/*
* ntpd.c - main program for the fixed point NTP daemon
*/
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif
#include "ntp_machine.h"
#include "ntpd.h"
#include "ntp_io.h"
#include "ntp_stdlib.h"
#include <ntp_random.h>
#include "ntp_syslog.h"
#include "isc/assertions.h"
#include "isc/error.h"
#include "isc/strerror.h"
#include "isc/formatcheck.h"
#ifdef SIM
# include "ntpsim.h"
#endif
#include "ntp_libopts.h"
#include "ntpd-opts.h"
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif
#ifdef HAVE_SYS_STAT_H
# include <sys/stat.h>
#endif
#include <stdio.h>
#if !defined(VMS) /*wjm*/
# ifdef HAVE_SYS_PARAM_H
# include <sys/param.h>
# endif
#endif /* VMS */
#ifdef HAVE_SYS_SIGNAL_H
# include <sys/signal.h>
#else
# include <signal.h>
#endif
#ifdef HAVE_SYS_IOCTL_H
# include <sys/ioctl.h>
#endif /* HAVE_SYS_IOCTL_H */
#ifdef HAVE_SYS_RESOURCE_H
# include <sys/resource.h>
#endif /* HAVE_SYS_RESOURCE_H */
#if defined(HAVE_RTPRIO)
# ifdef HAVE_SYS_RESOURCE_H
# include <sys/resource.h>
# endif
# ifdef HAVE_SYS_LOCK_H
# include <sys/lock.h>
# endif
# include <sys/rtprio.h>
#else
# ifdef HAVE_PLOCK
# ifdef HAVE_SYS_LOCK_H
# include <sys/lock.h>
# endif
# endif
#endif
#if defined(HAVE_SCHED_SETSCHEDULER)
# ifdef HAVE_SCHED_H
# include <sched.h>
# else
# ifdef HAVE_SYS_SCHED_H
# include <sys/sched.h>
# endif
# endif
#endif
#if defined(HAVE_SYS_MMAN_H)
# include <sys/mman.h>
#endif
#ifdef HAVE_TERMIOS_H
# include <termios.h>
#endif
#ifdef SYS_DOMAINOS
# include <apollo/base.h>
#endif /* SYS_DOMAINOS */
#include "recvbuff.h"
#include "ntp_cmdargs.h"
#if 0 /* HMS: I don't think we need this. 961223 */
#ifdef LOCK_PROCESS
# ifdef SYS_SOLARIS
# include <sys/mman.h>
# else
# include <sys/lock.h>
# endif
#endif
#endif
#ifdef _AIX
# include <ulimit.h>
#endif /* _AIX */
#ifdef SCO5_CLOCK
# include <sys/ci/ciioctl.h>
#endif
#ifdef HAVE_DROPROOT
# include <ctype.h>
# include <grp.h>
# include <pwd.h>
#ifdef HAVE_LINUX_CAPABILITIES
# include <sys/capability.h>
# include <sys/prctl.h>
#endif
#endif
/*
* Signals we catch for debugging. If not debugging we ignore them.
*/
#define MOREDEBUGSIG SIGUSR1
#define LESSDEBUGSIG SIGUSR2
/*
* Signals which terminate us gracefully.
*/
#ifndef SYS_WINNT
# define SIGDIE1 SIGHUP
# define SIGDIE3 SIGQUIT
# define SIGDIE2 SIGINT
# define SIGDIE4 SIGTERM
#endif /* SYS_WINNT */
#ifdef HAVE_DNSREGISTRATION
#include <dns_sd.h>
DNSServiceRef mdns;
#endif
/*
* Scheduling priority we run at
*/
#define NTPD_PRIO (-12)
int priority_done = 2; /* 0 - Set priority */
/* 1 - priority is OK where it is */
/* 2 - Don't set priority */
/* 1 and 2 are pretty much the same */
#ifdef DEBUG
/*
* Debugging flag
*/
volatile int debug = 0; /* No debugging by default */
#endif
int listen_to_virtual_ips = 1;
const char *specific_interface = NULL; /* interface name or IP address to bind to */
/*
* No-fork flag. If set, we do not become a background daemon.
*/
int nofork = 0; /* Fork by default */
#ifdef HAVE_DNSREGISTRATION
/*
* mDNS registration flag. If set, we attempt to register with the mDNS system, but only
* after we have synched the first time. If the attempt fails, then try again once per
* minute for up to 5 times. After all, we may be starting before mDNS.
