|
version 1.1.1.3, 2016/11/02 09:57:01
|
version 1.1.1.4, 2021/03/17 00:56:46
|
|
Line 1
|
Line 1
|
| /* dnsmasq is Copyright (c) 2000-2016 Simon Kelley | /* dnsmasq is Copyright (c) 2000-2021 Simon Kelley |
| |
|
| This program is free software; you can redistribute it and/or modify |
This program is free software; you can redistribute it and/or modify |
| it under the terms of the GNU General Public License as published by |
it under the terms of the GNU General Public License as published by |
|
Line 48 int main (int argc, char **argv)
|
Line 48 int main (int argc, char **argv)
|
| long i, max_fd = sysconf(_SC_OPEN_MAX); |
long i, max_fd = sysconf(_SC_OPEN_MAX); |
| char *baduser = NULL; |
char *baduser = NULL; |
| int log_err; |
int log_err; |
| |
int chown_warn = 0; |
| #if defined(HAVE_LINUX_NETWORK) |
#if defined(HAVE_LINUX_NETWORK) |
| cap_user_header_t hdr = NULL; |
cap_user_header_t hdr = NULL; |
| cap_user_data_t data = NULL; |
cap_user_data_t data = NULL; |
| |
int need_cap_net_admin = 0; |
| |
int need_cap_net_raw = 0; |
| |
int need_cap_net_bind_service = 0; |
| char *bound_device = NULL; |
char *bound_device = NULL; |
| int did_bind = 0; |
int did_bind = 0; |
| |
struct server *serv; |
| |
char *netlink_warn; |
| #endif |
#endif |
| #if defined(HAVE_DHCP) || defined(HAVE_DHCP6) |
#if defined(HAVE_DHCP) || defined(HAVE_DHCP6) |
| struct dhcp_context *context; |
struct dhcp_context *context; |
|
Line 77 int main (int argc, char **argv)
|
Line 83 int main (int argc, char **argv)
|
| sigaction(SIGTERM, &sigact, NULL); |
sigaction(SIGTERM, &sigact, NULL); |
| sigaction(SIGALRM, &sigact, NULL); |
sigaction(SIGALRM, &sigact, NULL); |
| sigaction(SIGCHLD, &sigact, NULL); |
sigaction(SIGCHLD, &sigact, NULL); |
| sigaction(SIGINT, &sigact, NULL); |
| | |
| /* ignore SIGPIPE */ |
/* ignore SIGPIPE */ |
| sigact.sa_handler = SIG_IGN; |
sigact.sa_handler = SIG_IGN; |
| sigaction(SIGPIPE, &sigact, NULL); |
sigaction(SIGPIPE, &sigact, NULL); |
| |
|
| umask(022); /* known umask, create leases and pid files as 0644 */ |
umask(022); /* known umask, create leases and pid files as 0644 */ |
| | |
| rand_init(); /* Must precede read_opts() */ |
rand_init(); /* Must precede read_opts() */ |
| |
|
| read_opts(argc, argv, compile_opts); |
read_opts(argc, argv, compile_opts); |
| |
|
| |
#ifdef HAVE_LINUX_NETWORK |
| |
daemon->kernel_version = kernel_version(); |
| |
#endif |
| |
|
| if (daemon->edns_pktsz < PACKETSZ) |
if (daemon->edns_pktsz < PACKETSZ) |
| daemon->edns_pktsz = PACKETSZ; |
daemon->edns_pktsz = PACKETSZ; |
| |
|
|
Line 118 int main (int argc, char **argv)
|
Line 129 int main (int argc, char **argv)
|
| daemon->namebuff = safe_malloc(MAXDNAME * 2); |
daemon->namebuff = safe_malloc(MAXDNAME * 2); |
| daemon->keyname = safe_malloc(MAXDNAME * 2); |
daemon->keyname = safe_malloc(MAXDNAME * 2); |
| daemon->workspacename = safe_malloc(MAXDNAME * 2); |
daemon->workspacename = safe_malloc(MAXDNAME * 2); |
| |
/* one char flag per possible RR in answer section (may get extended). */ |
| |
daemon->rr_status_sz = 64; |
| |
daemon->rr_status = safe_malloc(sizeof(*daemon->rr_status) * daemon->rr_status_sz); |
| } |
} |
| #endif |
#endif |
| |
|
|
Line 129 int main (int argc, char **argv)
|
Line 143 int main (int argc, char **argv)
|
| } |
} |
| #endif |
#endif |
| |
|
| /* Close any file descriptors we inherited apart from std{in|out|err} | /* Ensure that at least stdin, stdout and stderr (fd 0, 1, 2) exist, |
| | |
| Ensure that at least stdin, stdout and stderr (fd 0, 1, 2) exist, | |
| otherwise file descriptors we create can end up being 0, 1, or 2 |
otherwise file descriptors we create can end up being 0, 1, or 2 |
| and then get accidentally closed later when we make 0, 1, and 2 |
and then get accidentally closed later when we make 0, 1, and 2 |
| open to /dev/null. Normally we'll be started with 0, 1 and 2 open, |
open to /dev/null. Normally we'll be started with 0, 1 and 2 open, |
| but it's not guaranteed. By opening /dev/null three times, we |
but it's not guaranteed. By opening /dev/null three times, we |
| ensure that we're not using those fds for real stuff. */ |
ensure that we're not using those fds for real stuff. */ |
| for (i = 0; i < max_fd; i++) | for (i = 0; i < 3; i++) |
| if (i != STDOUT_FILENO && i != STDERR_FILENO && i != STDIN_FILENO) | open("/dev/null", O_RDWR); |
| close(i); | |
| else | /* Close any file descriptors we inherited apart from std{in|out|err} */ |
| open("/dev/null", O_RDWR); | close_fds(max_fd, -1, -1, -1); |
| |
| #ifndef HAVE_LINUX_NETWORK |
#ifndef HAVE_LINUX_NETWORK |
| # if !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR)) |
# if !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR)) |
| if (!option_bool(OPT_NOWILD)) |
if (!option_bool(OPT_NOWILD)) |
|
Line 202 int main (int argc, char **argv)
|
Line 214 int main (int argc, char **argv)
|
| |
|
| #ifdef HAVE_SOLARIS_NETWORK |
#ifdef HAVE_SOLARIS_NETWORK |
| if (daemon->max_logs != 0) |
if (daemon->max_logs != 0) |
| die(_("asychronous logging is not available under Solaris"), NULL, EC_BADCONF); | die(_("asynchronous logging is not available under Solaris"), NULL, EC_BADCONF); |
| #endif |
#endif |
| |
|
| #ifdef __ANDROID__ |
#ifdef __ANDROID__ |
| if (daemon->max_logs != 0) |
if (daemon->max_logs != 0) |
| die(_("asychronous logging is not available under Android"), NULL, EC_BADCONF); | die(_("asynchronous logging is not available under Android"), NULL, EC_BADCONF); |
| #endif |
#endif |
| |
|
| #ifndef HAVE_AUTH |
#ifndef HAVE_AUTH |
| if (daemon->authserver) | if (daemon->auth_zones) |
| die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL, EC_BADCONF); |
die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL, EC_BADCONF); |
| #endif |
#endif |
| |
|
|
Line 220 int main (int argc, char **argv)
|
Line 232 int main (int argc, char **argv)
|
| die(_("loop detection not available: set HAVE_LOOP in src/config.h"), NULL, EC_BADCONF); |
die(_("loop detection not available: set HAVE_LOOP in src/config.h"), NULL, EC_BADCONF); |
| #endif |
#endif |
| |
|
| if (daemon->max_port != MAX_PORT && daemon->min_port == 0) | #ifndef HAVE_UBUS |
| daemon->min_port = 1024u; | if (option_bool(OPT_UBUS)) |
| die(_("Ubus not available: set HAVE_UBUS in src/config.h"), NULL, EC_BADCONF); |
| | #endif |
| | |
| if (daemon->max_port < daemon->min_port) |
if (daemon->max_port < daemon->min_port) |
| die(_("max_port cannot be smaller than min_port"), NULL, EC_BADCONF); |
die(_("max_port cannot be smaller than min_port"), NULL, EC_BADCONF); |
| |
|
| now = dnsmasq_time(); |
now = dnsmasq_time(); |
