• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* dnsmasq is Copyright (c) 2000-2009 Simon Kelley
2 
3    This program is free software; you can redistribute it and/or modify
4    it under the terms of the GNU General Public License as published by
5    the Free Software Foundation; version 2 dated June, 1991, or
6    (at your option) version 3 dated 29 June, 2007.
7 
8    This program is distributed in the hope that it will be useful,
9    but WITHOUT ANY WARRANTY; without even the implied warranty of
10    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11    GNU General Public License for more details.
12 
13    You should have received a copy of the GNU General Public License
14    along with this program.  If not, see <http://www.gnu.org/licenses/>.
15 */
16 
17 #include "dnsmasq.h"
18 
19 struct daemon *daemon;
20 
21 static char *compile_opts =
22 #ifndef HAVE_IPV6
23 "no-"
24 #endif
25 "IPv6 "
26 #ifndef HAVE_GETOPT_LONG
27 "no-"
28 #endif
29 "GNU-getopt "
30 #ifdef HAVE_BROKEN_RTC
31 "no-RTC "
32 #endif
33 #ifdef NO_FORK
34 "no-MMU "
35 #endif
36 #ifndef HAVE_DBUS
37 "no-"
38 #endif
39 "DBus "
40 #ifndef LOCALEDIR
41 "no-"
42 #endif
43 "I18N "
44 #ifndef HAVE_DHCP
45 "no-"
46 #endif
47 "DHCP "
48 #if defined(HAVE_DHCP) && !defined(HAVE_SCRIPT)
49 "no-scripts "
50 #endif
51 #ifndef HAVE_TFTP
52 "no-"
53 #endif
54 "TFTP";
55 
56 
57 
58 static volatile pid_t pid = 0;
59 static volatile int pipewrite;
60 
61 static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp);
62 static void check_dns_listeners(fd_set *set, time_t now);
63 static void sig_handler(int sig);
64 static void async_event(int pipe, time_t now);
65 static void fatal_event(struct event_desc *ev);
66 static void poll_resolv(void);
67 #ifdef __ANDROID__
68 static int set_android_listeners(fd_set *set, int *maxfdp);
69 static int check_android_listeners(fd_set *set);
70 #endif
71 
main(int argc,char ** argv)72 int main (int argc, char **argv)
73 {
74   int bind_fallback = 0;
75   time_t now;
76   struct sigaction sigact;
77   struct iname *if_tmp;
78   int piperead, pipefd[2], err_pipe[2];
79   struct passwd *ent_pw = NULL;
80 #if defined(HAVE_DHCP) && defined(HAVE_SCRIPT)
81   uid_t script_uid = 0;
82   gid_t script_gid = 0;
83 #endif
84   struct group *gp = NULL;
85   long i, max_fd = sysconf(_SC_OPEN_MAX);
86   char *baduser = NULL;
87   int log_err;
88 #if defined(HAVE_LINUX_NETWORK)
89   cap_user_header_t hdr = NULL;
90   cap_user_data_t data = NULL;
91 #endif
92 
93 #ifdef LOCALEDIR
94   setlocale(LC_ALL, "");
95   bindtextdomain("dnsmasq", LOCALEDIR);
96   textdomain("dnsmasq");
97 #endif
98 
99   sigact.sa_handler = sig_handler;
100   sigact.sa_flags = 0;
101   sigemptyset(&sigact.sa_mask);
102   sigaction(SIGUSR1, &sigact, NULL);
103   sigaction(SIGUSR2, &sigact, NULL);
104   sigaction(SIGHUP, &sigact, NULL);
105   sigaction(SIGTERM, &sigact, NULL);
106   sigaction(SIGALRM, &sigact, NULL);
107   sigaction(SIGCHLD, &sigact, NULL);
108 
109   /* ignore SIGPIPE */
110   sigact.sa_handler = SIG_IGN;
111   sigaction(SIGPIPE, &sigact, NULL);
112 
113   umask(022); /* known umask, create leases and pid files as 0644 */
114 
115   read_opts(argc, argv, compile_opts);
116 
117   if (daemon->edns_pktsz < PACKETSZ)
118     daemon->edns_pktsz = PACKETSZ;
119   daemon->packet_buff_sz = daemon->edns_pktsz > DNSMASQ_PACKETSZ ?
