no-MMU "
35 #endif
36 #ifndef HAVE_DBUS
37 "no-"
38 #endif
39 "DBus "
40 #ifndef LOCALEDIR
41 "no-"
42 #endif
43 "I18N "
44 #ifndef HAVE_DHCP
45 "no-"
46 #endif
47 "DHCP "
48 #if defined(HAVE_DHCP) && !defined(HAVE_SCRIPT)
49 "no-scripts "
50 #endif
51 #ifndef HAVE_TFTP
52 "no-"
53 #endif
54 "TFTP";
55
56
57
58 static volatile pid_t pid = 0;
59 static volatile int pipewrite;
60
61 static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp);
62 static void check_dns_listeners(fd_set *set, time_t now);
63 static void sig_handler(int sig);
64 static void async_event(int pipe, time_t now);
65 static void fatal_event(struct event_desc *ev);
66 static void poll_resolv(void);
67 #ifdef __ANDROID__
68 static int set_android_listeners(fd_set *set, int *maxfdp);
69 static int check_android_listeners(fd_set *set);
70 #endif
71
main(int argc,char ** argv)72 int main (int argc, char **argv)
73 {
74 int bind_fallback = 0;
75 time_t now;
76 struct sigaction sigact;
77 struct iname *if_tmp;
78 int piperead, pipefd[2], err_pipe[2];
79 struct passwd *ent_pw = NULL;
80 #if defined(HAVE_DHCP) && defined(HAVE_SCRIPT)
81 uid_t script_uid = 0;
82 gid_t script_gid = 0;
83 #endif
84 struct group *gp = NULL;
85 long i, max_fd = sysconf(_SC_OPEN_MAX);
86 char *baduser = NULL;
87 int log_err;
88 #if defined(HAVE_LINUX_NETWORK)
89 cap_user_header_t hdr = NULL;
90 cap_user_data_t data = NULL;
91 #endif
92
93 #ifdef LOCALEDIR
94 setlocale(LC_ALL, "");
95 bindtextdomain("dnsmasq", LOCALEDIR);
96 textdomain("dnsmasq");
97 #endif
98
99 sigact.sa_handler = sig_handler;
100 sigact.sa_flags = 0;
101 sigemptyset(&sigact.sa_mask);
102 sigaction(SIGUSR1, &sigact, NULL);
103 sigaction(SIGUSR2, &sigact, NULL);
104 sigaction(SIGHUP, &sigact, NULL);
105 sigaction(SIGTERM, &sigact, NULL);
106 sigaction(SIGALRM, &sigact, NULL);
107 sigaction(SIGCHLD, &sigact, NULL);
108
109 /* ignore SIGPIPE */
110 sigact.sa_handler = SIG_IGN;
111 sigaction(SIGPIPE, &sigact, NULL);
112
113 umask(022); /* known umask, create leases and pid files as 0644 */
114
115 read_opts(argc, argv, compile_opts);
116
117 if (daemon->edns_pktsz < PACKETSZ)
118 daemon->edns_pktsz = PACKETSZ;
119 daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ?
120 daemon->edns_pktsz : DNSMASQ_PACKETSZ;
121 daemon->packet = safe_malloc(daemon->packet_buff_sz);
122
123 #ifdef HAVE_DHCP
124 if (!daemon->lease_file)
125 {
126 if (daemon->dhcp)
127 daemon->lease_file = LEASEFILE;
128 }
129 #endif
130
131 /* Close any file descriptors we inherited apart from std{in|out|err} */
132 for (i = 0; i < max_fd; i++)
133 if (i != STDOUT_FILENO && i != STDERR_FILENO && i != STDIN_FILENO)
134 close(i);
135
136 #ifdef HAVE_LINUX_NETWORK
137 netlink_init();
138 #elif !(defined(IP_RECVDSTADDR) && \
139 defined(IP_RECVIF) && \
140 defined(IP_SENDSRCADDR))
141 if (!(daemon->options & OPT_NOWILD))
142 {
143 bind_fallback = 1;
144 daemon->options |= OPT_NOWILD;
145 }
146 #endif
147
148 #ifndef HAVE_TFTP
149 if (daemon->options & OPT_TFTP)
150 die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL, EC_BADCONF);
151 #endif
152
153 #ifdef HAVE_SOLARIS_NETWORK
154 if (daemon->max_logs != 0)
155 die(_("asychronous logging is not available under Solaris"), NULL, EC_BADCONF);
156 #endif
157
158 rand_init();
159
160 now = dnsmasq_time();
161
162 #ifdef HAVE_DHCP
163 if (daemon->dhcp)
164 {
165 /* Note that order matters here, we must call lease_init before
166 creating any file descriptors which shouldn't be leaked
167 to the lease-script init process. */
168 lease_init(now);
169 dhcp_init();
170 }
171 #endif
172
173 if (!enumerate_interfaces())
174 die(_("failed to find list of interfaces: %s"), NULL, EC_MISC);
175
176 if (daemon->options & OPT_NOWILD)
177 {
178 daemon->listeners = create_bound_listeners();
179
180 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
181 if (if_tmp->name && !if_tmp->used)
182 die(_("unknown interface %s"), if_tmp->name, EC_BADNET);
183
184 for (if_tmp = daemon->if_addrs; if_tmp; if_tmp = if_tmp->next)
185 if (!if_tmp->used)
186 {
187 prettyprint_addr(&if_tmp->addr, daemon->namebuff);
188 die(_("no interface with address %s"), daemon->namebuff, EC_BADNET);
189 }
190 }
191 else if ((daemon->port != 0 || (daemon->options & OPT_TFTP)) &&
192 !(daemon->listeners = create_wildcard_listeners()))
193 die(_("failed to create listening socket: %s"), NULL, EC_BADNET);
194
195 if (daemon->port != 0)