| |
|
| /* Create a serial at startup if not configured. */ | if (daemon->auth_zones) |
| if (daemon->authinterface && daemon->soa_sn == 0) | { |
| | if (!daemon->authserver) |
| | die(_("--auth-server required when an auth zone is defined."), NULL, EC_BADCONF); |
| | |
| | /* Create a serial at startup if not configured. */ |
| #ifdef HAVE_BROKEN_RTC |
#ifdef HAVE_BROKEN_RTC |
| die(_("zone serial must be configured in --auth-soa"), NULL, EC_BADCONF); | if (daemon->soa_sn == 0) |
| | die(_("zone serial must be configured in --auth-soa"), NULL, EC_BADCONF); |
| #else |
#else |
| daemon->soa_sn = now; | if (daemon->soa_sn == 0) |
| | daemon->soa_sn = now; |
| #endif |
#endif |
| |
} |
| |
|
| #ifdef HAVE_DHCP6 |
#ifdef HAVE_DHCP6 |
| if (daemon->dhcp6) |
if (daemon->dhcp6) |
|
Line 271 int main (int argc, char **argv)
|
Line 292 int main (int argc, char **argv)
|
| } |
} |
| |
|
| if (daemon->dhcp || daemon->relay4) |
if (daemon->dhcp || daemon->relay4) |
| dhcp_init(); | { |
| | dhcp_init(); |
| | # ifdef HAVE_LINUX_NETWORK |
| | if (!option_bool(OPT_NO_PING)) |
| | need_cap_net_raw = 1; |
| | need_cap_net_admin = 1; |
| | # endif |
| | } |
| |
|
| # ifdef HAVE_DHCP6 |
# ifdef HAVE_DHCP6 |
| if (daemon->doing_ra || daemon->doing_dhcp6 || daemon->relay6) |
if (daemon->doing_ra || daemon->doing_dhcp6 || daemon->relay6) |
| ra_init(now); | { |
| | ra_init(now); |
| | # ifdef HAVE_LINUX_NETWORK |
| | need_cap_net_raw = 1; |
| | need_cap_net_admin = 1; |
| | # endif |
| | } |
| |
|
| if (daemon->doing_dhcp6 || daemon->relay6) |
if (daemon->doing_dhcp6 || daemon->relay6) |
| dhcp6_init(); |
dhcp6_init(); |
|
Line 285 int main (int argc, char **argv)
|
Line 319 int main (int argc, char **argv)
|
| |
|
| #ifdef HAVE_IPSET |
#ifdef HAVE_IPSET |
| if (daemon->ipsets) |
if (daemon->ipsets) |
| ipset_init(); | { |
| | ipset_init(); |
| | # ifdef HAVE_LINUX_NETWORK |
| | need_cap_net_admin = 1; |
| | # endif |
| | } |
| #endif |
#endif |
| |
|
| #if defined(HAVE_LINUX_NETWORK) |
#if defined(HAVE_LINUX_NETWORK) |
| netlink_init(); | netlink_warn = netlink_init(); |
| #elif defined(HAVE_BSD_NETWORK) |
#elif defined(HAVE_BSD_NETWORK) |
| route_init(); |
route_init(); |
| #endif |
#endif |
|
Line 351 int main (int argc, char **argv)
|
Line 390 int main (int argc, char **argv)
|
| if (daemon->port != 0) |
if (daemon->port != 0) |
| { |
{ |
| cache_init(); |
cache_init(); |
| |
|
| #ifdef HAVE_DNSSEC |
|
| blockdata_init(); |
blockdata_init(); |
| #endif | hash_questions_init(); |
| } |
} |
| |
|
| #ifdef HAVE_INOTIFY |
#ifdef HAVE_INOTIFY |
| if (daemon->port != 0 || daemon->dhcp || daemon->doing_dhcp6) | if ((daemon->port != 0 || daemon->dhcp || daemon->doing_dhcp6) |
| | && (!option_bool(OPT_NO_RESOLV) || daemon->dynamic_dirs)) |
| inotify_dnsmasq_init(); |
inotify_dnsmasq_init(); |
| else |
else |
| daemon->inotifyfd = -1; |
daemon->inotifyfd = -1; |
| #endif |
#endif |
| | |
| | if (daemon->dump_file) |
| | #ifdef HAVE_DUMPFILE |
| | dump_init(); |
| | else |
| | daemon->dumpfd = -1; |
| | #else |
| | die(_("Packet dumps not available: set HAVE_DUMP in src/config.h"), NULL, EC_BADCONF); |
| | #endif |
| | |
| if (option_bool(OPT_DBUS)) |
if (option_bool(OPT_DBUS)) |
| #ifdef HAVE_DBUS |
#ifdef HAVE_DBUS |
| { |
{ |
|
Line 377 int main (int argc, char **argv)
|
Line 424 int main (int argc, char **argv)
|
| die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL, EC_BADCONF); |
die(_("DBus not available: set HAVE_DBUS in src/config.h"), NULL, EC_BADCONF); |
| #endif |
#endif |
| |
|
| |
if (option_bool(OPT_UBUS)) |
| |
#ifdef HAVE_UBUS |
| |
{ |
| |
daemon->ubus = NULL; |
| |
ubus_init(); |
| |
} |
| |
#else |
| |
die(_("UBus not available: set HAVE_UBUS in src/config.h"), NULL, EC_BADCONF); |
| |
#endif |
| |
|
| if (daemon->port != 0) |
if (daemon->port != 0) |
| pre_allocate_sfds(); |
pre_allocate_sfds(); |
| |
|
|
Line 386 int main (int argc, char **argv)
|
Line 443 int main (int argc, char **argv)
|
| daemon->scriptuser && |
daemon->scriptuser && |
| (daemon->lease_change_command || daemon->luascript)) |
(daemon->lease_change_command || daemon->luascript)) |
| { |
{ |
| if ((ent_pw = getpwnam(daemon->scriptuser))) | struct passwd *scr_pw; |
| | |
| | if ((scr_pw = getpwnam(daemon->scriptuser))) |
| { |
{ |
| script_uid = ent_pw->pw_uid; | script_uid = scr_pw->pw_uid; |
| script_gid = ent_pw->pw_gid; | script_gid = scr_pw->pw_gid; |
| } |
} |
| else |
else |
| baduser = daemon->scriptuser; |
baduser = daemon->scriptuser; |
|
Line 416 int main (int argc, char **argv)
|
Line 475 int main (int argc, char **argv)
|
| } |
} |
| |
|
| #if defined(HAVE_LINUX_NETWORK) |
#if defined(HAVE_LINUX_NETWORK) |
| |
/* We keep CAP_NETADMIN (for ARP-injection) and |
| |
CAP_NET_RAW (for icmp) if we're doing dhcp, |
| |
if we have yet to bind ports because of DAD, |
| |
or we're doing it dynamically, we need CAP_NET_BIND_SERVICE. */ |
| |
if ((is_dad_listeners() || option_bool(OPT_CLEVERBIND)) && |
| |
(option_bool(OPT_TFTP) || (daemon->port != 0 && daemon->port <= 1024))) |
| |
need_cap_net_bind_service = 1; |
| |
|
| |
/* usptream servers which bind to an interface call SO_BINDTODEVICE |
| |
for each TCP connection, so need CAP_NET_RAW */ |
| |
for (serv = daemon->servers; serv; serv = serv->next) |
| |
if (serv->interface[0] != 0) |
| |
need_cap_net_raw = 1; |
| |
|
| |
/* If we're doing Dbus or UBus, the above can be set dynamically, |
| |
(as can ports) so always (potentially) needed. */ |
| |
#ifdef HAVE_DBUS |
| |
if (option_bool(OPT_DBUS)) |
| |
{ |
| |
need_cap_net_bind_service = 1; |
| |
need_cap_net_raw = 1; |
| |
} |
| |
#endif |
| |
|
| |
#ifdef HAVE_UBUS |
| |
if (option_bool(OPT_UBUS)) |
| |
{ |
| |
need_cap_net_bind_service = 1; |
| |
need_cap_net_raw = 1; |
| |
} |
| |
#endif |
| |
|
| /* determine capability API version here, while we can still |
/* determine capability API version here, while we can still |
| call safe_malloc */ |
call safe_malloc */ |
| if (ent_pw && ent_pw->pw_uid != 0) | int capsize = 1; /* for header version 1 */ |
| | char *fail = NULL; |
| | |
| | hdr = safe_malloc(sizeof(*hdr)); |
| | |
| | /* find version supported by kernel */ |
| | memset(hdr, 0, sizeof(*hdr)); |
| | capget(hdr, NULL); |
| | |
| | if (hdr->version != LINUX_CAPABILITY_VERSION_1) |
| { |
{ |
| int capsize = 1; /* for header version 1 */ | /* if unknown version, use largest supported version (3) */ |
| hdr = safe_malloc(sizeof(*hdr)); | if (hdr->version != LINUX_CAPABILITY_VERSION_2) |
| hdr->version = LINUX_CAPABILITY_VERSION_3; |
| /* find version supported by kernel */ | capsize = 2; |