120     daemon->edns_pktsz : DNSMASQ_PACKETSZ;
121   daemon->packet = safe_malloc(daemon->packet_buff_sz);
122 
123 #ifdef HAVE_DHCP
124   if (!daemon->lease_file)
125     {
126       if (daemon->dhcp)
127 	daemon->lease_file = LEASEFILE;
128     }
129 #endif
130 
131   /* Close any file descriptors we inherited apart from std{in|out|err} */
132   for (i = 0; i < max_fd; i++)
133     if (i != STDOUT_FILENO && i != STDERR_FILENO && i != STDIN_FILENO)
134       close(i);
135 
136 #ifdef HAVE_LINUX_NETWORK
137   netlink_init();
138 #elif !(defined(IP_RECVDSTADDR) && \
139 	defined(IP_RECVIF) && \
140 	defined(IP_SENDSRCADDR))
141   if (!(daemon->options & OPT_NOWILD))
142     {
143       bind_fallback = 1;
144       daemon->options |= OPT_NOWILD;
145     }
146 #endif
147 
148 #ifndef HAVE_TFTP
149   if (daemon->options & OPT_TFTP)
150     die(_("TFTP server not available: set HAVE_TFTP in src/config.h"), NULL, EC_BADCONF);
151 #endif
152 
153 #ifdef HAVE_SOLARIS_NETWORK
154   if (daemon->max_logs != 0)
155     die(_("asychronous logging is not available under Solaris"), NULL, EC_BADCONF);
156 #endif
157 
158   rand_init();
159 
160   now = dnsmasq_time();
161 
162 #ifdef HAVE_DHCP
163   if (daemon->dhcp)
164     {
165       /* Note that order matters here, we must call lease_init before
166 	 creating any file descriptors which shouldn't be leaked
167 	 to the lease-script init process. */
168       lease_init(now);
169       dhcp_init();
170     }
171 #endif
172 
173   if (!enumerate_interfaces())
174     die(_("failed to find list of interfaces: %s"), NULL, EC_MISC);
175 
176   if (daemon->options & OPT_NOWILD)
177     {
178       daemon->listeners = create_bound_listeners();
179 
180       for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
181 	if (if_tmp->name && !if_tmp->used)
182 	  die(_("unknown interface %s"), if_tmp->name, EC_BADNET);
183 
184       for (if_tmp = daemon->if_addrs; if_tmp; if_tmp = if_tmp->next)
185 	if (!if_tmp->used)
186 	  {
187 	    prettyprint_addr(&if_tmp->addr, daemon->namebuff);
188 	    die(_("no interface with address %s"), daemon->namebuff, EC_BADNET);
189 	  }
190     }
191   else if ((daemon->port != 0 || (daemon->options & OPT_TFTP)) &&
192 	   !(daemon->listeners = create_wildcard_listeners()))
193     die(_("failed to create listening socket: %s"), NULL, EC_BADNET);
194 
195   if (daemon->port != 0)
196     cache_init();
197 
198   if (daemon->options & OPT_DBUS)
199 #ifdef HAVE_DBUS
200     {
201       char *err;
202       daemon->dbus = NULL;
203       daemon->watches = NULL;
204       if ((err = dbus_init()))
205 	die(_("DBus error: %s"), err, EC_MISC);
206     }
207 #else
208   die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL, EC_BADCONF);
209 #endif
210 
211   if (daemon->port != 0)
212     pre_allocate_sfds();
213 
214 #if defined(HAVE_DHCP) && defined(HAVE_SCRIPT)
215   /* Note getpwnam returns static storage */
216   if (daemon->dhcp && daemon->lease_change_command && daemon->scriptuser)
217     {
218       if ((ent_pw = getpwnam(daemon->scriptuser)))
219 	{
220 	  script_uid = ent_pw->pw_uid;
221 	  script_gid = ent_pw->pw_gid;
222 	 }
223       else
224 	baduser = daemon->scriptuser;
225     }
226 #endif
227 
228   if (daemon->username && !(ent_pw = getpwnam(daemon->username)))
229     baduser = daemon->username;
230   else if (daemon->groupname && !(gp = getgrnam(daemon->groupname)))
231     baduser = daemon->groupname;
232 
233   if (baduser)
234     die(_("unknown user or group: %s"), baduser, EC_BADCONF);
235 
236   /* implement group defaults, "dip" if available, or group associated with uid */
237   if (!daemon->group_set && !gp)
238     {
239       if (!(gp = getgrnam(CHGRP)) && ent_pw)
240 	gp = getgrgid(ent_pw->pw_gid);
241 
242       /* for error message */
243       if (gp)
244 	daemon->groupname = gp->gr_name;
245     }
246 
247 #if defined(HAVE_LINUX_NETWORK)
248   /* determine capability API version here, while we can still
249      call safe_malloc */
250   if (ent_pw && ent_pw->pw_uid != 0)
251     {
252       int capsize = 1; /* for header version 1 */
253       hdr = safe_malloc(sizeof(*hdr));
254 
255       /* find version supported by kernel */
256       memset(hdr, 0, sizeof(*hdr));
257       capget(hdr, NULL);
258 
259       if (hdr->version != LINUX_CAPABILITY_VERSION_1)
260 	{
261 	  /* if unknown version, use largest supported version (3) */
262 	  if (hdr->version != LINUX_CAPABILITY_VERSION_2)
263 	    hdr->version = LINUX_CAPABILITY_VERSION_3;
264 	  capsize = 2;
265 	}
266 
267       data = safe_malloc(sizeof(*data) * capsize);
268       memset(data, 0, sizeof(*data) * capsize);
269     }
270 #endif
271 
272   /* Use a pipe to carry signals and other events back to the event loop
273      in a race-free manner and another to carry errors to daemon-invoking process */
274   safe_pipe(pipefd, 1);
275 
276   piperead = pipefd[0];
277   pipewrite = pipefd[1];
278   /* prime the pipe to load stuff first time. */
279   send_event(pipewrite, EVENT_RELOAD, 0);
280 
281   err_pipe[1] = -1;
282 
283   if (!(daemon->options & OPT_DEBUG))
284     {
285 #ifndef __ANDROID__
286       int nullfd;
287 #endif
288 
289       /* The following code "daemonizes" the process.
290 	 See Stevens section 12.4 */
291 
292       if (chdir("/") != 0)
293 	die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC);
294 
295 #ifndef NO_FORK
296       if (!(daemon->options & OPT_NO_FORK))
297 	{
298 	  pid_t pid;
299 
300 	  /* pipe to carry errors back to original process.