*/
int mdnsreg = 1;
int mdnstries = 5;
#endif /* HAVE_DNSREGISTRATION */
#ifdef HAVE_DROPROOT
int droproot = 0;
char *user = NULL; /* User to switch to */
char *group = NULL; /* group to switch to */
const char *chrootdir = NULL; /* directory to chroot to */
int sw_uid;
int sw_gid;
char *endp;
struct group *gr;
struct passwd *pw;
#endif /* HAVE_DROPROOT */
/*
* Initializing flag. All async routines watch this and only do their
* thing when it is clear.
*/
int initializing;
/*
* Version declaration
*/
extern const char *Version;
char const *progname;
int was_alarmed;
#ifdef DECL_SYSCALL
/*
* We put this here, since the argument profile is syscall-specific
*/
extern int syscall (int, ...);
#endif /* DECL_SYSCALL */
#ifdef SIGDIE2
static RETSIGTYPE finish (int);
#endif /* SIGDIE2 */
#ifdef DEBUG
#ifndef SYS_WINNT
static RETSIGTYPE moredebug (int);
static RETSIGTYPE lessdebug (int);
#endif
#else /* not DEBUG */
static RETSIGTYPE no_debug (int);
#endif /* not DEBUG */
int ntpdmain (int, char **);
static void set_process_priority (void);
void init_logging (char const *, int);
void setup_logfile (void);
static void process_commandline_opts(int *, char ***);
static void assertion_failed (const char *file, int line,
isc_assertiontype_t type, const char *cond);
static void library_fatal_error (const char *file, int line,
const char *format, va_list args) ISC_FORMAT_PRINTF(3, 0);
static void library_unexpected_error(const char *file, int line,
const char *format, va_list args) ISC_FORMAT_PRINTF(3, 0);
/*
* Initialize the logging
*/
void
init_logging(
char const *name,
int log_version
)
{
const char *cp;
/*
* Logging. This may actually work on the gizmo board. Find a name
* to log with by using the basename
*/
cp = strrchr(name, '/');
if (cp == 0)
cp = name;
else
cp++;
#if !defined(VMS)
# ifndef LOG_DAEMON
openlog(cp, LOG_PID);
# else /* LOG_DAEMON */
# ifndef LOG_NTP
# define LOG_NTP LOG_DAEMON
# endif
openlog(cp, LOG_PID | LOG_NDELAY, LOG_NTP);
# ifdef DEBUG
if (debug)
setlogmask(LOG_UPTO(LOG_DEBUG));
else
# endif /* DEBUG */
setlogmask(LOG_UPTO(LOG_DEBUG)); /* @@@ was INFO */
# endif /* LOG_DAEMON */
#endif /* !VMS */
if (log_version)
NLOG(NLOG_SYSINFO) /* 'if' clause for syslog */
msyslog(LOG_NOTICE, "%s", Version);
}
/*
* Redirect logging to a file if requested with -l.
* The ntp.conf logfile directive does not use this code, see
* config_vars() in ntp_config.c.
*/
void
setup_logfile(
void
)
{
if (HAVE_OPT( LOGFILE )) {
const char *my_optarg = OPT_ARG( LOGFILE );
FILE *new_file;
if(strcmp(my_optarg, "stderr") == 0)
new_file = stderr;
else if(strcmp(my_optarg, "stdout") == 0)
new_file = stdout;
else
new_file = fopen(my_optarg, "a");
if (new_file != NULL) {
NLOG(NLOG_SYSINFO)
msyslog(LOG_NOTICE, "logging to file %s", my_optarg);
if (syslog_file != NULL &&
fileno(syslog_file) != fileno(new_file))
(void)fclose(syslog_file);
syslog_file = new_file;
syslogit = 0;
}
else
msyslog(LOG_ERR,
"Cannot open log file %s",
my_optarg);
}
}
static void
process_commandline_opts(
int *pargc,
char ***pargv
)
{
int optct;
optct = ntpOptionProcess(&ntpdOptions, *pargc, *pargv);
*pargc -= optct;
*pargv += optct;
}
#ifdef SIM
int
main(
int argc,
char *argv[]
)
{
process_commandline_opts(&argc, &argv);
return ntpsim(argc, argv);
}
#else /* SIM */
#ifdef NO_MAIN_ALLOWED
CALL(ntpd,"ntpd",ntpdmain);
#else
#ifndef SYS_WINNT
int
main(
int argc,
char *argv[]
)
{
return ntpdmain(argc, argv);
}
#endif /* SYS_WINNT */
#endif /* NO_MAIN_ALLOWED */
#endif /* SIM */
#ifdef _AIX
/*
* OK. AIX is different than solaris in how it implements plock().