196 cache_init();
197
198 if (daemon->options & OPT_DBUS)
199 #ifdef HAVE_DBUS
200 {
201 char *err;
202 daemon->dbus = NULL;
203 daemon->watches = NULL;
204 if ((err = dbus_init()))
205 die(_("DBus error: %s"), err, EC_MISC);
206 }
207 #else
208 die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL, EC_BADCONF);
209 #endif
210
211 if (daemon->port != 0)
212 pre_allocate_sfds();
213
214 #if defined(HAVE_DHCP) && defined(HAVE_SCRIPT)
215 /* Note getpwnam returns static storage */
216 if (daemon->dhcp && daemon->lease_change_command && daemon->scriptuser)
217 {
218 if ((ent_pw = getpwnam(daemon->scriptuser)))
219 {
220 script_uid = ent_pw->pw_uid;
221 script_gid = ent_pw->pw_gid;
222 }
223 else
224 baduser = daemon->scriptuser;
225 }
226 #endif
227
228 if (daemon->username && !(ent_pw = getpwnam(daemon->username)))
229 baduser = daemon->username;
230 else if (daemon->groupname && !(gp = getgrnam(daemon->groupname)))
231 baduser = daemon->groupname;
232
233 if (baduser)
234 die(_("unknown user or group: %s"), baduser, EC_BADCONF);
235
236 /* implement group defaults, "dip" if available, or group associated with uid */
237 if (!daemon->group_set && !gp)
238 {
239 if (!(gp = getgrnam(CHGRP)) && ent_pw)
240 gp = getgrgid(ent_pw->pw_gid);
241
242 /* for error message */
243 if (gp)
244 daemon->groupname = gp->gr_name;
245 }
246
247 #if defined(HAVE_LINUX_NETWORK)
248 /* determine capability API version here, while we can still
249 call safe_malloc */
250 if (ent_pw && ent_pw->pw_uid != 0)
251 {
252 int capsize = 1; /* for header version 1 */
253 hdr = safe_malloc(sizeof(*hdr));
254
255 /* find version supported by kernel */
256 memset(hdr, 0, sizeof(*hdr));
257 capget(hdr, NULL);
258
259 if (hdr->version != LINUX_CAPABILITY_VERSION_1)
260 {
261 /* if unknown version, use largest supported version (3) */
262 if (hdr->version != LINUX_CAPABILITY_VERSION_2)
263 hdr->version = LINUX_CAPABILITY_VERSION_3;
264 capsize = 2;
265 }
266
267 data = safe_malloc(sizeof(*data) * capsize);
268 memset(data, 0, sizeof(*data) * capsize);
269 }
270 #endif
271
272 /* Use a pipe to carry signals and other events back to the event loop
273 in a race-free manner and another to carry errors to daemon-invoking process */
274 safe_pipe(pipefd, 1);
275
276 piperead = pipefd[0];
277 pipewrite = pipefd[1];
278 /* prime the pipe to load stuff first time. */
279 send_event(pipewrite, EVENT_RELOAD, 0);
280
281 err_pipe[1] = -1;
282
283 if (!(daemon->options & OPT_DEBUG))
284 {
285 #ifndef __ANDROID__
286 int nullfd;
287 #endif
288
289 /* The following code "daemonizes" the process.
290 See Stevens section 12.4 */
291
292 if (chdir("/") != 0)
293 die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC);
294
295 #ifndef NO_FORK
296 if (!(daemon->options & OPT_NO_FORK))
297 {
298 pid_t pid;
299
300 /* pipe to carry errors back to original process.
301 When startup is complete we close this and the process terminates. */
302 safe_pipe(err_pipe, 0);
303
304 if ((pid = fork()) == -1)
305 /* fd == -1 since we've not forked, never returns. */
306 send_event(-1, EVENT_FORK_ERR, errno);
307
308 if (pid != 0)
309 {
310 struct event_desc ev;
311
312 /* close our copy of write-end */
313 close(err_pipe[1]);
314
315 /* check for errors after the fork */
316 if (read_write(err_pipe[0], (unsigned char *)&ev, sizeof(ev), 1))
317 fatal_event(&ev);
318
319 _exit(EC_GOOD);
320 }
321
322 close(err_pipe[0]);
323
324 /* NO calls to die() from here on. */
325
326 setsid();
327
328 if ((pid = fork()) == -1)
329 send_event(err_pipe[1], EVENT_FORK_ERR, errno);
330
331 if (pid != 0)
332 _exit(0);
333 }
334 #endif
335
336 /* write pidfile _after_ forking ! */
337 if (daemon->runfile)
338 {
339 FILE *pidfile;
340
341 /* only complain if started as root */
342 if ((pidfile = fopen(daemon->runfile, "w")))
343 {
344 fprintf(pidfile, "%d\n", (int) getpid());
345 fclose(pidfile);
346 }
347 else if (getuid() == 0)
348 {
349 send_event(err_pipe[1], EVENT_PIDFILE, errno);
350 _exit(0);
351 }
352 }
353
354 #ifndef __ANDROID__
355 /* open stdout etc to /dev/null */
356 nullfd = open("/dev/null", O_RDWR);
357 dup2(nullfd, STDOUT_FILENO);
358 dup2(nullfd, STDERR_FILENO);
359 dup2(nullfd, STDIN_FILENO);
360 close(nullfd);
361 #endif
362 }
363
364 log_err = log_start(ent_pw, err_pipe[1]);
365
366 /* if we are to run scripts, we need to fork a helper before dropping root. */
367 daemon->helperfd = -1;