301 	     When startup is complete we close this and the process terminates. */
302 	  safe_pipe(err_pipe, 0);
303 
304 	  if ((pid = fork()) == -1)
305 	    /* fd == -1 since we've not forked, never returns. */
306 	    send_event(-1, EVENT_FORK_ERR, errno);
307 
308 	  if (pid != 0)
309 	    {
310 	      struct event_desc ev;
311 
312 	      /* close our copy of write-end */
313 	      close(err_pipe[1]);
314 
315 	      /* check for errors after the fork */
316 	      if (read_write(err_pipe[0], (unsigned char *)&ev, sizeof(ev), 1))
317 		fatal_event(&ev);
318 
319 	      _exit(EC_GOOD);
320 	    }
321 
322 	  close(err_pipe[0]);
323 
324 	  /* NO calls to die() from here on. */
325 
326 	  setsid();
327 
328 	  if ((pid = fork()) == -1)
329 	    send_event(err_pipe[1], EVENT_FORK_ERR, errno);
330 
331 	  if (pid != 0)
332 	    _exit(0);
333 	}
334 #endif
335 
336       /* write pidfile _after_ forking ! */
337       if (daemon->runfile)
338 	{
339 	  FILE *pidfile;
340 
341 	  /* only complain if started as root */
342 	  if ((pidfile = fopen(daemon->runfile, "w")))
343 	    {
344 	      fprintf(pidfile, "%d\n", (int) getpid());
345 	      fclose(pidfile);
346 	    }
347 	  else if (getuid() == 0)
348 	    {
349 	      send_event(err_pipe[1], EVENT_PIDFILE, errno);
350 	      _exit(0);
351 	    }
352 	}
353 
354 #ifndef __ANDROID__
355       /* open  stdout etc to /dev/null */
356       nullfd = open("/dev/null", O_RDWR);
357       dup2(nullfd, STDOUT_FILENO);
358       dup2(nullfd, STDERR_FILENO);
359       dup2(nullfd, STDIN_FILENO);
360       close(nullfd);
361 #endif
362     }
363 
364    log_err = log_start(ent_pw, err_pipe[1]);
365 
366    /* if we are to run scripts, we need to fork a helper before dropping root. */
367   daemon->helperfd = -1;
368 #if defined(HAVE_DHCP) && defined(HAVE_SCRIPT)
369   if (daemon->dhcp && daemon->lease_change_command)
370     daemon->helperfd = create_helper(pipewrite, err_pipe[1], script_uid, script_gid, max_fd);
371 #endif
372 
373   if (!(daemon->options & OPT_DEBUG) && getuid() == 0)
374     {
375       int bad_capabilities = 0;
376       gid_t dummy;
377 
378       /* remove all supplimentary groups */
379       if (gp &&
380 	  (setgroups(0, &dummy) == -1 ||
381 	   setgid(gp->gr_gid) == -1))
382 	{
383 	  send_event(err_pipe[1], EVENT_GROUP_ERR, errno);
384 	  _exit(0);
385 	}
386 
387       if (ent_pw && ent_pw->pw_uid != 0)
388 	{
389 #if defined(HAVE_LINUX_NETWORK)
390 	  /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
391 	     CAP_NET_RAW (for icmp) if we're doing dhcp */
392 	  data->effective = data->permitted = data->inheritable =
393 	    (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID);
394 
395 	  /* Tell kernel to not clear capabilities when dropping root */
396 	  if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1)
397 	    bad_capabilities = errno;
398 
399 #elif defined(HAVE_SOLARIS_NETWORK)
400 	  /* http://developers.sun.com/solaris/articles/program_privileges.html */
401 	  priv_set_t *priv_set;
402 
403 	  if (!(priv_set = priv_str_to_set("basic", ",", NULL)) ||
404 	      priv_addset(priv_set, PRIV_NET_ICMPACCESS) == -1 ||
405 	      priv_addset(priv_set, PRIV_SYS_NET_CONFIG) == -1)
406 	    bad_capabilities = errno;
407 
408 	  if (priv_set && bad_capabilities == 0)
409 	    {
410 	      priv_inverse(priv_set);
411 
412 	      if (setppriv(PRIV_OFF, PRIV_LIMIT, priv_set) == -1)
413 		bad_capabilities = errno;
414 	    }
415 
416 	  if (priv_set)
417 	    priv_freeset(priv_set);
418 
419 #endif
420 
421 	  if (bad_capabilities != 0)
422 	    {
423 	      send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities);
424 	      _exit(0);
425 	    }
426 
427 	  /* finally drop root */
428 	  if (setuid(ent_pw->pw_uid) == -1)
429 	    {
430 	      send_event(err_pipe[1], EVENT_USER_ERR, errno);
431 	      _exit(0);
432 	    }
433 
434 #ifdef HAVE_LINUX_NETWORK
435 	  data->effective = data->permitted =
436 	    (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW);
437 	  data->inheritable = 0;
438 
439 	  /* lose the setuid and setgid capbilities */
440 	  if (capset(hdr, data) == -1)
441 	    {
442 	      send_event(err_pipe[1], EVENT_CAP_ERR, errno);
443 	      _exit(0);
444 	    }
445 #endif
446 
447 	}
448     }
449 
450 #ifdef HAVE_LINUX_NETWORK
451   if (daemon->options & OPT_DEBUG)
452     prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
453 #endif
454 
455   if (daemon->port == 0)
456     my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION);
457   else if (daemon->cachesize != 0)
458     my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize);
459   else
460     my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION);
461 
462   my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts);
463 
464 #ifdef HAVE_DBUS
465   if (daemon->options & OPT_DBUS)
466     {
467       if (daemon->dbus)
468 	my_syslog(LOG_INFO, _("DBus support enabled: connected to system bus"));
469       else
470 	my_syslog(LOG_INFO, _("DBus support enabled: bus connection pending"));
471     }
472 #endif
473 
474   if (log_err != 0)
475     my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"),
476 	      daemon->log_file, strerror(log_err));
477 
478   if (bind_fallback)
479     my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations"));
480 
481   if (!(daemon->options & OPT_NOWILD))
482     for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next)
483       if (if_tmp->name && !if_tmp->used)
484 	my_syslog(LOG_WARNING, _("warning: interface %s does not currently exist"), if_tmp->name);
485 
486   if (daemon->port != 0 && (daemon->options & OPT_NO_RESOLV))
487     {
488       if (daemon->resolv_files && !daemon->resolv_files->is_default)
489 	my_syslog(LOG_WARNING, _("warning: ignoring resolv-file flag because no-resolv is set"));
490       daemon->resolv_files = NULL;
491       if (!daemon->servers)
492 	my_syslog(LOG_WARNING, _("warning: no upstream servers configured"));
493     }
494 
495   if (daemon->max_logs != 0)
496     my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"), daemon->max_logs);
497 
498 #ifdef HAVE_DHCP
499   if (daemon->dhcp)
500     {
501       struct dhcp_context *dhcp_tmp;
502 
503       for (dhcp_tmp = daemon->dhcp; dhcp_tmp; dhcp_tmp = dhcp_tmp->next)
504 	{
505 	  prettyprint_time(daemon->dhcp_buff2, dhcp_tmp->lease_time);
506 	  strcpy(daemon->dhcp_buff, inet_ntoa(dhcp_tmp->start));
507 	  my_syslog(MS_DHCP | LOG_INFO,
508 		    (dhcp_tmp->flags & CONTEXT_STATIC) ?