* If you do NOT adjust the stack limit, you will get the MAXIMUM
* stack size allocated and PINNED with you program. To check the
* value, use ulimit -a.
*
* To fix this, we create an automatic variable and set our stack limit
* to that PLUS 32KB of extra space (we need some headroom).
*
* This subroutine gets the stack address.
*
* Grover Davidson and Matt Ladendorf
*
*/
static char *
get_aix_stack(void)
{
char ch;
return (&ch);
}
/*
* Signal handler for SIGDANGER.
*/
static void
catch_danger(int signo)
{
msyslog(LOG_INFO, "ntpd: setpgid(): %m");
/* Make the system believe we'll free something, but don't do it! */
return;
}
#endif /* _AIX */
/*
* Set the process priority
*/
static void
set_process_priority(void)
{
#ifdef DEBUG
if (debug > 1)
msyslog(LOG_DEBUG, "set_process_priority: %s: priority_done is <%d>",
((priority_done)
? "Leave priority alone"
: "Attempt to set priority"
),
priority_done);
#endif /* DEBUG */
#if defined(HAVE_SCHED_SETSCHEDULER)
if (!priority_done) {
extern int config_priority_override, config_priority;
int pmax, pmin;
struct sched_param sched;
pmax = sched_get_priority_max(SCHED_FIFO);
sched.sched_priority = pmax;
if ( config_priority_override ) {
pmin = sched_get_priority_min(SCHED_FIFO);
if ( config_priority > pmax )
sched.sched_priority = pmax;
else if ( config_priority < pmin )
sched.sched_priority = pmin;
else
sched.sched_priority = config_priority;
}
if ( sched_setscheduler(0, SCHED_FIFO, &sched) == -1 )
msyslog(LOG_ERR, "sched_setscheduler(): %m");
else
++priority_done;
}
#endif /* HAVE_SCHED_SETSCHEDULER */
#if defined(HAVE_RTPRIO)
# ifdef RTP_SET
if (!priority_done) {
struct rtprio srtp;
srtp.type = RTP_PRIO_REALTIME; /* was: RTP_PRIO_NORMAL */
srtp.prio = 0; /* 0 (hi) -> RTP_PRIO_MAX (31,lo) */
if (rtprio(RTP_SET, getpid(), &srtp) < 0)
msyslog(LOG_ERR, "rtprio() error: %m");
else
++priority_done;
}
# else /* not RTP_SET */
if (!priority_done) {
if (rtprio(0, 120) < 0)
msyslog(LOG_ERR, "rtprio() error: %m");
else
++priority_done;
}
# endif /* not RTP_SET */
#endif /* HAVE_RTPRIO */
#if defined(NTPD_PRIO) && NTPD_PRIO != 0
# ifdef HAVE_ATT_NICE
if (!priority_done) {
errno = 0;
if (-1 == nice (NTPD_PRIO) && errno != 0)
msyslog(LOG_ERR, "nice() error: %m");
else
++priority_done;
}
# endif /* HAVE_ATT_NICE */
# ifdef HAVE_BSD_NICE
if (!priority_done) {
if (-1 == setpriority(PRIO_PROCESS, 0, NTPD_PRIO))
msyslog(LOG_ERR, "setpriority() error: %m");
else
++priority_done;
}
# endif /* HAVE_BSD_NICE */
#endif /* NTPD_PRIO && NTPD_PRIO != 0 */
if (!priority_done)
msyslog(LOG_ERR, "set_process_priority: No way found to improve our priority");
}
/*
* Main program. Initialize us, disconnect us from the tty if necessary,
* and loop waiting for I/O and/or timer expiries.