| memset(hdr, 0, sizeof(*hdr)); | |
| capget(hdr, NULL); | |
| | |
| if (hdr->version != LINUX_CAPABILITY_VERSION_1) | |
| { | |
| /* if unknown version, use largest supported version (3) */ | |
| if (hdr->version != LINUX_CAPABILITY_VERSION_2) | |
| hdr->version = LINUX_CAPABILITY_VERSION_3; | |
| capsize = 2; | |
| } | |
| | |
| data = safe_malloc(sizeof(*data) * capsize); | |
| memset(data, 0, sizeof(*data) * capsize); | |
| } |
} |
| |
|
| |
data = safe_malloc(sizeof(*data) * capsize); |
| |
capget(hdr, data); /* Get current values, for verification */ |
| |
|
| |
if (need_cap_net_admin && !(data->permitted & (1 << CAP_NET_ADMIN))) |
| |
fail = "NET_ADMIN"; |
| |
else if (need_cap_net_raw && !(data->permitted & (1 << CAP_NET_RAW))) |
| |
fail = "NET_RAW"; |
| |
else if (need_cap_net_bind_service && !(data->permitted & (1 << CAP_NET_BIND_SERVICE))) |
| |
fail = "NET_BIND_SERVICE"; |
| |
|
| |
if (fail) |
| |
die(_("process is missing required capability %s"), fail, EC_MISC); |
| |
|
| |
/* Now set bitmaps to set caps after daemonising */ |
| |
memset(data, 0, sizeof(*data) * capsize); |
| |
|
| |
if (need_cap_net_admin) |
| |
data->effective |= (1 << CAP_NET_ADMIN); |
| |
if (need_cap_net_raw) |
| |
data->effective |= (1 << CAP_NET_RAW); |
| |
if (need_cap_net_bind_service) |
| |
data->effective |= (1 << CAP_NET_BIND_SERVICE); |
| |
|
| |
data->permitted = data->effective; |
| #endif |
#endif |
| |
|
| /* Use a pipe to carry signals and other events back to the event loop |
/* Use a pipe to carry signals and other events back to the event loop |
|
Line 459 int main (int argc, char **argv)
|
Line 571 int main (int argc, char **argv)
|
| if (chdir("/") != 0) |
if (chdir("/") != 0) |
| die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC); |
die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC); |
| |
|
| #ifndef NO_FORK |
|
| if (!option_bool(OPT_NO_FORK)) |
if (!option_bool(OPT_NO_FORK)) |
| { |
{ |
| pid_t pid; |
pid_t pid; |
|
Line 478 int main (int argc, char **argv)
|
Line 589 int main (int argc, char **argv)
|
| char *msg; |
char *msg; |
| |
|
| /* close our copy of write-end */ |
/* close our copy of write-end */ |
| while (retry_send(close(err_pipe[1]))); | close(err_pipe[1]); |
| |
|
| /* check for errors after the fork */ |
/* check for errors after the fork */ |
| if (read_event(err_pipe[0], &ev, &msg)) |
if (read_event(err_pipe[0], &ev, &msg)) |
|
Line 487 int main (int argc, char **argv)
|
Line 598 int main (int argc, char **argv)
|
| _exit(EC_GOOD); |
_exit(EC_GOOD); |
| } |
} |
| |
|
| while (retry_send(close(err_pipe[0]))); | close(err_pipe[0]); |
| |
|
| /* NO calls to die() from here on. */ |
/* NO calls to die() from here on. */ |
| |
|
|
Line 499 int main (int argc, char **argv)
|
Line 610 int main (int argc, char **argv)
|
| if (pid != 0) |
if (pid != 0) |
| _exit(0); |
_exit(0); |
| } |
} |
| #endif |
|
| |
|
| /* write pidfile _after_ forking ! */ |
/* write pidfile _after_ forking ! */ |
| if (daemon->runfile) |
if (daemon->runfile) |
|
Line 514 int main (int argc, char **argv)
|
Line 624 int main (int argc, char **argv)
|
| extent that an attacker running as the unprivileged user could replace the pidfile with a |
extent that an attacker running as the unprivileged user could replace the pidfile with a |
| symlink, and have the target of that symlink overwritten as root next time dnsmasq starts. |
symlink, and have the target of that symlink overwritten as root next time dnsmasq starts. |
| |
|
| The folowing code first deletes any existing file, and then opens it with the O_EXCL flag, | The following code first deletes any existing file, and then opens it with the O_EXCL flag, |
| ensuring that the open() fails should there be any existing file (because the unlink() failed, |
ensuring that the open() fails should there be any existing file (because the unlink() failed, |
| or an attacker exploited the race between unlink() and open()). This ensures that no symlink |
or an attacker exploited the race between unlink() and open()). This ensures that no symlink |
| attack can succeed. |
attack can succeed. |
|
Line 537 int main (int argc, char **argv)
|
Line 647 int main (int argc, char **argv)
|
| } |
} |
| else |
else |
| { |
{ |
| |
/* We're still running as root here. Change the ownership of the PID file |
| |
to the user we will be running as. Note that this is not to allow |
| |
us to delete the file, since that depends on the permissions |
| |
of the directory containing the file. That directory will |
| |
need to by owned by the dnsmasq user, and the ownership of the |
| |
file has to match, to keep systemd >273 happy. */ |
| |
if (getuid() == 0 && ent_pw && ent_pw->pw_uid != 0 && fchown(fd, ent_pw->pw_uid, ent_pw->pw_gid) == -1) |
| |
chown_warn = errno; |
| |
|
| if (!read_write(fd, (unsigned char *)daemon->namebuff, strlen(daemon->namebuff), 0)) |
if (!read_write(fd, (unsigned char *)daemon->namebuff, strlen(daemon->namebuff), 0)) |
| err = 1; |
err = 1; |
| else | else |
| { |
{ |
| while (retry_send(close(fd))); | if (close(fd) == -1) |
| if (errno != 0) | |
| err = 1; |
err = 1; |
| } |
} |
| } |
} |
|
Line 583 int main (int argc, char **argv)
|
Line 701 int main (int argc, char **argv)
|
| int bad_capabilities = 0; |
int bad_capabilities = 0; |
| gid_t dummy; |
gid_t dummy; |
| |
|
| /* remove all supplimentary groups */ | /* remove all supplementary groups */ |
| if (gp && |
if (gp && |
| (setgroups(0, &dummy) == -1 || |
(setgroups(0, &dummy) == -1 || |
| setgid(gp->gr_gid) == -1)) |
setgid(gp->gr_gid) == -1)) |
|
Line 595 int main (int argc, char **argv)
|
Line 713 int main (int argc, char **argv)
|
| if (ent_pw && ent_pw->pw_uid != 0) |
if (ent_pw && ent_pw->pw_uid != 0) |
| { |
{ |
| #if defined(HAVE_LINUX_NETWORK) |
#if defined(HAVE_LINUX_NETWORK) |
| /* On linux, we keep CAP_NETADMIN (for ARP-injection) and | /* Need to be able to drop root. */ |
| CAP_NET_RAW (for icmp) if we're doing dhcp. If we have yet to bind | data->effective |= (1 << CAP_SETUID); |
| ports because of DAD, or we're doing it dynamically, | data->permitted |= (1 << CAP_SETUID); |
| we need CAP_NET_BIND_SERVICE too. */ | |
| if (is_dad_listeners() || option_bool(OPT_CLEVERBIND)) | |
| data->effective = data->permitted = data->inheritable = | |
| (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | | |
| (1 << CAP_SETUID) | (1 << CAP_NET_BIND_SERVICE); | |
| else | |
| data->effective = data->permitted = data->inheritable = | |
| (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID); | |
| | |
| /* Tell kernel to not clear capabilities when dropping root */ |