509 		    _("DHCP, static leases only on %.0s%s, lease time %s") :
510 		    (dhcp_tmp->flags & CONTEXT_PROXY) ?
511 		    _("DHCP, proxy on subnet %.0s%s%.0s") :
512 		    _("DHCP, IP range %s -- %s, lease time %s"),
513 		    daemon->dhcp_buff, inet_ntoa(dhcp_tmp->end), daemon->dhcp_buff2);
514 	}
515     }
516 #endif
517 
518 #ifdef HAVE_TFTP
519   if (daemon->options & OPT_TFTP)
520     {
521 #ifdef FD_SETSIZE
522       if (FD_SETSIZE < (unsigned)max_fd)
523 	max_fd = FD_SETSIZE;
524 #endif
525 
526       my_syslog(MS_TFTP | LOG_INFO, "TFTP %s%s %s",
527 		daemon->tftp_prefix ? _("root is ") : _("enabled"),
528 		daemon->tftp_prefix ? daemon->tftp_prefix: "",
529 		daemon->options & OPT_TFTP_SECURE ? _("secure mode") : "");
530 
531       /* This is a guess, it assumes that for small limits,
532 	 disjoint files might be served, but for large limits,
533 	 a single file will be sent to may clients (the file only needs
534 	 one fd). */
535 
536       max_fd -= 30; /* use other than TFTP */
537 
538       if (max_fd < 0)
539 	max_fd = 5;
540       else if (max_fd < 100)
541 	max_fd = max_fd/2;
542       else
543 	max_fd = max_fd - 20;
544 
545       /* if we have to use a limited range of ports,
546 	 that will limit the number of transfers */
547       if (daemon->start_tftp_port != 0 &&
548 	  daemon->end_tftp_port - daemon->start_tftp_port + 1 < max_fd)
549 	max_fd = daemon->end_tftp_port - daemon->start_tftp_port + 1;
550 
551       if (daemon->tftp_max > max_fd)
552 	{
553 	  daemon->tftp_max = max_fd;
554 	  my_syslog(MS_TFTP | LOG_WARNING,
555 		    _("restricting maximum simultaneous TFTP transfers to %d"),
556 		    daemon->tftp_max);
557 	}
558     }
559 #endif
560 
561   /* finished start-up - release original process */
562   if (err_pipe[1] != -1)
563     close(err_pipe[1]);
564 
565   if (daemon->port != 0)
566     check_servers();
567 
568   pid = getpid();
569 
570   while (1)
571     {
572       int maxfd = -1;
573       struct timeval t, *tp = NULL;
574       fd_set rset, wset, eset;
575 
576       FD_ZERO(&rset);
577       FD_ZERO(&wset);
578       FD_ZERO(&eset);
579 
580       /* if we are out of resources, find how long we have to wait
581 	 for some to come free, we'll loop around then and restart
582 	 listening for queries */
583       if ((t.tv_sec = set_dns_listeners(now, &rset, &maxfd)) != 0)
584 	{
585 	  t.tv_usec = 0;
586 	  tp = &t;
587 	}
588 #ifdef __ANDROID__
589       set_android_listeners(&rset, &maxfd);
590 #endif
591 
592       /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */
593       if (daemon->tftp_trans ||
594 	  ((daemon->options & OPT_DBUS) && !daemon->dbus))
595 	{
596 	  t.tv_sec = 0;
597 	  t.tv_usec = 250000;
598 	  tp = &t;
599 	}
600 
601 #ifdef HAVE_DBUS
602       set_dbus_listeners(&maxfd, &rset, &wset, &eset);
603 #endif
604 
605 #ifdef HAVE_DHCP
606       if (daemon->dhcp)
607 	{
608 	  FD_SET(daemon->dhcpfd, &rset);
609 	  bump_maxfd(daemon->dhcpfd, &maxfd);
610 	}
611 #endif
612 
613 #ifdef HAVE_LINUX_NETWORK
614       FD_SET(daemon->netlinkfd, &rset);
615       bump_maxfd(daemon->netlinkfd, &maxfd);
616 #endif
617 
618       FD_SET(piperead, &rset);
619       bump_maxfd(piperead, &maxfd);
620 
621 #ifdef HAVE_DHCP
622 #  ifdef HAVE_SCRIPT
623       while (helper_buf_empty() && do_script_run(now));
624 
625       if (!helper_buf_empty())
626 	{
627 	  FD_SET(daemon->helperfd, &wset);
628 	  bump_maxfd(daemon->helperfd, &maxfd);
629 	}
630 #  else
631       /* need this for other side-effects */
632       while (do_script_run(now));
633 #  endif
634 #endif
635 
636       /* must do this just before select(), when we know no
637 	 more calls to my_syslog() can occur */
638       set_log_writer(&wset, &maxfd);
639 
640       if (select(maxfd+1, &rset, &wset, &eset, tp) < 0)
641 	{
642 	  /* otherwise undefined after error */
643 	  FD_ZERO(&rset); FD_ZERO(&wset); FD_ZERO(&eset);
644 	}
645 
646       now = dnsmasq_time();
647 
648       check_log_writer(&wset);
649 
650       /* Check for changes to resolv files once per second max. */
651       /* Don't go silent for long periods if the clock goes backwards. */
652       if (daemon->last_resolv == 0 ||
653 	  difftime(now, daemon->last_resolv) > 1.0 ||
654 	  difftime(now, daemon->last_resolv) < -1.0)
655 	{
656 	  daemon->last_resolv = now;
657 
658 	  if (daemon->port != 0 && !(daemon->options & OPT_NO_POLL))
659 	    poll_resolv();
660 	}
661 
662       if (FD_ISSET(piperead, &rset))
663 	async_event(piperead, now);
664 
665 #ifdef HAVE_LINUX_NETWORK
666       if (FD_ISSET(daemon->netlinkfd, &rset))
667 	netlink_multicast();
668 #endif
669 
670 #ifdef HAVE_DBUS
671       /* if we didn't create a DBus connection, retry now. */
672      if ((daemon->options & OPT_DBUS) && !daemon->dbus)
673 	{
674 	  char *err;
675 	  if ((err = dbus_init()))
676 	    my_syslog(LOG_WARNING, _("DBus error: %s"), err);
677 	  if (daemon->dbus)
678 	    my_syslog(LOG_INFO, _("connected to system DBus"));
679 	}