368 #if defined(HAVE_DHCP) && defined(HAVE_SCRIPT)
369 if (daemon->dhcp && daemon->lease_change_command)
370 daemon->helperfd = create_helper(pipewrite, err_pipe[1], script_uid, script_gid, max_fd);
371 #endif
372
373 if (!(daemon->options & OPT_DEBUG) && getuid() == 0)
374 {
375 int bad_capabilities = 0;
376 gid_t dummy;
377
378 /* remove all supplimentary groups */
379 if (gp &&
380 (setgroups(0, &dummy) == -1 ||
381 setgid(gp->gr_gid) == -1))
382 {
383 send_event(err_pipe[1], EVENT_GROUP_ERR, errno);
384 _exit(0);
385 }
386
387 if (ent_pw && ent_pw->pw_uid != 0)
388 {
389 #if defined(HAVE_LINUX_NETWORK)
390 /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
391 CAP_NET_RAW (for icmp) if we're doing dhcp */
392 data->effective = data->permitted = data->inheritable =
393 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID);
394
395 /* Tell kernel to not clear capabilities when dropping root */
396 if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1)
397 bad_capabilities = errno;
398
399 #elif defined(HAVE_SOLARIS_NETWORK)
400 /* http://developers.sun.com/solaris/articles/program_privileges.html */
401 priv_set_t *priv_set;
402
403 if (!(priv_set = priv_str_to_set("basic", ",", NULL)) ||
404 priv_addset(priv_set, PRIV_NET_ICMPACCESS) == -1 ||
405 priv_addset(priv_set, PRIV_SYS_NET_CONFIG) == -1)
406 bad_capabilities = errno;
407
408 if (priv_set && bad_capabilities == 0)
409 {
410 priv_inverse(priv_set);
411
412 if (setppriv(PRIV_OFF, PRIV_LIMIT, priv_set) == -1)
413 bad_capabilities = errno;
414 }
415
416 if (priv_set)
417 priv_freeset(priv_set);
418
419 #endif
420
421 if (bad_capabilities != 0)
422 {
423 send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities);
424 _exit(0);
425 }
426
427 /* finally drop root */
428 if (setuid(ent_pw->pw_uid) == -1)
429 {
430 send_event(err_pipe[1], EVENT_USER_ERR, errno);
431 _exit(0);
432 }
433
434 #ifdef HAVE_LINUX_NETWORK
435 data->effective = data->permitted =
436 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW);
437 data->inheritable = 0;
438
439 /* lose the setuid and setgid capbilities */
440 if (capset(hdr, data) == -1)
441 {
442 send_event(err_pipe[1], EVENT_CAP_ERR, errno);
443 _exit(0);
444 }
445 #endif
446
447 }
448 }
449
450 #ifdef HAVE_LINUX_NETWORK
451 if (daemon->options & OPT_DEBUG)
452 prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
453 #endif
454
455 if (daemon->port == 0)
456 my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION);
457 else if (daemon->cachesize != 0)
458 my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize);
459 else
460 my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION);
461
462 my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts);
463
464 #ifdef HAVE_DBUS
465 if (daemon->options & OPT_DBUS)
466 {
467 if (daemon->dbus)
468 my_syslog(LOG_INFO, _("DBus support enabled: connected to system bus"));
469 else
470 my_syslog(LOG_INFO, _("DBus support enabled: bus connection pending"));
471 }
472 #endif
473
474 if (log_err != 0)
475 my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"),
476 daemon->log_file, strerror(log_err));
477
478 if (bind_fallback)
479 my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations"));
480
481 if (!(daemon->options & OPT_NOWILD))
482 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
483 if (if_tmp->name && !if_tmp->used)
484 my_syslog(LOG_WARNING, _("warning: interface %s does not currently exist"), if_tmp->name);
485
486 if (daemon->port != 0 && (daemon->options & OPT_NO_RESOLV))
487 {
488 if (daemon->resolv_files && !daemon->resolv_files->is_default)
489 my_syslog(LOG_WARNING, _("warning: ignoring resolv-file flag because no-resolv is set"));
490 daemon->resolv_files = NULL;
491 if (!daemon->servers)
492 my_syslog(LOG_WARNING, _("warning: no upstream servers configured"));
493 }
494
495 if (daemon->max_logs != 0)
496 my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"), daemon->max_logs);
497
498 #ifdef HAVE_DHCP
499 if (daemon->dhcp)
500 {
501 struct dhcp_context *dhcp_tmp;
502
503 for (dhcp_tmp = daemon->dhcp; dhcp_tmp; dhcp_tmp = dhcp_tmp->next)
504 {
505 prettyprint_time(daemon->dhcp_buff2, dhcp_tmp->lease_time);
506 strcpy(daemon->dhcp_buff, inet_ntoa(dhcp_tmp->start));
507 my_syslog(MS_DHCP | LOG_INFO,
508 (dhcp_tmp->flags & CONTEXT_STATIC) ?
509 _("DHCP, static leases only on %.0s%s, lease time %s") :
510 (dhcp_tmp->flags & CONTEXT_PROXY) ?