*/
int
ntpdmain(
int argc,
char *argv[]
)
{
l_fp now;
struct recvbuf *rbuf;
#ifdef _AIX /* HMS: ifdef SIGDANGER? */
struct sigaction sa;
#endif
progname = argv[0];
initializing = 1; /* mark that we are initializing */
process_commandline_opts(&argc, &argv);
init_logging(progname, 1); /* Open the log file */
#ifdef HAVE_UMASK
{
mode_t uv;
uv = umask(0);
if(uv)
(void) umask(uv);
else
(void) umask(022);
}
#endif
#if defined(HAVE_GETUID) && !defined(MPE) /* MPE lacks the concept of root */
{
uid_t uid;
uid = getuid();
if (uid && !HAVE_OPT( SAVECONFIGQUIT )) {
msyslog(LOG_ERR, "ntpd: must be run as root, not uid %ld", (long)uid);
printf("must be run as root, not uid %ld\n", (long)uid);
exit(1);
}
}
#endif
/* getstartup(argc, argv); / * startup configuration, may set debug */
#ifdef DEBUG
debug = DESC(DEBUG_LEVEL).optOccCt;
DPRINTF(1, ("%s\n", Version));
#endif
/* honor -l/--logfile option to log to a file */
setup_logfile();
/*
* Enable the Multi-Media Timer for Windows?
*/
#ifdef SYS_WINNT
if (HAVE_OPT( MODIFYMMTIMER ))
set_mm_timer(MM_TIMER_HIRES);
#endif
if (HAVE_OPT( NOFORK ) || HAVE_OPT( QUIT )
#ifdef DEBUG
|| debug
#endif
|| HAVE_OPT( SAVECONFIGQUIT ))
nofork = 1;
if (HAVE_OPT( NOVIRTUALIPS ))
listen_to_virtual_ips = 0;
/*
* --interface, listen on specified interfaces
*/
if (HAVE_OPT( INTERFACE )) {
int ifacect = STACKCT_OPT( INTERFACE );
const char** ifaces = STACKLST_OPT( INTERFACE );
sockaddr_u addr;
while (ifacect-- > 0) {
add_nic_rule(
is_ip_address(*ifaces, &addr)
? MATCH_IFADDR
: MATCH_IFNAME,
*ifaces, -1, ACTION_LISTEN);
ifaces++;
}
}
if (HAVE_OPT( NICE ))
priority_done = 0;
#if defined(HAVE_SCHED_SETSCHEDULER)
if (HAVE_OPT( PRIORITY )) {
config_priority = OPT_VALUE_PRIORITY;
config_priority_override = 1;
priority_done = 0;
}
#endif
#ifdef SYS_WINNT
/*
* Start interpolation thread, must occur before first
* get_systime()
*/
init_winnt_time();
#endif
/*
* Initialize random generator and public key pair
*/
get_systime(&now);
ntp_srandom((int)(now.l_i * now.l_uf));
#if !defined(VMS)
# ifndef NODETACH
/*
* Detach us from the terminal. May need an #ifndef GIZMO.
*/
if (!nofork) {
/*
* Install trap handlers to log errors and assertion
* failures. Default handlers print to stderr which
* doesn't work if detached.
*/
isc_assertion_setcallback(assertion_failed);
isc_error_setfatal(library_fatal_error);
isc_error_setunexpected(library_unexpected_error);
# ifndef SYS_WINNT
# ifdef HAVE_DAEMON
daemon(0, 0);
# else /* not HAVE_DAEMON */
if (fork()) /* HMS: What about a -1? */
exit(0);
{
#if !defined(F_CLOSEM)
u_long s;
int max_fd;
#endif /* !FCLOSEM */
if (syslog_file != NULL) {
fclose(syslog_file);
syslog_file = NULL;
}
#if defined(F_CLOSEM)
/*
* From 'Writing Reliable AIX Daemons,' SG24-4946-00,
* by Eric Agar (saves us from doing 32767 system
* calls)
*/
if (fcntl(0, F_CLOSEM, 0) == -1)
msyslog(LOG_ERR, "ntpd: failed to close open files(): %m");
#else /* not F_CLOSEM */
# if defined(HAVE_SYSCONF) && defined(_SC_OPEN_MAX)
max_fd = sysconf(_SC_OPEN_MAX);
# else /* HAVE_SYSCONF && _SC_OPEN_MAX */
max_fd = getdtablesize();