/* Tell kernel to not clear capabilities when dropping root */ |
| if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1) |
if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1) |
| bad_capabilities = errno; |
bad_capabilities = errno; |
|
Line 647 int main (int argc, char **argv)
|
Line 756 int main (int argc, char **argv)
|
| } |
} |
| |
|
| #ifdef HAVE_LINUX_NETWORK |
#ifdef HAVE_LINUX_NETWORK |
| if (is_dad_listeners() || option_bool(OPT_CLEVERBIND)) | data->effective &= ~(1 << CAP_SETUID); |
| data->effective = data->permitted = | data->permitted &= ~(1 << CAP_SETUID); |
| (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_NET_BIND_SERVICE); | |
| else | |
| data->effective = data->permitted = | |
| (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW); | |
| data->inheritable = 0; | |
| |
|
| /* lose the setuid and setgid capbilities */ | /* lose the setuid capability */ |
| if (capset(hdr, data) == -1) |
if (capset(hdr, data) == -1) |
| { |
{ |
| send_event(err_pipe[1], EVENT_CAP_ERR, errno, NULL); |
send_event(err_pipe[1], EVENT_CAP_ERR, errno, NULL); |
|
Line 714 int main (int argc, char **argv)
|
Line 818 int main (int argc, char **argv)
|
| |
|
| if (daemon->port == 0) |
if (daemon->port == 0) |
| my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION); |
my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION); |
| else if (daemon->cachesize != 0) | else |
| my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize); | { |
| else | if (daemon->cachesize != 0) |
| my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION); | { |
| | my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize); |
| | if (daemon->cachesize > 10000) |
| | my_syslog(LOG_WARNING, _("cache size greater than 10000 may cause performance issues, and is unlikely to be useful.")); |
| | } |
| | else |
| | my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION); |
| | |
| | if (option_bool(OPT_LOCAL_SERVICE)) |
| | my_syslog(LOG_INFO, _("DNS service limited to local subnets")); |
| | } |
| |
|
| my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts); |
my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts); |
| |
|
| |
if (chown_warn != 0) |
| |
my_syslog(LOG_WARNING, "chown of PID file %s failed: %s", daemon->runfile, strerror(chown_warn)); |
| |
|
| #ifdef HAVE_DBUS |
#ifdef HAVE_DBUS |
| if (option_bool(OPT_DBUS)) |
if (option_bool(OPT_DBUS)) |
|
Line 731 int main (int argc, char **argv)
|
Line 848 int main (int argc, char **argv)
|
| } |
} |
| #endif |
#endif |
| |
|
| if (option_bool(OPT_LOCAL_SERVICE)) | #ifdef HAVE_UBUS |
| my_syslog(LOG_INFO, _("DNS service limited to local subnets")); | if (option_bool(OPT_UBUS)) |
| | { |
| | if (daemon->ubus) |
| | my_syslog(LOG_INFO, _("UBus support enabled: connected to system bus")); |
| | else |
| | my_syslog(LOG_INFO, _("UBus support enabled: bus connection pending")); |
| | } |
| | #endif |
| | |
| #ifdef HAVE_DNSSEC |
#ifdef HAVE_DNSSEC |
| if (option_bool(OPT_DNSSEC_VALID)) |
if (option_bool(OPT_DNSSEC_VALID)) |
| { |
{ |
| int rc; |
int rc; |
| struct ds_config *ds; |
| | |
| /* Delay creating the timestamp file until here, after we've changed user, so that |
/* Delay creating the timestamp file until here, after we've changed user, so that |
| it has the correct owner to allow updating the mtime later. |
it has the correct owner to allow updating the mtime later. |
| This means we have to report fatal errors via the pipe. */ |
This means we have to report fatal errors via the pipe. */ |
|
Line 748 int main (int argc, char **argv)
|
Line 873 int main (int argc, char **argv)
|
| _exit(0); |
_exit(0); |
| } |
} |
| |
|
| my_syslog(LOG_INFO, _("DNSSEC validation enabled")); | if (option_bool(OPT_DNSSEC_IGN_NS)) |
| | my_syslog(LOG_INFO, _("DNSSEC validation enabled but all unsigned answers are trusted")); |
| | else |
| | my_syslog(LOG_INFO, _("DNSSEC validation enabled")); |
| |
|
| if (option_bool(OPT_DNSSEC_TIME)) | daemon->dnssec_no_time_check = option_bool(OPT_DNSSEC_TIME); |
| my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until first cache reload")); | if (option_bool(OPT_DNSSEC_TIME) && !daemon->back_to_the_future) |
| | my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until receipt of SIGINT")); |
| |
|
| if (rc == 1) |
if (rc == 1) |
| my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until system time valid")); |
my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until system time valid")); |
| |
|
| |
for (ds = daemon->ds; ds; ds = ds->next) |
| |
my_syslog(LOG_INFO, _("configured with trust anchor for %s keytag %u"), |
| |
ds->name[0] == 0 ? "<root>" : ds->name, ds->keytag); |
| } |
} |
| #endif |
#endif |
| |
|
|
Line 767 int main (int argc, char **argv)
|
Line 900 int main (int argc, char **argv)
|
| |
|
| if (option_bool(OPT_NOWILD)) |
if (option_bool(OPT_NOWILD)) |
| warn_bound_listeners(); |
warn_bound_listeners(); |
| |
else if (!option_bool(OPT_CLEVERBIND)) |
| |
warn_wild_labels(); |
| |
|
| warn_int_names(); |
warn_int_names(); |
| |
|
|
Line 812 int main (int argc, char **argv)
|
Line 947 int main (int argc, char **argv)
|
| # ifdef HAVE_LINUX_NETWORK |
# ifdef HAVE_LINUX_NETWORK |
| if (did_bind) |
if (did_bind) |
| my_syslog(MS_DHCP | LOG_INFO, _("DHCP, sockets bound exclusively to interface %s"), bound_device); |
my_syslog(MS_DHCP | LOG_INFO, _("DHCP, sockets bound exclusively to interface %s"), bound_device); |
| |
|
| |
if (netlink_warn) |
| |
my_syslog(LOG_WARNING, netlink_warn); |
| # endif |
# endif |
| |
|
| /* after dhcp_contruct_contexts */ | /* after dhcp_construct_contexts */ |
| if (daemon->dhcp || daemon->doing_dhcp6) |
if (daemon->dhcp || daemon->doing_dhcp6) |
| lease_find_interfaces(now); |
lease_find_interfaces(now); |
| #endif |
#endif |
|
Line 824 int main (int argc, char **argv)
|
Line 962 int main (int argc, char **argv)
|
| { |
{ |
| struct tftp_prefix *p; |
struct tftp_prefix *p; |
| |
|
| my_syslog(MS_TFTP | LOG_INFO, "TFTP %s%s %s", | my_syslog(MS_TFTP | LOG_INFO, "TFTP %s%s %s %s", |
| daemon->tftp_prefix ? _("root is ") : _("enabled"), |
daemon->tftp_prefix ? _("root is ") : _("enabled"), |
| daemon->tftp_prefix ? daemon->tftp_prefix: "", | daemon->tftp_prefix ? daemon->tftp_prefix : "", |
| option_bool(OPT_TFTP_SECURE) ? _("secure mode") : ""); | option_bool(OPT_TFTP_SECURE) ? _("secure mode") : "", |
| | option_bool(OPT_SINGLE_PORT) ? _("single port mode") : ""); |
| |
|
| if (tftp_prefix_missing) |
if (tftp_prefix_missing) |
| my_syslog(MS_TFTP | LOG_WARNING, _("warning: %s inaccessible"), daemon->tftp_prefix); |