511 _("DHCP, proxy on subnet %.0s%s%.0s") :
512 _("DHCP, IP range %s -- %s, lease time %s"),
513 daemon->dhcp_buff, inet_ntoa(dhcp_tmp->end), daemon->dhcp_buff2);
514 }
515 }
516 #endif
517
518 #ifdef HAVE_TFTP
519 if (daemon->options & OPT_TFTP)
520 {
521 #ifdef FD_SETSIZE
522 if (FD_SETSIZE < (unsigned)max_fd)
523 max_fd = FD_SETSIZE;
524 #endif
525
526 my_syslog(MS_TFTP | LOG_INFO, "TFTP %s%s %s",
527 daemon->tftp_prefix ? _("root is ") : _("enabled"),
528 daemon->tftp_prefix ? daemon->tftp_prefix: "",
529 daemon->options & OPT_TFTP_SECURE ? _("secure mode") : "");
530
531 /* This is a guess, it assumes that for small limits,
532 disjoint files might be served, but for large limits,
533 a single file will be sent to may clients (the file only needs
534 one fd). */
535
536 max_fd -= 30; /* use other than TFTP */
537
538 if (max_fd < 0)
539 max_fd = 5;
540 else if (max_fd < 100)
541 max_fd = max_fd/2;
542 else
543 max_fd = max_fd - 20;
544
545 /* if we have to use a limited range of ports,
546 that will limit the number of transfers */
547 if (daemon->start_tftp_port != 0 &&
548 daemon->end_tftp_port - daemon->start_tftp_port + 1 < max_fd)
549 max_fd = daemon->end_tftp_port - daemon->start_tftp_port + 1;
550
551 if (daemon->tftp_max > max_fd)
552 {
553 daemon->tftp_max = max_fd;
554 my_syslog(MS_TFTP | LOG_WARNING,
555 _("restricting maximum simultaneous TFTP transfers to %d"),
556 daemon->tftp_max);
557 }
558 }
559 #endif
560
561 /* finished start-up - release original process */
562 if (err_pipe[1] != -1)
563 close(err_pipe[1]);
564
565 if (daemon->port != 0)
566 check_servers();
567
568 pid = getpid();
569
570 while (1)
571 {
572 int maxfd = -1;
573 struct timeval t, *tp = NULL;
574 fd_set rset, wset, eset;
575
576 FD_ZERO(&rset);
577 FD_ZERO(&wset);
578 FD_ZERO(&eset);
579
580 /* if we are out of resources, find how long we have to wait
581 for some to come free, we'll loop around then and restart
582 listening for queries */
583 if ((t.tv_sec = set_dns_listeners(now, &rset, &maxfd)) != 0)
584 {
585 t.tv_usec = 0;
586 tp = &t;
587 }
588 #ifdef __ANDROID__
589 set_android_listeners(&rset, &maxfd);
590 #endif
591
592 /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */
593 if (daemon->tftp_trans ||
594 ((daemon->options & OPT_DBUS) && !daemon->dbus))
595 {
596 t.tv_sec = 0;
597 t.tv_usec = 250000;
598 tp = &t;
599 }
600
601 #ifdef HAVE_DBUS
602 set_dbus_listeners(&maxfd, &rset, &wset, &eset);
603 #endif
604
605 #ifdef HAVE_DHCP
606 if (daemon->dhcp)
607 {
608 FD_SET(daemon->dhcpfd, &rset);
609 bump_maxfd(daemon->dhcpfd, &maxfd);
610 }
611 #endif
612
613 #ifdef HAVE_LINUX_NETWORK
614 FD_SET(daemon->netlinkfd, &rset);
615 bump_maxfd(daemon->netlinkfd, &maxfd);
616 #endif
617
618 FD_SET(piperead, &rset);
619 bump_maxfd(piperead, &maxfd);
620
621 #ifdef HAVE_DHCP
622 # ifdef HAVE_SCRIPT
623 while (helper_buf_empty() && do_script_run(now));
624
625 if (!helper_buf_empty())
626 {
627 FD_SET(daemon->helperfd, &wset);
628 bump_maxfd(daemon->helperfd, &maxfd);
629 }
630 # else
631 /* need this for other side-effects */
632 while (do_script_run(now));
633 # endif
634 #endif
635
636 /* must do this just before select(), when we know no
637 more calls to my_syslog() can occur */
638 set_log_writer(&wset, &maxfd);
639
640 if (select(maxfd+1, &rset, &wset, &eset, tp) < 0)
641 {
642 /* otherwise undefined after error */
643 FD_ZERO(&rset); FD_ZERO(&wset); FD_ZERO(&eset);
644 }
645
646 now = dnsmasq_time();
647
648 check_log_writer(&wset);
649
650 /* Check for changes to resolv files once per second max. */
651 /* Don't go silent for long periods if the clock goes backwards. */
652 if (daemon->last_resolv == 0 ||
653 difftime(now, daemon->last_resolv) > 1.0 ||
654 difftime(now, daemon->last_resolv) < -1.0)
655 {
656 daemon->last_resolv = now;
657
658 if (daemon->port != 0 && !(daemon->options & OPT_NO_POLL))
659 poll_resolv();
660 }
661
662 if (FD_ISSET(piperead, &rset))
663 async_event(piperead, now);
664
665 #ifdef HAVE_LINUX_NETWORK
666 if (FD_ISSET(daemon->netlinkfd, &rset))
667 netlink_multicast();
668 #endif
669
670 #ifdef HAVE_DBUS
671 /* if we didn't create a DBus connection, retry now. */
672 if ((daemon->options & OPT_DBUS) && !daemon->dbus)
673 {
674 char *err;
675 if ((err = dbus_init()))
676 my_syslog(LOG_WARNING, _("DBus error: %s"), err);
677 if (daemon->dbus)
678 my_syslog(LOG_INFO, _("connected to system DBus"));
679 }
680 check_dbus_listeners(&rset, &wset, &eset);