680       check_dbus_listeners(&rset, &wset, &eset);
681 #endif
682 
683 #ifdef __ANDROID__
684       check_android_listeners(&rset);
685 #endif
686 
687       check_dns_listeners(&rset, now);
688 
689 #ifdef HAVE_TFTP
690       check_tftp_listeners(&rset, now);
691 #endif
692 
693 #ifdef HAVE_DHCP
694       if (daemon->dhcp && FD_ISSET(daemon->dhcpfd, &rset))
695 	dhcp_packet(now);
696 
697 #  ifdef HAVE_SCRIPT
698       if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset))
699 	helper_write();
700 #  endif
701 #endif
702 
703     }
704 }
705 
sig_handler(int sig)706 static void sig_handler(int sig)
707 {
708   if (pid == 0)
709     {
710       /* ignore anything other than TERM during startup
711 	 and in helper proc. (helper ignore TERM too) */
712       if (sig == SIGTERM)
713 	exit(EC_MISC);
714     }
715   else if (pid != getpid())
716     {
717       /* alarm is used to kill TCP children after a fixed time. */
718       if (sig == SIGALRM)
719 	_exit(0);
720     }
721   else
722     {
723       /* master process */
724       int event, errsave = errno;
725 
726       if (sig == SIGHUP)
727 	event = EVENT_RELOAD;
728       else if (sig == SIGCHLD)
729 	event = EVENT_CHILD;
730       else if (sig == SIGALRM)
731 	event = EVENT_ALARM;
732       else if (sig == SIGTERM)
733 	event = EVENT_TERM;
734       else if (sig == SIGUSR1)
735 	event = EVENT_DUMP;
736       else if (sig == SIGUSR2)
737 	event = EVENT_REOPEN;
738       else
739 	return;
740 
741       send_event(pipewrite, event, 0);
742       errno = errsave;
743     }
744 }
745 
send_event(int fd,int event,int data)746 void send_event(int fd, int event, int data)
747 {
748   struct event_desc ev;
749 
750   ev.event = event;
751   ev.data = data;
752 
753   /* error pipe, debug mode. */
754   if (fd == -1)
755     fatal_event(&ev);
756   else
757     /* pipe is non-blocking and struct event_desc is smaller than
758        PIPE_BUF, so this either fails or writes everything */
759     while (write(fd, &ev, sizeof(ev)) == -1 && errno == EINTR);
760 }
761 
fatal_event(struct event_desc * ev)762 static void fatal_event(struct event_desc *ev)
763 {
764   errno = ev->data;
765 
766   switch (ev->event)
767     {
768     case EVENT_DIE:
769       exit(0);
770 
771     case EVENT_FORK_ERR:
772       die(_("cannot fork into background: %s"), NULL, EC_MISC);
773 
774     case EVENT_PIPE_ERR:
775       die(_("failed to create helper: %s"), NULL, EC_MISC);
776 
777     case EVENT_CAP_ERR:
778       die(_("setting capabilities failed: %s"), NULL, EC_MISC);
779 
780     case EVENT_USER_ERR:
781     case EVENT_HUSER_ERR:
782       die(_("failed to change user-id to %s: %s"),
783 	  ev->event == EVENT_USER_ERR ? daemon->username : daemon->scriptuser,
784 	  EC_MISC);
785 
786     case EVENT_GROUP_ERR:
787       die(_("failed to change group-id to %s: %s"), daemon->groupname, EC_MISC);
788 
789     case EVENT_PIDFILE:
790       die(_("failed to open pidfile %s: %s"), daemon->runfile, EC_FILE);
791 
792     case EVENT_LOG_ERR:
793       die(_("cannot open %s: %s"), daemon->log_file ? daemon->log_file : "log", EC_FILE);
794     }
795 }
796 
async_event(int pipe,time_t now)797 static void async_event(int pipe, time_t now)
798 {
799   pid_t p;
800   struct event_desc ev;
801   int i;
802 
803   if (read_write(pipe, (unsigned char *)&ev, sizeof(ev), 1))
804     switch (ev.event)
805       {
806       case EVENT_RELOAD:
807 	clear_cache_and_reload(now);
808 	if (daemon->port != 0 && daemon->resolv_files && (daemon->options & OPT_NO_POLL))
809 	  {
810 	    reload_servers(daemon->resolv_files->name);
811 	    check_servers();
812 	  }
813 #ifdef HAVE_DHCP
814 	rerun_scripts();
815 #endif
816 	break;
817 
818       case EVENT_DUMP:
819 	if (daemon->port != 0)
820 	  dump_cache(now);
821 	break;
822 
823       case EVENT_ALARM:
824 #ifdef HAVE_DHCP
825 	if (daemon->dhcp)
826 	  {
827 	    lease_prune(NULL, now);
828 	    lease_update_file(now);
829 	  }
830 #endif
831 	break;
832 
833       case EVENT_CHILD:
834 	/* See Stevens 5.10 */
835 	while ((p = waitpid(-1, NULL, WNOHANG)) != 0)
836 	  if (p == -1)
837 	    {
838 	      if (errno != EINTR)
839 		break;
840 	    }
841 	  else
842 	    for (i = 0 ; i < MAX_PROCS; i++)
843 	      if (daemon->tcp_pids[i] == p)
844 		daemon->tcp_pids[i] = 0;
845 	break;
846 
847       case EVENT_KILLED:
848 	my_syslog(LOG_WARNING, _("child process killed by signal %d"), ev.data);
849 	break;
850 
851       case EVENT_EXITED:
852 	my_syslog(LOG_WARNING, _("child process exited with status %d"), ev.data);
853 	break;
854 
855       case EVENT_EXEC_ERR:
856 	my_syslog(LOG_ERR, _("failed to execute %s: %s"),
857 		  daemon->lease_change_command, strerror(ev.data));
858 	break;
859 
860 	/* necessary for fatal errors in helper */
861       case EVENT_HUSER_ERR:
862       case EVENT_DIE:
863 	fatal_event(&ev);
864 	break;
865 
866       case EVENT_REOPEN:
867 	/* Note: this may leave TCP-handling processes with the old file still open.