my_syslog(MS_TFTP | LOG_WARNING, _("warning: %s inaccessible"), daemon->tftp_prefix); |
|
Line 845 int main (int argc, char **argv)
|
Line 984 int main (int argc, char **argv)
|
| |
|
| if (max_fd < 0) |
if (max_fd < 0) |
| max_fd = 5; |
max_fd = 5; |
| else if (max_fd < 100) | else if (max_fd < 100 && !option_bool(OPT_SINGLE_PORT)) |
| max_fd = max_fd/2; |
max_fd = max_fd/2; |
| else |
else |
| max_fd = max_fd - 20; |
max_fd = max_fd - 20; |
|
Line 868 int main (int argc, char **argv)
|
Line 1007 int main (int argc, char **argv)
|
| |
|
| /* finished start-up - release original process */ |
/* finished start-up - release original process */ |
| if (err_pipe[1] != -1) |
if (err_pipe[1] != -1) |
| while (retry_send(close(err_pipe[1]))); | close(err_pipe[1]); |
| |
|
| if (daemon->port != 0) |
if (daemon->port != 0) |
| check_servers(); |
check_servers(); |
| |
|
| pid = getpid(); |
pid = getpid(); |
| |
|
| |
daemon->pipe_to_parent = -1; |
| |
for (i = 0; i < MAX_PROCS; i++) |
| |
daemon->tcp_pipes[i] = -1; |
| |
|
| #ifdef HAVE_INOTIFY |
#ifdef HAVE_INOTIFY |
| /* Using inotify, have to select a resolv file at startup */ |
/* Using inotify, have to select a resolv file at startup */ |
|
Line 903 int main (int argc, char **argv)
|
Line 1046 int main (int argc, char **argv)
|
| |
|
| #ifdef HAVE_DBUS |
#ifdef HAVE_DBUS |
| set_dbus_listeners(); |
set_dbus_listeners(); |
| #endif | #endif |
| | |
| | #ifdef HAVE_UBUS |
| | if (option_bool(OPT_UBUS)) |
| | set_ubus_listeners(); |
| | #endif |
| | |
| #ifdef HAVE_DHCP |
#ifdef HAVE_DHCP |
| if (daemon->dhcp || daemon->relay4) |
if (daemon->dhcp || daemon->relay4) |
| { |
{ |
|
Line 966 int main (int argc, char **argv)
|
Line 1114 int main (int argc, char **argv)
|
| #endif |
#endif |
| |
|
| |
|
| /* must do this just before select(), when we know no | /* must do this just before do_poll(), when we know no |
| more calls to my_syslog() can occur */ |
more calls to my_syslog() can occur */ |
| set_log_writer(); |
set_log_writer(); |
| |
|
|
Line 1034 int main (int argc, char **argv)
|
Line 1182 int main (int argc, char **argv)
|
| } |
} |
| check_dbus_listeners(); |
check_dbus_listeners(); |
| #endif |
#endif |
| | |
| | #ifdef HAVE_UBUS |
| | if (option_bool(OPT_UBUS)) |
| | { |
| | /* if we didn't create a UBus connection, retry now. */ |
| | if (!daemon->ubus) |
| | { |
| | ubus_init(); |
| | } |
| | |
| | check_ubus_listeners(); |
| | } |
| | #endif |
| | |
| check_dns_listeners(now); |
check_dns_listeners(now); |
| |
|
| #ifdef HAVE_TFTP |
#ifdef HAVE_TFTP |
|
Line 1073 static void sig_handler(int sig)
|
Line 1234 static void sig_handler(int sig)
|
| { |
{ |
| /* ignore anything other than TERM during startup |
/* ignore anything other than TERM during startup |
| and in helper proc. (helper ignore TERM too) */ |
and in helper proc. (helper ignore TERM too) */ |
| if (sig == SIGTERM) | if (sig == SIGTERM || sig == SIGINT) |
| exit(EC_MISC); |
exit(EC_MISC); |
| } |
} |
| else if (pid != getpid()) |
else if (pid != getpid()) |
|
Line 1099 static void sig_handler(int sig)
|
Line 1260 static void sig_handler(int sig)
|
| event = EVENT_DUMP; |
event = EVENT_DUMP; |
| else if (sig == SIGUSR2) |
else if (sig == SIGUSR2) |
| event = EVENT_REOPEN; |
event = EVENT_REOPEN; |
| |
else if (sig == SIGINT) |
| |
{ |
| |
/* Handle SIGINT normally in debug mode, so |
| |
ctrl-c continues to operate. */ |
| |
if (option_bool(OPT_DEBUG)) |
| |
exit(EC_MISC); |
| |
else |
| |
event = EVENT_TIME; |
| |
} |
| else |
else |
| return; |
return; |
| |
|
|
Line 1181 static void fatal_event(struct event_desc *ev, char *m
|
Line 1351 static void fatal_event(struct event_desc *ev, char *m
|
| |
|
| case EVENT_FORK_ERR: |
case EVENT_FORK_ERR: |
| die(_("cannot fork into background: %s"), NULL, EC_MISC); |
die(_("cannot fork into background: %s"), NULL, EC_MISC); |
| | |
| | /* fall through */ |
| case EVENT_PIPE_ERR: |
case EVENT_PIPE_ERR: |
| die(_("failed to create helper: %s"), NULL, EC_MISC); |
die(_("failed to create helper: %s"), NULL, EC_MISC); |
| | |
| | /* fall through */ |
| case EVENT_CAP_ERR: |
case EVENT_CAP_ERR: |
| die(_("setting capabilities failed: %s"), NULL, EC_MISC); |
die(_("setting capabilities failed: %s"), NULL, EC_MISC); |
| |
|
| |
/* fall through */ |
| case EVENT_USER_ERR: |
case EVENT_USER_ERR: |
| die(_("failed to change user-id to %s: %s"), msg, EC_MISC); |
die(_("failed to change user-id to %s: %s"), msg, EC_MISC); |
| |
|
| |
/* fall through */ |
| case EVENT_GROUP_ERR: |
case EVENT_GROUP_ERR: |
| die(_("failed to change group-id to %s: %s"), msg, EC_MISC); |
die(_("failed to change group-id to %s: %s"), msg, EC_MISC); |
| | |
| | /* fall through */ |
| case EVENT_PIDFILE: |
case EVENT_PIDFILE: |
| die(_("failed to open pidfile %s: %s"), msg, EC_FILE); |
die(_("failed to open pidfile %s: %s"), msg, EC_FILE); |
| |
|
| |
/* fall through */ |
| case EVENT_LOG_ERR: |
case EVENT_LOG_ERR: |
| die(_("cannot open log %s: %s"), msg, EC_FILE); |
die(_("cannot open log %s: %s"), msg, EC_FILE); |
| | |
| | /* fall through */ |
| case EVENT_LUA_ERR: |
case EVENT_LUA_ERR: |
| die(_("failed to load Lua script: %s"), msg, EC_MISC); |
die(_("failed to load Lua script: %s"), msg, EC_MISC); |
| |
|
| |
/* fall through */ |
| case EVENT_TFTP_ERR: |
case EVENT_TFTP_ERR: |
| die(_("TFTP directory %s inaccessible: %s"), msg, EC_FILE); |
die(_("TFTP directory %s inaccessible: %s"), msg, EC_FILE); |
| | |
| | /* fall through */ |
| case EVENT_TIME_ERR: |
case EVENT_TIME_ERR: |
| die(_("cannot create timestamp file %s: %s" ), msg, EC_BADCONF); |
die(_("cannot create timestamp file %s: %s" ), msg, EC_BADCONF); |
| } |
} |
|
Line 1225 static void async_event(int pipe, time_t now)
|
Line 1404 static void async_event(int pipe, time_t now)
|
| switch (ev.event) |
switch (ev.event) |
| { |
{ |
| case EVENT_RELOAD: |
case EVENT_RELOAD: |
| #ifdef HAVE_DNSSEC | daemon->soa_sn++; /* Bump zone serial, as it may have changed. */ |
| if (option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME)) | |
| { | |
| my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps")); | |
| reset_option_bool(OPT_DNSSEC_TIME); | |
| } | |
| #endif | |
| /* fall through */ |
/* fall through */ |
| |
|
| case EVENT_INIT: |
case EVENT_INIT: |
|
Line 1294 static void async_event(int pipe, time_t now)
|
Line 1468 static void async_event(int pipe, time_t now)
|
| daemon->tcp_pids[i] = 0; |
daemon->tcp_pids[i] = 0; |
| break; |
break; |
| |
|
| |
#if defined(HAVE_SCRIPT) |
| case EVENT_KILLED: |
case EVENT_KILLED: |
| my_syslog(LOG_WARNING, _("script process killed by signal %d"), ev.data); |