681 #endif
682
683 #ifdef __ANDROID__
684 check_android_listeners(&rset);
685 #endif
686
687 check_dns_listeners(&rset, now);
688
689 #ifdef HAVE_TFTP
690 check_tftp_listeners(&rset, now);
691 #endif
692
693 #ifdef HAVE_DHCP
694 if (daemon->dhcp && FD_ISSET(daemon->dhcpfd, &rset))
695 dhcp_packet(now);
696
697 # ifdef HAVE_SCRIPT
698 if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset))
699 helper_write();
700 # endif
701 #endif
702
703 }
704 }
705
sig_handler(int sig)706 static void sig_handler(int sig)
707 {
708 if (pid == 0)
709 {
710 /* ignore anything other than TERM during startup
711 and in helper proc. (helper ignore TERM too) */
712 if (sig == SIGTERM)
713 exit(EC_MISC);
714 }
715 else if (pid != getpid())
716 {
717 /* alarm is used to kill TCP children after a fixed time. */
718 if (sig == SIGALRM)
719 _exit(0);
720 }
721 else
722 {
723 /* master process */
724 int event, errsave = errno;
725
726 if (sig == SIGHUP)
727 event = EVENT_RELOAD;
728 else if (sig == SIGCHLD)
729 event = EVENT_CHILD;
730 else if (sig == SIGALRM)
731 event = EVENT_ALARM;
732 else if (sig == SIGTERM)
733 event = EVENT_TERM;
734 else if (sig == SIGUSR1)
735 event = EVENT_DUMP;
736 else if (sig == SIGUSR2)
737 event = EVENT_REOPEN;
738 else
739 return;
740
741 send_event(pipewrite, event, 0);
742 errno = errsave;
743 }
744 }
745
send_event(int fd,int event,int data)746 void send_event(int fd, int event, int data)
747 {
748 struct event_desc ev;
749
750 ev.event = event;
751 ev.data = data;
752
753 /* error pipe, debug mode. */
754 if (fd == -1)
755 fatal_event(&ev);
756 else
757 /* pipe is non-blocking and struct event_desc is smaller than
758 PIPE_BUF, so this either fails or writes everything */
759 while (write(fd, &ev, sizeof(ev)) == -1 && errno == EINTR);
760 }
761
fatal_event(struct event_desc * ev)762 static void fatal_event(struct event_desc *ev)
763 {
764 errno = ev->data;
765
766 switch (ev->event)
767 {
768 case EVENT_DIE:
769 exit(0);
770
771 case EVENT_FORK_ERR:
772 die(_("cannot fork into background: %s"), NULL, EC_MISC);
773
774 case EVENT_PIPE_ERR:
775 die(_("failed to create helper: %s"), NULL, EC_MISC);
776
777 case EVENT_CAP_ERR:
778 die(_("setting capabilities failed: %s"), NULL, EC_MISC);
779
780 case EVENT_USER_ERR:
781 case EVENT_HUSER_ERR:
782 die(_("failed to change user-id to %s: %s"),
783 ev->event == EVENT_USER_ERR ? daemon->username : daemon->scriptuser,
784 EC_MISC);
785
786 case EVENT_GROUP_ERR:
787 die(_("failed to change group-id to %s: %s"), daemon->groupname, EC_MISC);
788
789 case EVENT_PIDFILE:
790 die(_("failed to open pidfile %s: %s"), daemon->runfile, EC_FILE);
791
792 case EVENT_LOG_ERR:
793 die(_("cannot open %s: %s"), daemon->log_file ? daemon->log_file : "log", EC_FILE);
794 }
795 }
796
async_event(int pipe,time_t now)797 static void async_event(int pipe, time_t now)
798 {
799 pid_t p;
800 struct event_desc ev;
801 int i;
802
803 if (read_write(pipe, (unsigned char *)&ev, sizeof(ev), 1))
804 switch (ev.event)
805 {
806 case EVENT_RELOAD:
807 clear_cache_and_reload(now);
808 if (daemon->port != 0 && daemon->resolv_files && (daemon->options & OPT_NO_POLL))
809 {
810 reload_servers(daemon->resolv_files->name);
811 check_servers();
812 }
813 #ifdef HAVE_DHCP
814 rerun_scripts();
815 #endif
816 break;
817
818 case EVENT_DUMP:
819 if (daemon->port != 0)
820 dump_cache(now);
821 break;
822
823 case EVENT_ALARM:
824 #ifdef HAVE_DHCP
825 if (daemon->dhcp)
826 {
827 lease_prune(NULL, now);
828 lease_update_file(now);
829 }
830 #endif
831 break;
832
833 case EVENT_CHILD:
834 /* See Stevens 5.10 */
835 while ((p = waitpid(-1, NULL, WNOHANG)) != 0)
836 if (p == -1)
837 {
838 if (errno != EINTR)
839 break;
840 }
841 else
842 for (i = 0 ; i < MAX_PROCS; i++)
843 if (daemon->tcp_pids[i] == p)
844 daemon->tcp_pids[i] = 0;
845 break;
846
847 case EVENT_KILLED:
848 my_syslog(LOG_WARNING, _("child process killed by signal %d"), ev.data);
849 break;
850
851 case EVENT_EXITED:
852 my_syslog(LOG_WARNING, _("child process exited with status %d"), ev.data);
853 break;
854
855 case EVENT_EXEC_ERR:
856 my_syslog(LOG_ERR, _("failed to execute %s: %s"),
857 daemon->lease_change_command, strerror(ev.data));
858 break;
859
860 /* necessary for fatal errors in helper */
861 case EVENT_HUSER_ERR:
862 case EVENT_DIE:
863 fatal_event(&ev);
864 break;
865
866 case EVENT_REOPEN:
867 /* Note: this may leave TCP-handling processes with the old file still open.