868 	   Since any such process will die in CHILD_LIFETIME or probably much sooner,
869 	   we leave them logging to the old file. */
870 	if (daemon->log_file != NULL)
871 	  log_reopen(daemon->log_file);
872 	break;
873 
874       case EVENT_TERM:
875 	/* Knock all our children on the head. */
876 	for (i = 0; i < MAX_PROCS; i++)
877 	  if (daemon->tcp_pids[i] != 0)
878 	    kill(daemon->tcp_pids[i], SIGALRM);
879 
880 #if defined(HAVE_DHCP) && defined(HAVE_SCRIPT)
881 	/* handle pending lease transitions */
882 	if (daemon->helperfd != -1)
883 	  {
884 	    /* block in writes until all done */
885 	    if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1)
886 	      fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK);
887 	    do {
888 	      helper_write();
889 	    } while (!helper_buf_empty() || do_script_run(now));
890 	    close(daemon->helperfd);
891 	  }
892 #endif
893 
894 	if (daemon->lease_stream)
895 	  fclose(daemon->lease_stream);
896 
897 	if (daemon->runfile)
898 	  unlink(daemon->runfile);
899 
900 	my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM"));
901 	flush_log();
902 	exit(EC_GOOD);
903       }
904 }
905 
poll_resolv()906 static void poll_resolv()
907 {
908   struct resolvc *res, *latest;
909   struct stat statbuf;
910   time_t last_change = 0;
911   /* There may be more than one possible file.
912      Go through and find the one which changed _last_.
913      Warn of any which can't be read. */
914   for (latest = NULL, res = daemon->resolv_files; res; res = res->next)
915     if (stat(res->name, &statbuf) == -1)
916       {
917 	if (!res->logged)
918 	  my_syslog(LOG_WARNING, _("failed to access %s: %s"), res->name, strerror(errno));
919 	res->logged = 1;
920       }
921     else
922       {
923 	res->logged = 0;
924 	if (statbuf.st_mtime != res->mtime)
925 	  {
926 	    res->mtime = statbuf.st_mtime;
927 	    if (difftime(statbuf.st_mtime, last_change) > 0.0)
928 	      {
929 		last_change = statbuf.st_mtime;
930 		latest = res;
931 	      }
932 	  }
933       }
934 
935   if (latest)
936     {
937       static int warned = 0;
938       if (reload_servers(latest->name))
939 	{
940 	  my_syslog(LOG_INFO, _("reading %s"), latest->name);
941 	  warned = 0;
942 	  check_servers();
943 	  if (daemon->options & OPT_RELOAD)
944 	    cache_reload();
945 	}
946       else
947 	{
948 	  latest->mtime = 0;
949 	  if (!warned)
950 	    {
951 	      my_syslog(LOG_WARNING, _("no servers found in %s, will retry"), latest->name);
952 	      warned = 1;
953 	    }
954 	}
955     }
956 }
957 
clear_cache_and_reload(time_t now)958 void clear_cache_and_reload(time_t now)
959 {
960   if (daemon->port != 0)
961     cache_reload();
962 
963 #ifdef HAVE_DHCP
964   if (daemon->dhcp)
965     {
966       if (daemon->options & OPT_ETHERS)
967 	dhcp_read_ethers();
968       reread_dhcp();
969       dhcp_update_configs(daemon->dhcp_conf);
970       check_dhcp_hosts(0);
971       lease_update_from_configs();
972       lease_update_file(now);
973       lease_update_dns();
974     }
975 #endif
976 }
977 
978 #ifdef __ANDROID__
979 
set_android_listeners(fd_set * set,int * maxfdp)980 static int set_android_listeners(fd_set *set, int *maxfdp) {
981     FD_SET(STDIN_FILENO, set);
982     bump_maxfd(STDIN_FILENO, maxfdp);
983     return 0;
984 }
985 
check_android_listeners(fd_set * set)986 static int check_android_listeners(fd_set *set) {
987     int retcode = 0;
988     if (FD_ISSET(STDIN_FILENO, set)) {
989         char buffer[1024];
990         int rc;
991         int consumed = 0;
992 
993         if ((rc = read(STDIN_FILENO, buffer, sizeof(buffer) -1)) < 0) {
994             my_syslog(LOG_ERR, _("Error reading from stdin (%s)"), strerror(errno));
995             return -1;
996         }
997         buffer[rc] = '\0';
998         while(consumed < rc) {
999             char *cmd;
1000             char *current_cmd = &buffer[consumed];
1001             char *params = current_cmd;
1002             int len = strlen(current_cmd);
1003 
1004             cmd = strsep(&params, ":");
1005             if (!strcmp(cmd, "update_dns")) {
1006                 if (params != NULL) {
1007                     set_servers(params);
1008                     check_servers();
1009                 } else {
1010                     my_syslog(LOG_ERR, _("Malformatted msg '%s'"), current_cmd);
1011                     retcode = -1;
1012                 }
1013             } else {
1014                  my_syslog(LOG_ERR, _("Unknown cmd '%s'"), cmd);
1015                  retcode = -1;
1016             }
1017             consumed += len + 1;
1018         }
1019     }
1020     return retcode;
1021 }
1022 #endif
1023 
set_dns_listeners(time_t now,fd_set * set,int * maxfdp)1024 static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp)
1025 {
1026   struct serverfd *serverfdp;
1027   struct listener *listener;
1028   int wait = 0, i;
1029 
1030 #ifdef HAVE_TFTP
1031   int  tftp = 0;
1032   struct tftp_transfer *transfer;