my_syslog(LOG_WARNING, _("script process killed by signal %d"), ev.data); |
| break; |
break; |
|
Line 1307 static void async_event(int pipe, time_t now)
|
Line 1482 static void async_event(int pipe, time_t now)
|
| daemon->lease_change_command, strerror(ev.data)); |
daemon->lease_change_command, strerror(ev.data)); |
| break; |
break; |
| |
|
| |
case EVENT_SCRIPT_LOG: |
| |
my_syslog(MS_SCRIPT | LOG_DEBUG, "%s", msg ? msg : ""); |
| |
free(msg); |
| |
msg = NULL; |
| |
break; |
| |
|
| /* necessary for fatal errors in helper */ |
/* necessary for fatal errors in helper */ |
| case EVENT_USER_ERR: |
case EVENT_USER_ERR: |
| case EVENT_DIE: |
case EVENT_DIE: |
| case EVENT_LUA_ERR: |
case EVENT_LUA_ERR: |
| fatal_event(&ev, msg); |
fatal_event(&ev, msg); |
| break; |
break; |
| |
#endif |
| |
|
| case EVENT_REOPEN: |
case EVENT_REOPEN: |
| /* Note: this may leave TCP-handling processes with the old file still open. |
/* Note: this may leave TCP-handling processes with the old file still open. |
|
Line 1332 static void async_event(int pipe, time_t now)
|
Line 1514 static void async_event(int pipe, time_t now)
|
| poll_resolv(0, 1, now); |
poll_resolv(0, 1, now); |
| break; |
break; |
| |
|
| |
case EVENT_TIME: |
| |
#ifdef HAVE_DNSSEC |
| |
if (daemon->dnssec_no_time_check && option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME)) |
| |
{ |
| |
my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps")); |
| |
daemon->dnssec_no_time_check = 0; |
| |
clear_cache_and_reload(now); |
| |
} |
| |
#endif |
| |
break; |
| |
|
| case EVENT_TERM: |
case EVENT_TERM: |
| /* Knock all our children on the head. */ |
/* Knock all our children on the head. */ |
| for (i = 0; i < MAX_PROCS; i++) |
for (i = 0; i < MAX_PROCS; i++) |
|
Line 1348 static void async_event(int pipe, time_t now)
|
Line 1541 static void async_event(int pipe, time_t now)
|
| do { |
do { |
| helper_write(); |
helper_write(); |
| } while (!helper_buf_empty() || do_script_run(now)); |
} while (!helper_buf_empty() || do_script_run(now)); |
| while (retry_send(close(daemon->helperfd))); | close(daemon->helperfd); |
| } |
} |
| #endif |
#endif |
| |
|
|
Line 1359 static void async_event(int pipe, time_t now)
|
Line 1552 static void async_event(int pipe, time_t now)
|
| /* update timestamp file on TERM if time is considered valid */ |
/* update timestamp file on TERM if time is considered valid */ |
| if (daemon->back_to_the_future) |
if (daemon->back_to_the_future) |
| { |
{ |
| if (utime(daemon->timestamp_file, NULL) == -1) | if (utimes(daemon->timestamp_file, NULL) == -1) |
| my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno)); |
my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno)); |
| } |
} |
| #endif |
#endif |
| |
|
| if (daemon->runfile) |
if (daemon->runfile) |
| unlink(daemon->runfile); |
unlink(daemon->runfile); |
| |
|
| |
#ifdef HAVE_DUMPFILE |
| |
if (daemon->dumpfd != -1) |
| |
close(daemon->dumpfd); |
| |
#endif |
| |
|
| my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM")); |
my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM")); |
| flush_log(); |
flush_log(); |
|
Line 1456 void clear_cache_and_reload(time_t now)
|
Line 1654 void clear_cache_and_reload(time_t now)
|
| if (option_bool(OPT_ETHERS)) |
if (option_bool(OPT_ETHERS)) |
| dhcp_read_ethers(); |
dhcp_read_ethers(); |
| reread_dhcp(); |
reread_dhcp(); |
| #ifdef HAVE_INOTIFY |
|
| set_dynamic_inotify(AH_DHCP_HST | AH_DHCP_OPT, 0, NULL, 0); |
|
| #endif |
|
| dhcp_update_configs(daemon->dhcp_conf); |
dhcp_update_configs(daemon->dhcp_conf); |
| lease_update_from_configs(); |
lease_update_from_configs(); |
| lease_update_file(now); |
lease_update_file(now); |
|
Line 1482 static int set_dns_listeners(time_t now)
|
Line 1677 static int set_dns_listeners(time_t now)
|
| #ifdef HAVE_TFTP |
#ifdef HAVE_TFTP |
| int tftp = 0; |
int tftp = 0; |
| struct tftp_transfer *transfer; |
struct tftp_transfer *transfer; |
| for (transfer = daemon->tftp_trans; transfer; transfer = transfer->next) | if (!option_bool(OPT_SINGLE_PORT)) |
| { | for (transfer = daemon->tftp_trans; transfer; transfer = transfer->next) |
| tftp++; | { |
| poll_listen(transfer->sockfd, POLLIN); | tftp++; |
| } | poll_listen(transfer->sockfd, POLLIN); |
| | } |
| #endif |
#endif |
| |
|
| /* will we be able to get memory? */ |
/* will we be able to get memory? */ |
| if (daemon->port != 0) |
if (daemon->port != 0) |
| get_new_frec(now, &wait, 0); | get_new_frec(now, &wait, NULL); |
| |
|
| for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next) |
for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next) |
| poll_listen(serverfdp->fd, POLLIN); |
poll_listen(serverfdp->fd, POLLIN); |
|
Line 1511 static int set_dns_listeners(time_t now)
|
Line 1707 static int set_dns_listeners(time_t now)
|
| we don't need to explicitly arrange to wake up here */ |
we don't need to explicitly arrange to wake up here */ |
| if (listener->tcpfd != -1) |
if (listener->tcpfd != -1) |
| for (i = 0; i < MAX_PROCS; i++) |
for (i = 0; i < MAX_PROCS; i++) |
| if (daemon->tcp_pids[i] == 0) | if (daemon->tcp_pids[i] == 0 && daemon->tcp_pipes[i] == -1) |
| { |
{ |
| poll_listen(listener->tcpfd, POLLIN); |
poll_listen(listener->tcpfd, POLLIN); |
| break; |
break; |
| } |
} |
| |
|
| #ifdef HAVE_TFTP |
#ifdef HAVE_TFTP |
| |
/* tftp == 0 in single-port mode. */ |
| if (tftp <= daemon->tftp_max && listener->tftpfd != -1) |
if (tftp <= daemon->tftp_max && listener->tftpfd != -1) |
| poll_listen(listener->tftpfd, POLLIN); |
poll_listen(listener->tftpfd, POLLIN); |
| #endif |
#endif |
| |
|
| } |
} |
| |
|
| |
if (!option_bool(OPT_DEBUG)) |
| |
for (i = 0; i < MAX_PROCS; i++) |
| |
if (daemon->tcp_pipes[i] != -1) |
| |
poll_listen(daemon->tcp_pipes[i], POLLIN); |
| |
|
| return wait; |
return wait; |
| } |
} |
| |
|
|
Line 1532 static void check_dns_listeners(time_t now)
|
Line 1734 static void check_dns_listeners(time_t now)
|
| struct serverfd *serverfdp; |
struct serverfd *serverfdp; |
| struct listener *listener; |
struct listener *listener; |
| int i; |
int i; |
| int pipefd[2]; |
| | |
| for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next) |
for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next) |
| if (poll_check(serverfdp->fd, POLLIN)) |
if (poll_check(serverfdp->fd, POLLIN)) |
| reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now); |
reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now); |
|
Line 1542 static void check_dns_listeners(time_t now)
|
Line 1745 static void check_dns_listeners(time_t now)
|
| if (daemon->randomsocks[i].refcount != 0 && |
if (daemon->randomsocks[i].refcount != 0 && |