868 Since any such process will die in CHILD_LIFETIME or probably much sooner,
869 we leave them logging to the old file. */
870 if (daemon->log_file != NULL)
871 log_reopen(daemon->log_file);
872 break;
873
874 case EVENT_TERM:
875 /* Knock all our children on the head. */
876 for (i = 0; i < MAX_PROCS; i++)
877 if (daemon->tcp_pids[i] != 0)
878 kill(daemon->tcp_pids[i], SIGALRM);
879
880 #if defined(HAVE_DHCP) && defined(HAVE_SCRIPT)
881 /* handle pending lease transitions */
882 if (daemon->helperfd != -1)
883 {
884 /* block in writes until all done */
885 if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1)
886 fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK);
887 do {
888 helper_write();
889 } while (!helper_buf_empty() || do_script_run(now));
890 close(daemon->helperfd);
891 }
892 #endif
893
894 if (daemon->lease_stream)
895 fclose(daemon->lease_stream);
896
897 if (daemon->runfile)
898 unlink(daemon->runfile);
899
900 my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM"));
901 flush_log();
902 exit(EC_GOOD);
903 }
904 }
905
poll_resolv()906 static void poll_resolv()
907 {
908 struct resolvc *res, *latest;
909 struct stat statbuf;
910 time_t last_change = 0;
911 /* There may be more than one possible file.
912 Go through and find the one which changed _last_.
913 Warn of any which can't be read. */
914 for (latest = NULL, res = daemon->resolv_files; res; res = res->next)
915 if (stat(res->name, &statbuf) == -1)
916 {
917 if (!res->logged)
918 my_syslog(LOG_WARNING, _("failed to access %s: %s"), res->name, strerror(errno));
919 res->logged = 1;
920 }
921 else
922 {
923 res->logged = 0;
924 if (statbuf.st_mtime != res->mtime)
925 {
926 res->mtime = statbuf.st_mtime;
927 if (difftime(statbuf.st_mtime, last_change) > 0.0)
928 {
929 last_change = statbuf.st_mtime;
930 latest = res;
931 }
932 }
933 }
934
935 if (latest)
936 {
937 static int warned = 0;
938 if (reload_servers(latest->name))
939 {
940 my_syslog(LOG_INFO, _("reading %s"), latest->name);
941 warned = 0;
942 check_servers();
943 if (daemon->options & OPT_RELOAD)
944 cache_reload();
945 }
946 else
947 {
948 latest->mtime = 0;
949 if (!warned)
950 {
951 my_syslog(LOG_WARNING, _("no servers found in %s, will retry"), latest->name);
952 warned = 1;
953 }
954 }
955 }
956 }
957
clear_cache_and_reload(time_t now)958 void clear_cache_and_reload(time_t now)
959 {
960 if (daemon->port != 0)
961 cache_reload();
962
963 #ifdef HAVE_DHCP
964 if (daemon->dhcp)
965 {
966 if (daemon->options & OPT_ETHERS)
967 dhcp_read_ethers();
968 reread_dhcp();
969 dhcp_update_configs(daemon->dhcp_conf);
970 check_dhcp_hosts(0);
971 lease_update_from_configs();
972 lease_update_file(now);
973 lease_update_dns();
974 }
975 #endif
976 }
977
978 #ifdef __ANDROID__
979
set_android_listeners(fd_set * set,int * maxfdp)980 static int set_android_listeners(fd_set *set, int *maxfdp) {
981 FD_SET(STDIN_FILENO, set);
982 bump_maxfd(STDIN_FILENO, maxfdp);
983 return 0;
984 }
985
check_android_listeners(fd_set * set)986 static int check_android_listeners(fd_set *set) {
987 int retcode = 0;
988 if (FD_ISSET(STDIN_FILENO, set)) {
989 char buffer[1024];
990 int rc;
991 int consumed = 0;
992
993 if ((rc = read(STDIN_FILENO, buffer, sizeof(buffer) -1)) < 0) {
994 my_syslog(LOG_ERR, _("Error reading from stdin (%s)"), strerror(errno));
995 return -1;
996 }
997 buffer[rc] = '\0';
998 while(consumed < rc) {
999 char *cmd;
1000 char *current_cmd = &buffer[consumed];
1001 char *params = current_cmd;
1002 int len = strlen(current_cmd);
1003
1004 cmd = strsep(¶ms, ":");
1005 if (!strcmp(cmd, "update_dns")) {
1006 if (params != NULL) {
1007 set_servers(params);
1008 check_servers();
1009 } else {
1010 my_syslog(LOG_ERR, _("Malformatted msg '%s'"), current_cmd);
1011 retcode = -1;
1012 }
1013 } else {
1014 my_syslog(LOG_ERR, _("Unknown cmd '%s'"), cmd);
1015 retcode = -1;
1016 }
1017 consumed += len + 1;
1018 }
1019 }
1020 return retcode;
1021 }
1022 #endif
1023
set_dns_listeners(time_t now,fd_set * set,int * maxfdp)1024 static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp)
1025 {
1026 struct serverfd *serverfdp;
1027 struct listener *listener;
1028 int wait = 0, i;
1029
1030 #ifdef HAVE_TFTP
1031 int tftp = 0;
1032 struct tftp_transfer *transfer;
1033 for (transfer = daemon->tftp_trans; transfer; transfer = transfer->next)
1034 {
1035 tftp++;