1033   for (transfer = daemon->tftp_trans; transfer; transfer = transfer->next)
1034     {
1035       tftp++;
1036       FD_SET(transfer->sockfd, set);
1037       bump_maxfd(transfer->sockfd, maxfdp);
1038     }
1039 #endif
1040 
1041   /* will we be able to get memory? */
1042   if (daemon->port != 0)
1043     get_new_frec(now, &wait);
1044 
1045   for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1046     {
1047       FD_SET(serverfdp->fd, set);
1048       bump_maxfd(serverfdp->fd, maxfdp);
1049     }
1050 
1051   if (daemon->port != 0 && !daemon->osport)
1052     for (i = 0; i < RANDOM_SOCKS; i++)
1053       if (daemon->randomsocks[i].refcount != 0)
1054 	{
1055 	  FD_SET(daemon->randomsocks[i].fd, set);
1056 	  bump_maxfd(daemon->randomsocks[i].fd, maxfdp);
1057 	}
1058 
1059   for (listener = daemon->listeners; listener; listener = listener->next)
1060     {
1061       /* only listen for queries if we have resources */
1062       if (listener->fd != -1 && wait == 0)
1063 	{
1064 	  FD_SET(listener->fd, set);
1065 	  bump_maxfd(listener->fd, maxfdp);
1066 	}
1067 
1068       /* death of a child goes through the select loop, so
1069 	 we don't need to explicitly arrange to wake up here */
1070       if  (listener->tcpfd != -1)
1071 	for (i = 0; i < MAX_PROCS; i++)
1072 	  if (daemon->tcp_pids[i] == 0)
1073 	    {
1074 	      FD_SET(listener->tcpfd, set);
1075 	      bump_maxfd(listener->tcpfd, maxfdp);
1076 	      break;
1077 	    }
1078 
1079 #ifdef HAVE_TFTP
1080       if (tftp <= daemon->tftp_max && listener->tftpfd != -1)
1081 	{
1082 	  FD_SET(listener->tftpfd, set);
1083 	  bump_maxfd(listener->tftpfd, maxfdp);
1084 	}
1085 #endif
1086 
1087     }
1088 
1089   return wait;
1090 }
1091 
check_dns_listeners(fd_set * set,time_t now)1092 static void check_dns_listeners(fd_set *set, time_t now)
1093 {
1094   struct serverfd *serverfdp;
1095   struct listener *listener;
1096   int i;
1097 
1098   for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next)
1099     if (FD_ISSET(serverfdp->fd, set))
1100       reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now);
1101 
1102   if (daemon->port != 0 && !daemon->osport)
1103     for (i = 0; i < RANDOM_SOCKS; i++)
1104       if (daemon->randomsocks[i].refcount != 0 &&
1105 	  FD_ISSET(daemon->randomsocks[i].fd, set))
1106 	reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now);
1107 
1108   for (listener = daemon->listeners; listener; listener = listener->next)
1109     {
1110       if (listener->fd != -1 && FD_ISSET(listener->fd, set))
1111 	receive_query(listener, now);
1112 
1113 #ifdef HAVE_TFTP
1114       if (listener->tftpfd != -1 && FD_ISSET(listener->tftpfd, set))
1115 	tftp_request(listener, now);
1116 #endif
1117 
1118       if (listener->tcpfd != -1 && FD_ISSET(listener->tcpfd, set))
1119 	{
1120 	  int confd;
1121 	  struct irec *iface = NULL;
1122 	  pid_t p;
1123 
1124 	  while((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR);
1125 
1126 	  if (confd == -1)
1127 	    continue;
1128 
1129 	  if (daemon->options & OPT_NOWILD)
1130 	    iface = listener->iface;
1131 	  else
1132 	    {
1133 	      union mysockaddr tcp_addr;
1134 	      socklen_t tcp_len = sizeof(union mysockaddr);
1135 	      /* Check for allowed interfaces when binding the wildcard address:
1136 		 we do this by looking for an interface with the same address as
1137 		 the local address of the TCP connection, then looking to see if that's
1138 		 an allowed interface. As a side effect, we get the netmask of the
1139 		 interface too, for localisation. */
1140 
1141 	      /* interface may be new since startup */
1142 	      if (enumerate_interfaces() &&
1143 		  getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) != -1)
1144 		for (iface = daemon->interfaces; iface; iface = iface->next)
1145 		  if (sockaddr_isequal(&iface->addr, &tcp_addr))
1146 		    break;
1147 	    }
1148 
1149 	  if (!iface)
1150 	    {
1151 	      shutdown(confd, SHUT_RDWR);
1152 	      close(confd);
1153 	    }
1154 #ifndef NO_FORK
1155 	  else if (!(daemon->options & OPT_DEBUG) && (p = fork()) != 0)
1156 	    {
1157 	      if (p != -1)
1158 		{
1159 		  int i;
1160 		  for (i = 0; i < MAX_PROCS; i++)
1161 		    if (daemon->tcp_pids[i] == 0)
1162 		      {
1163 			daemon->tcp_pids[i] = p;
1164 			break;
1165 		      }
1166 		}
1167 	      close(confd);
1168 	    }
1169 #endif
1170 	  else
1171 	    {
1172 	      unsigned char *buff;
1173 	      struct server *s;
1174 	      int flags;
1175 	      struct in_addr dst_addr_4;
1176 
1177 	      dst_addr_4.s_addr = 0;
1178 
1179 	       /* Arrange for SIGALARM after CHILD_LIFETIME seconds to
1180 		  terminate the process. */
1181 	      if (!(daemon->options & OPT_DEBUG))
1182 		alarm(CHILD_LIFETIME);
1183 
1184 	      /* start with no upstream connections. */
1185 	      for (s = daemon->servers; s; s = s->next)
1186 		 s->tcpfd = -1;
1187 
1188 	      /* The connected socket inherits non-blocking
1189 		 attribute from the listening socket.