| poll_check(daemon->randomsocks[i].fd, POLLIN)) |
poll_check(daemon->randomsocks[i].fd, POLLIN)) |
| reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now); |
reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now); |
| | |
| | /* Races. The child process can die before we read all of the data from the |
| | pipe, or vice versa. Therefore send tcp_pids to zero when we wait() the |
| | process, and tcp_pipes to -1 and close the FD when we read the last |
| | of the data - indicated by cache_recv_insert returning zero. |
| | The order of these events is indeterminate, and both are needed |
| | to free the process slot. Once the child process has gone, poll() |
| | returns POLLHUP, not POLLIN, so have to check for both here. */ |
| | if (!option_bool(OPT_DEBUG)) |
| | for (i = 0; i < MAX_PROCS; i++) |
| | if (daemon->tcp_pipes[i] != -1 && |
| | poll_check(daemon->tcp_pipes[i], POLLIN | POLLHUP) && |
| | !cache_recv_insert(now, daemon->tcp_pipes[i])) |
| | { |
| | close(daemon->tcp_pipes[i]); |
| | daemon->tcp_pipes[i] = -1; |
| | } |
| | |
| for (listener = daemon->listeners; listener; listener = listener->next) |
for (listener = daemon->listeners; listener; listener = listener->next) |
| { |
{ |
| if (listener->fd != -1 && poll_check(listener->fd, POLLIN)) |
if (listener->fd != -1 && poll_check(listener->fd, POLLIN)) |
|
Line 1568 static void check_dns_listeners(time_t now)
|
Line 1788 static void check_dns_listeners(time_t now)
|
| |
|
| if (getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) == -1) |
if (getsockname(confd, (struct sockaddr *)&tcp_addr, &tcp_len) == -1) |
| { |
{ |
| while (retry_send(close(confd))); | close(confd); |
| continue; |
continue; |
| } |
} |
| |
|
|
Line 1596 static void check_dns_listeners(time_t now)
|
Line 1816 static void check_dns_listeners(time_t now)
|
| if ((if_index = tcp_interface(confd, tcp_addr.sa.sa_family)) != 0 && |
if ((if_index = tcp_interface(confd, tcp_addr.sa.sa_family)) != 0 && |
| indextoname(listener->tcpfd, if_index, intr_name)) |
indextoname(listener->tcpfd, if_index, intr_name)) |
| { |
{ |
| struct all_addr addr; | union all_addr addr; |
| addr.addr.addr4 = tcp_addr.in.sin_addr; | |
| #ifdef HAVE_IPV6 | |
| if (tcp_addr.sa.sa_family == AF_INET6) |
if (tcp_addr.sa.sa_family == AF_INET6) |
| addr.addr.addr6 = tcp_addr.in6.sin6_addr; | addr.addr6 = tcp_addr.in6.sin6_addr; |
| #endif | else |
| | addr.addr4 = tcp_addr.in.sin_addr; |
| |
|
| for (iface = daemon->interfaces; iface; iface = iface->next) |
for (iface = daemon->interfaces; iface; iface = iface->next) |
| if (iface->index == if_index) | if (iface->index == if_index && |
| | iface->addr.sa.sa_family == tcp_addr.sa.sa_family) |
| break; |
break; |
| |
|
| if (!iface && !loopback_exception(listener->tcpfd, tcp_addr.sa.sa_family, &addr, intr_name)) |
if (!iface && !loopback_exception(listener->tcpfd, tcp_addr.sa.sa_family, &addr, intr_name)) |
|
Line 1633 static void check_dns_listeners(time_t now)
|
Line 1854 static void check_dns_listeners(time_t now)
|
| if (!client_ok) |
if (!client_ok) |
| { |
{ |
| shutdown(confd, SHUT_RDWR); |
shutdown(confd, SHUT_RDWR); |
| while (retry_send(close(confd))); | close(confd); |
| } |
} |
| #ifndef NO_FORK | else if (!option_bool(OPT_DEBUG) && pipe(pipefd) == 0 && (p = fork()) != 0) |
| else if (!option_bool(OPT_DEBUG) && (p = fork()) != 0) | |
| { |
{ |
| if (p != -1) | close(pipefd[1]); /* parent needs read pipe end. */ |
| | if (p == -1) |
| | close(pipefd[0]); |
| | else |
| { |
{ |
| int i; |
int i; |
| |
#ifdef HAVE_LINUX_NETWORK |
| |
/* The child process inherits the netlink socket, |
| |
which it never uses, but when the parent (us) |
| |
uses it in the future, the answer may go to the |
| |
child, resulting in the parent blocking |
| |
forever awaiting the result. To avoid this |
| |
the child closes the netlink socket, but there's |
| |
a nasty race, since the parent may use netlink |
| |
before the child has done the close. |
| |
|
| |
To avoid this, the parent blocks here until a |
| |
single byte comes back up the pipe, which |
| |
is sent by the child after it has closed the |
| |
netlink socket. */ |
| |
|
| |
unsigned char a; |
| |
read_write(pipefd[0], &a, 1, 1); |
| |
#endif |
| |
|
| for (i = 0; i < MAX_PROCS; i++) |
for (i = 0; i < MAX_PROCS; i++) |
| if (daemon->tcp_pids[i] == 0) | if (daemon->tcp_pids[i] == 0 && daemon->tcp_pipes[i] == -1) |
| { |
{ |
| daemon->tcp_pids[i] = p; |
daemon->tcp_pids[i] = p; |
| |
daemon->tcp_pipes[i] = pipefd[0]; |
| break; |
break; |
| } |
} |
| } |
} |
| while (retry_send(close(confd))); | close(confd); |
| |
|
| /* The child can use up to TCP_MAX_QUERIES ids, so skip that many. */ |
/* The child can use up to TCP_MAX_QUERIES ids, so skip that many. */ |
| daemon->log_id += TCP_MAX_QUERIES; |
daemon->log_id += TCP_MAX_QUERIES; |
| } |
} |
| #endif |
|
| else |
else |
| { |
{ |
| unsigned char *buff; |
unsigned char *buff; |
|
Line 1661 static void check_dns_listeners(time_t now)
|
Line 1903 static void check_dns_listeners(time_t now)
|
| int flags; |
int flags; |
| struct in_addr netmask; |
struct in_addr netmask; |
| int auth_dns; |
int auth_dns; |
| |
| if (iface) |
if (iface) |
| { |
{ |
| netmask = iface->netmask; |
netmask = iface->netmask; |
|
Line 1673 static void check_dns_listeners(time_t now)
|
Line 1915 static void check_dns_listeners(time_t now)
|
| auth_dns = 0; |
auth_dns = 0; |
| } |
} |
| |
|
| #ifndef NO_FORK | /* Arrange for SIGALRM after CHILD_LIFETIME seconds to |
| /* Arrange for SIGALARM after CHILD_LIFETIME seconds to | |
| terminate the process. */ |
terminate the process. */ |
| if (!option_bool(OPT_DEBUG)) |
if (!option_bool(OPT_DEBUG)) |
| alarm(CHILD_LIFETIME); | { |
| #endif | #ifdef HAVE_LINUX_NETWORK |
| | /* See comment above re: netlink socket. */ |
| | unsigned char a = 0; |
| |
|
| |
close(daemon->netlinkfd); |
| |
read_write(pipefd[1], &a, 1, 0); |
| |
#endif |
| |
alarm(CHILD_LIFETIME); |
| |
close(pipefd[0]); /* close read end in child. */ |
| |
daemon->pipe_to_parent = pipefd[1]; |
| |
} |
| |
|
| /* start with no upstream connections. */ |
/* start with no upstream connections. */ |
| for (s = daemon->servers; s; s = s->next) |
for (s = daemon->servers; s; s = s->next) |
| s->tcpfd = -1; |
s->tcpfd = -1; |
|
Line 1693 static void check_dns_listeners(time_t now)
|
Line 1944 static void check_dns_listeners(time_t now)
|
| buff = tcp_request(confd, now, &tcp_addr, netmask, auth_dns); |
buff = tcp_request(confd, now, &tcp_addr, netmask, auth_dns); |
| |
|
| shutdown(confd, SHUT_RDWR); |
shutdown(confd, SHUT_RDWR); |