1036 FD_SET(transfer->sockfd, set);
1037 bump_maxfd(transfer->sockfd, maxfdp);
1038 }
1039 #endif
1040
1041 /* will we be able to get memory? */
1042 if (daemon->port != 0)
1043 get_new_frec(now, &wait);
1044
1045 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1046 {
1047 FD_SET(serverfdp->fd, set);
1048 bump_maxfd(serverfdp->fd, maxfdp);
1049 }
1050
1051 if (daemon->port != 0 && !daemon->osport)
1052 for (i = 0; i < RANDOM_SOCKS; i++)
1053 if (daemon->randomsocks[i].refcount != 0)
1054 {
1055 FD_SET(daemon->randomsocks[i].fd, set);
1056 bump_maxfd(daemon->randomsocks[i].fd, maxfdp);
1057 }
1058
1059 for (listener = daemon->listeners; listener; listener = listener->next)
1060 {
1061 /* only listen for queries if we have resources */
1062 if (listener->fd != -1 && wait == 0)
1063 {
1064 FD_SET(listener->fd, set);
1065 bump_maxfd(listener->fd, maxfdp);
1066 }
1067
1068 /* death of a child goes through the select loop, so
1069 we don't need to explicitly arrange to wake up here */
1070 if (listener->tcpfd != -1)
1071 for (i = 0; i < MAX_PROCS; i++)
1072 if (daemon->tcp_pids[i] == 0)
1073 {
1074 FD_SET(listener->tcpfd, set);
1075 bump_maxfd(listener->tcpfd, maxfdp);
1076 break;
1077 }
1078
1079 #ifdef HAVE_TFTP
1080 if (tftp <= daemon->tftp_max && listener->tftpfd != -1)
1081 {
1082 FD_SET(listener->tftpfd, set);
1083 bump_maxfd(listener->tftpfd, maxfdp);
1084 }
1085 #endif
1086
1087 }
1088
1089 return wait;
1090 }
1091
check_dns_listeners(fd_set * set,time_t now)1092 static void check_dns_listeners(fd_set *set, time_t now)
1093 {
1094 struct serverfd *serverfdp;
1095 struct listener *listener;
1096 int i;
1097
1098 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1099 if (FD_ISSET(serverfdp->fd, set))
1100 reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now);
1101
1102 if (daemon->port != 0 && !daemon->osport)
1103 for (i = 0; i < RANDOM_SOCKS; i++)
1104 if (daemon->randomsocks[i].refcount != 0 &&
1105 FD_ISSET(daemon->randomsocks[i].fd, set))
1106 reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now);
1107
1108 for (listener = daemon->listeners; listener; listener = listener->next)
1109 {
1110 if (listener->fd != -1 && FD_ISSET(listener->fd, set))
1111 receive_query(listener, now);
1112
1113 #ifdef HAVE_TFTP
1114 if (listener->tftpfd != -1 && FD_ISSET(listener->tftpfd, set))
1115 tftp_request(listener, now);
1116 #endif
1117
1118 if (listener->tcpfd != -1 && FD_ISSET(listener->tcpfd, set))
1119 {
1120 int confd;
1121 struct irec *iface = NULL;
1122 pid_t p;
1123
1124 while((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR);
1125
1126 if (confd == -1)
1127 continue;
1128
1129 if (daemon->options & OPT_NOWILD)
1130 iface = listener->iface;
1131 else
1132 {
1133 union mysockaddr tcp_addr;
1134 socklen_t tcp_len = sizeof(union mysockaddr);
1135 /* Check for allowed interfaces when binding the wildcard address:
1136 we do this by looking for an interface with the same address as
1137 the local address of the TCP connection, then looking to see if that's
1138 an allowed interface. As a side effect, we get the netmask of the
1139 interface too, for localisation. */
1140
1141 /* interface may be new since startup */
1142 if (enumerate_interfaces() &&
1143 getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) != -1)
1144 for (iface = daemon->interfaces; iface; iface = iface->next)
1145 if (sockaddr_isequal(&iface->addr, &tcp_addr))
1146 break;
1147 }
1148
1149 if (!iface)
1150 {
1151 shutdown(confd, SHUT_RDWR);
1152 close(confd);
1153 }
1154 #ifndef NO_FORK
1155 else if (!(daemon->options & OPT_DEBUG) && (p = fork()) != 0)
1156 {
1157 if (p != -1)
1158 {
1159 int i;
1160 for (i = 0; i < MAX_PROCS; i++)
1161 if (daemon->tcp_pids[i] == 0)
1162 {
1163 daemon->tcp_pids[i] = p;
1164 break;
1165 }
1166 }
1167 close(confd);
1168 }
1169 #endif
1170 else
1171 {
1172 unsigned char *buff;
1173 struct server *s;
1174 int flags;
1175 struct in_addr dst_addr_4;
1176
1177 dst_addr_4.s_addr = 0;
1178
1179 /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
1180 terminate the process. */
1181 if (!(daemon->options & OPT_DEBUG))
1182 alarm(CHILD_LIFETIME);
1183
1184 /* start with no upstream connections. */
1185 for (s = daemon->servers; s; s = s->next)
1186 s->tcpfd = -1;
1187
1188 /* The connected socket inherits non-blocking
1189 attribute from the listening socket.