1190 		 Reset that here. */
1191 	      if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
1192 		fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);
1193 
1194 	      if (listener->family == AF_INET)
1195 		dst_addr_4 = iface->addr.in.sin_addr;
1196 
1197 	      buff = tcp_request(confd, now, dst_addr_4, iface->netmask);
1198 
1199 	      shutdown(confd, SHUT_RDWR);
1200 	      close(confd);
1201 
1202 	      if (buff)
1203 		free(buff);
1204 
1205 	      for (s = daemon->servers; s; s = s->next)
1206 		if (s->tcpfd != -1)
1207 		  {
1208 		    shutdown(s->tcpfd, SHUT_RDWR);
1209 		    close(s->tcpfd);
1210 		  }
1211 #ifndef NO_FORK
1212 	      if (!(daemon->options & OPT_DEBUG))
1213 		{
1214 		  flush_log();
1215 		  _exit(0);
1216 		}
1217 #endif
1218 	    }
1219 	}
1220     }
1221 }
1222 
1223 #ifdef HAVE_DHCP
make_icmp_sock(void)1224 int make_icmp_sock(void)
1225 {
1226   int fd;
1227   int zeroopt = 0;
1228 
1229   if ((fd = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1)
1230     {
1231       if (!fix_fd(fd) ||
1232 	  setsockopt(fd, SOL_SOCKET, SO_DONTROUTE, &zeroopt, sizeof(zeroopt)) == -1)
1233 	{
1234 	  close(fd);
1235 	  fd = -1;
1236 	}
1237     }
1238 
1239   return fd;
1240 }
1241 
icmp_ping(struct in_addr addr)1242 int icmp_ping(struct in_addr addr)
1243 {
1244   /* Try and get an ICMP echo from a machine. */
1245 
1246   /* Note that whilst in the three second wait, we check for
1247      (and service) events on the DNS and TFTP  sockets, (so doing that
1248      better not use any resources our caller has in use...)
1249      but we remain deaf to signals or further DHCP packets. */
1250 
1251   int fd;
1252   struct sockaddr_in saddr;
1253   struct {
1254     struct ip ip;
1255     struct icmp icmp;
1256   } packet;
1257   unsigned short id = rand16();
1258   unsigned int i, j;
1259   int gotreply = 0;
1260   time_t start, now;
1261 
1262 #if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK)
1263   if ((fd = make_icmp_sock()) == -1)
1264     return 0;
1265 #else
1266   int opt = 2000;
1267   fd = daemon->dhcp_icmp_fd;
1268   setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1269 #endif
1270 
1271   saddr.sin_family = AF_INET;
1272   saddr.sin_port = 0;
1273   saddr.sin_addr = addr;
1274 #ifdef HAVE_SOCKADDR_SA_LEN
1275   saddr.sin_len = sizeof(struct sockaddr_in);
1276 #endif
1277 
1278   memset(&packet.icmp, 0, sizeof(packet.icmp));
1279   packet.icmp.icmp_type = ICMP_ECHO;
1280   packet.icmp.icmp_id = id;
1281   for (j = 0, i = 0; i < sizeof(struct icmp) / 2; i++)
1282     j += ((u16 *)&packet.icmp)[i];
1283   while (j>>16)
1284     j = (j & 0xffff) + (j >> 16);
1285   packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j;
1286 
1287   while (sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0,
1288 		(struct sockaddr *)&saddr, sizeof(saddr)) == -1 &&
1289 	 retry_send());
1290 
1291   for (now = start = dnsmasq_time();
1292        difftime(now, start) < (float)PING_WAIT;)
1293     {
1294       struct timeval tv;
1295       fd_set rset, wset;
1296       struct sockaddr_in faddr;
1297       int maxfd = fd;
1298       socklen_t len = sizeof(faddr);
1299 
1300       tv.tv_usec = 250000;
1301       tv.tv_sec = 0;
1302 
1303       FD_ZERO(&rset);
1304       FD_ZERO(&wset);
1305       FD_SET(fd, &rset);
1306       set_dns_listeners(now, &rset, &maxfd);
1307       set_log_writer(&wset, &maxfd);
1308 
1309       if (select(maxfd+1, &rset, &wset, NULL, &tv) < 0)
1310 	{
1311 	  FD_ZERO(&rset);
1312 	  FD_ZERO(&wset);
1313 	}
1314 
1315       now = dnsmasq_time();
1316 
1317       check_log_writer(&wset);
1318       check_dns_listeners(&rset, now);
1319 
1320 #ifdef HAVE_TFTP
1321       check_tftp_listeners(&rset, now);
1322 #endif
1323 
1324       if (FD_ISSET(fd, &rset) &&
1325 	  recvfrom(fd, &packet, sizeof(packet), 0,
1326 		   (struct sockaddr *)&faddr, &len) == sizeof(packet) &&
1327 	  saddr.sin_addr.s_addr == faddr.sin_addr.s_addr &&
1328 	  packet.icmp.icmp_type == ICMP_ECHOREPLY &&
1329 	  packet.icmp.icmp_seq == 0 &&
1330 	  packet.icmp.icmp_id == id)
1331 	{
1332 	  gotreply = 1;
1333 	  break;
1334 	}
1335     }
1336 
1337 #if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK)
1338   close(fd);
1339 #else
1340   opt = 1;
1341   setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));
1342 #endif
1343 
1344   return gotreply;
1345 }
1346 #endif
1347 
1348 
1349