| while (retry_send(close(confd))); | close(confd); |
| |
|
| if (buff) |
if (buff) |
| free(buff); |
free(buff); |
|
Line 1702 static void check_dns_listeners(time_t now)
|
Line 1953 static void check_dns_listeners(time_t now)
|
| if (s->tcpfd != -1) |
if (s->tcpfd != -1) |
| { |
{ |
| shutdown(s->tcpfd, SHUT_RDWR); |
shutdown(s->tcpfd, SHUT_RDWR); |
| while (retry_send(close(s->tcpfd))); | close(s->tcpfd); |
| } |
} |
| #ifndef NO_FORK | |
| if (!option_bool(OPT_DEBUG)) |
if (!option_bool(OPT_DEBUG)) |
| { |
{ |
| |
close(daemon->pipe_to_parent); |
| flush_log(); |
flush_log(); |
| _exit(0); |
_exit(0); |
| } |
} |
| #endif |
|
| } |
} |
| } |
} |
| } |
} |
|
Line 1739 int icmp_ping(struct in_addr addr)
|
Line 1990 int icmp_ping(struct in_addr addr)
|
| { |
{ |
| /* Try and get an ICMP echo from a machine. */ |
/* Try and get an ICMP echo from a machine. */ |
| |
|
| /* Note that whilst in the three second wait, we check for | int fd; |
| (and service) events on the DNS and TFTP sockets, (so doing that | |
| better not use any resources our caller has in use...) | |
| but we remain deaf to signals or further DHCP packets. */ | |
| |
| /* There can be a problem using dnsmasq_time() to end the loop, since | |
| it's not monotonic, and can go backwards if the system clock is | |
| tweaked, leading to the code getting stuck in this loop and | |
| ignoring DHCP requests. To fix this, we check to see if select returned | |
| as a result of a timeout rather than a socket becoming available. We | |
| only allow this to happen as many times as it takes to get to the wait time | |
| in quarter-second chunks. This provides a fallback way to end loop. */ | |
| |
| int fd, rc; | |
| struct sockaddr_in saddr; |
struct sockaddr_in saddr; |
| struct { |
struct { |
| struct ip ip; |
struct ip ip; |
| struct icmp icmp; |
struct icmp icmp; |
| } packet; |
} packet; |
| unsigned short id = rand16(); |
unsigned short id = rand16(); |
| unsigned int i, j, timeout_count; | unsigned int i, j; |
| int gotreply = 0; |
int gotreply = 0; |
| time_t start, now; |
|
| |
|
| #if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK) |
#if defined(HAVE_LINUX_NETWORK) || defined (HAVE_SOLARIS_NETWORK) |
| if ((fd = make_icmp_sock()) == -1) |
if ((fd = make_icmp_sock()) == -1) |
|
Line 1791 int icmp_ping(struct in_addr addr)
|
Line 2028 int icmp_ping(struct in_addr addr)
|
| while (retry_send(sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0, |
while (retry_send(sendto(fd, (char *)&packet.icmp, sizeof(struct icmp), 0, |
| (struct sockaddr *)&saddr, sizeof(saddr)))); |
(struct sockaddr *)&saddr, sizeof(saddr)))); |
| |
|
| for (now = start = dnsmasq_time(), timeout_count = 0; | gotreply = delay_dhcp(dnsmasq_time(), PING_WAIT, fd, addr.s_addr, id); |
| (difftime(now, start) < (float)PING_WAIT) && (timeout_count < PING_WAIT * 4);) | |
| | #if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK) |
| | close(fd); |
| | #else |
| | opt = 1; |
| | setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt)); |
| | #endif |
| | |
| | return gotreply; |
| | } |
| | |
| | int delay_dhcp(time_t start, int sec, int fd, uint32_t addr, unsigned short id) |
| | { |
| | /* Delay processing DHCP packets for "sec" seconds counting from "start". |
| | If "fd" is not -1 it will stop waiting if an ICMP echo reply is received |
| | from "addr" with ICMP ID "id" and return 1 */ |
| | |
| | /* Note that whilst waiting, we check for |
| | (and service) events on the DNS and TFTP sockets, (so doing that |
| | better not use any resources our caller has in use...) |
| | but we remain deaf to signals or further DHCP packets. */ |
| | |
| | /* There can be a problem using dnsmasq_time() to end the loop, since |
| | it's not monotonic, and can go backwards if the system clock is |
| | tweaked, leading to the code getting stuck in this loop and |
| | ignoring DHCP requests. To fix this, we check to see if select returned |
| | as a result of a timeout rather than a socket becoming available. We |
| | only allow this to happen as many times as it takes to get to the wait time |
| | in quarter-second chunks. This provides a fallback way to end loop. */ |
| | |
| | int rc, timeout_count; |
| | time_t now; |
| | |
| | for (now = dnsmasq_time(), timeout_count = 0; |
| | (difftime(now, start) <= (float)sec) && (timeout_count < sec * 4);) |
| { |
{ |
| struct sockaddr_in faddr; |
|
| socklen_t len = sizeof(faddr); |
|
| |
|
| poll_reset(); |
poll_reset(); |
| poll_listen(fd, POLLIN); | if (fd != -1) |
| | poll_listen(fd, POLLIN); |
| set_dns_listeners(now); |
set_dns_listeners(now); |
| set_log_writer(); |
set_log_writer(); |
| |
|
|
Line 1815 int icmp_ping(struct in_addr addr)
|
Line 2084 int icmp_ping(struct in_addr addr)
|
| timeout_count++; |
timeout_count++; |
| |
|
| now = dnsmasq_time(); |
now = dnsmasq_time(); |
| |
| check_log_writer(0); |
check_log_writer(0); |
| check_dns_listeners(now); |
check_dns_listeners(now); |
| |
| #ifdef HAVE_DHCP6 |
#ifdef HAVE_DHCP6 |
| if (daemon->doing_ra && poll_check(daemon->icmp6fd, POLLIN)) |
if (daemon->doing_ra && poll_check(daemon->icmp6fd, POLLIN)) |
| icmp6_packet(now); |
icmp6_packet(now); |
|
Line 1828 int icmp_ping(struct in_addr addr)
|
Line 2097 int icmp_ping(struct in_addr addr)
|
| check_tftp_listeners(now); |
check_tftp_listeners(now); |
| #endif |
#endif |
| |
|
| if (poll_check(fd, POLLIN) && | if (fd != -1) |
| recvfrom(fd, &packet, sizeof(packet), 0, | { |
| (struct sockaddr *)&faddr, &len) == sizeof(packet) && | struct { |
| saddr.sin_addr.s_addr == faddr.sin_addr.s_addr && | struct ip ip; |
| packet.icmp.icmp_type == ICMP_ECHOREPLY && | struct icmp icmp; |
| packet.icmp.icmp_seq == 0 && | } packet; |
| packet.icmp.icmp_id == id) | struct sockaddr_in faddr; |
| { | socklen_t len = sizeof(faddr); |
| gotreply = 1; | |
| break; | if (poll_check(fd, POLLIN) && |
| | recvfrom(fd, &packet, sizeof(packet), 0, (struct sockaddr *)&faddr, &len) == sizeof(packet) && |
| | addr == faddr.sin_addr.s_addr && |
| | packet.icmp.icmp_type == ICMP_ECHOREPLY && |
| | packet.icmp.icmp_seq == 0 && |
| | packet.icmp.icmp_id == id) |
| | return 1; |
| } |
} |
| } |
} |
| |
|
| #if defined(HAVE_LINUX_NETWORK) || defined(HAVE_SOLARIS_NETWORK) |
|
| while (retry_send(close(fd))); |
|
| #else |
|
| opt = 1; |
|
| setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt)); |
|
| #endif |
|
| |
|
| return gotreply; | return 0; |
| } |
} |
| #endif | #endif /* HAVE_DHCP */ |
| |
| | |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to dnsmasq.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / dnsmasq / src