1190 Reset that here. */
1191 if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
1192 fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);
1193
1194 if (listener->family == AF_INET)
1195 dst_addr_4 = iface->addr.in.sin_addr;
1196
1197 buff = tcp_request(confd, now, dst_addr_4, iface->netmask);
1198
1199 shutdown(confd, SHUT_RDWR);
1200 close(confd);
1201
1202 if (buff)
1203 free(buff);
1204
1205 for (s = daemon->servers; s; s = s->next)
1206 if (s->tcpfd != -1)
1207 {
1208 shutdown(s->tcpfd, SHUT_RDWR);
1209 close(s->tcpfd);
1210 }
1211 #ifndef NO_FORK
1212 if (!(daemon->options & OPT_DEBUG))
1213 {
1214 flush_log();
1215 _exit(0);
1216 }
1217 #endif
1218 }
1219 }
1220 }
1221 }
1222
1223 #ifdef HAVE_DHCP
make_icmp_sock(void)1224 int make_icmp_sock(void)
1225 {
1226 int fd;
1227 int zeroopt = 0;
1228
1229 if ((fd = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1)
1230 {
1231 if (!fix_fd(fd) ||
1232 setsockopt(fd, SOL_SOCKET, SO_DONTROUTE, &zeroopt, sizeof(zeroopt)) == -1)
1233 {
1234 close(fd);
1235 fd = -1;
1236 }
1237 }
1238
1239 return fd;
1240 }
1241
icmp_ping(struct in_addr addr)1242 int icmp_ping(struct in_addr addr)
1243 {
1244 /* Try and get an ICMP echo from a machine. */
1245
1246 /* Note that whilst in the three second wait, we check for
1247 (and service) events on the DNS and TFTP sockets, (so doing that
1248 better not use any resources our caller has in use...)
1249 but we remain deaf to signals or further DHCP packets. */
1250
1251 int fd;
1252 struct sockaddr_in saddr;
1253 struct {
1254 struct ip ip;
1255 struct icmp icmp;
1256 } packet;
1257 unsigned short id = rand16();
1258 unsigned int i, j;
1259 int gotreply = 0;
1260 time_t start, now;
1261
1262 #if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK)
1263 if ((fd = make_icmp_sock()) == -1)
1264 return 0;
1265 #else
1266 int opt = 2000;
1267 fd = daemon->dhcp_icmp_fd;
1268 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1269 #endif
1270
1271 saddr.sin_family = AF_INET;
1272 saddr.sin_port = 0;
1273 saddr.sin_addr = addr;
1274 #ifdef HAVE_SOCKADDR_SA_LEN
1275 saddr.sin_len = sizeof(struct sockaddr_in);
1276 #endif
1277
1278 memset(&packet.icmp, 0, sizeof(packet.icmp));
1279 packet.icmp.icmp_type = ICMP_ECHO;
1280 packet.icmp.icmp_id = id;
1281 for (j = 0, i = 0; i < sizeof(struct icmp) / 2; i++)
1282 j += ((u16 *)&packet.icmp)[i];
1283 while (j>>16)
1284 j = (j & 0xffff) + (j >> 16);
1285 packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j;
1286
1287 while (sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0,
1288 (struct sockaddr *)&saddr, sizeof(saddr)) == -1 &&
1289 retry_send());
1290
1291 for (now = start = dnsmasq_time();
1292 difftime(now, start) < (float)PING_WAIT;)
1293 {
1294 struct timeval tv;
1295 fd_set rset, wset;
1296 struct sockaddr_in faddr;
1297 int maxfd = fd;
1298 socklen_t len = sizeof(faddr);
1299
1300 tv.tv_usec = 250000;
1301 tv.tv_sec = 0;
1302
1303 FD_ZERO(&rset);
1304 FD_ZERO(&wset);
1305 FD_SET(fd, &rset);
1306 set_dns_listeners(now, &rset, &maxfd);
1307 set_log_writer(&wset, &maxfd);
1308
1309 if (select(maxfd+1, &rset, &wset, NULL, &tv) < 0)
1310 {
1311 FD_ZERO(&rset);
1312 FD_ZERO(&wset);
1313 }
1314
1315 now = dnsmasq_time();
1316
1317 check_log_writer(&wset);
1318 check_dns_listeners(&rset, now);
1319
1320 #ifdef HAVE_TFTP
1321 check_tftp_listeners(&rset, now);
1322 #endif
1323
1324 if (FD_ISSET(fd, &rset) &&
1325 recvfrom(fd, &packet, sizeof(packet), 0,
1326 (struct sockaddr *)&faddr, &len) == sizeof(packet) &&
1327 saddr.sin_addr.s_addr == faddr.sin_addr.s_addr &&
1328 packet.icmp.icmp_type == ICMP_ECHOREPLY &&
1329 packet.icmp.icmp_seq == 0 &&
1330 packet.icmp.icmp_id == id)
1331 {
1332 gotreply = 1;
1333 break;
1334 }
1335 }
1336
1337 #if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
1338 close(fd);
1339 #else
1340 opt = 1;
1341 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1342 #endif
1343
1344 return gotreply;
1345 }
1346 #endif
1347
1348
1349