# endif /* HAVE_SYSCONF && _SC_OPEN_MAX */
for (s = 0; s < max_fd; s++)
(void) close((int)s);
#endif /* not F_CLOSEM */
(void) open("/", 0);
(void) dup2(0, 1);
(void) dup2(0, 2);
init_logging(progname, 0);
/* we lost our logfile (if any) daemonizing */
setup_logfile();
#ifdef SYS_DOMAINOS
{
uid_$t puid;
status_$t st;
proc2_$who_am_i(&puid);
proc2_$make_server(&puid, &st);
}
#endif /* SYS_DOMAINOS */
#if defined(HAVE_SETPGID) || defined(HAVE_SETSID)
# ifdef HAVE_SETSID
if (setsid() == (pid_t)-1)
msyslog(LOG_ERR, "ntpd: setsid(): %m");
# else
if (setpgid(0, 0) == -1)
msyslog(LOG_ERR, "ntpd: setpgid(): %m");
# endif
#else /* HAVE_SETPGID || HAVE_SETSID */
{
# if defined(TIOCNOTTY)
int fid;
fid = open("/dev/tty", 2);
if (fid >= 0)
{
(void) ioctl(fid, (u_long) TIOCNOTTY, (char *) 0);
(void) close(fid);
}
# endif /* defined(TIOCNOTTY) */
# ifdef HAVE_SETPGRP_0
(void) setpgrp();
# else /* HAVE_SETPGRP_0 */
(void) setpgrp(0, getpid());
# endif /* HAVE_SETPGRP_0 */
}
#endif /* HAVE_SETPGID || HAVE_SETSID */
#ifdef _AIX
/* Don't get killed by low-on-memory signal. */
sa.sa_handler = catch_danger;
sigemptyset(&sa.sa_mask);
sa.sa_flags = SA_RESTART;
(void) sigaction(SIGDANGER, &sa, NULL);
#endif /* _AIX */
}
# endif /* not HAVE_DAEMON */
# endif /* SYS_WINNT */
}
# endif /* NODETACH */
#endif /* VMS */
#ifdef SCO5_CLOCK
/*
* SCO OpenServer's system clock offers much more precise timekeeping
* on the base CPU than the other CPUs (for multiprocessor systems),
* so we must lock to the base CPU.
*/
{
int fd = open("/dev/at1", O_RDONLY);
if (fd >= 0) {
int zero = 0;
if (ioctl(fd, ACPU_LOCK, &zero) < 0)
msyslog(LOG_ERR, "cannot lock to base CPU: %m");
close( fd );
} /* else ...
* If we can't open the device, this probably just isn't
* a multiprocessor system, so we're A-OK.
*/
}
#endif
#if defined(HAVE_MLOCKALL) && defined(MCL_CURRENT) && defined(MCL_FUTURE)
# ifdef HAVE_SETRLIMIT
/*
* Set the stack limit to something smaller, so that we don't lock a lot
* of unused stack memory.
*/
{
struct rlimit rl;
/* HMS: must make the rlim_cur amount configurable */
if (getrlimit(RLIMIT_STACK, &rl) != -1
&& (rl.rlim_cur = 50 * 4096) < rl.rlim_max)
{
if (setrlimit(RLIMIT_STACK, &rl) == -1)
{
msyslog(LOG_ERR,
"Cannot adjust stack limit for mlockall: %m");
}
}
# ifdef RLIMIT_MEMLOCK
/*
* The default RLIMIT_MEMLOCK is very low on Linux systems.
* Unless we increase this limit malloc calls are likely to
* fail if we drop root privlege. To be useful the value
* has to be larger than the largest ntpd resident set size.
*/
rl.rlim_cur = rl.rlim_max = 32*1024*1024;
if (setrlimit(RLIMIT_MEMLOCK, &rl) == -1) {
msyslog(LOG_ERR, "Cannot set RLIMIT_MEMLOCK: %m");
}
# endif /* RLIMIT_MEMLOCK */
}
# endif /* HAVE_SETRLIMIT */
/*
* lock the process into memory
*/
if (mlockall(MCL_CURRENT|MCL_FUTURE) < 0)
msyslog(LOG_ERR, "mlockall(): %m");
#else /* not (HAVE_MLOCKALL && MCL_CURRENT && MCL_FUTURE) */
# ifdef HAVE_PLOCK
# ifdef PROCLOCK
# ifdef _AIX
/*
* set the stack limit for AIX for plock().
* see get_aix_stack() for more info.
*/
if (ulimit(SET_STACKLIM, (get_aix_stack() - 8*4096)) < 0)
{
msyslog(LOG_ERR,"Cannot adjust stack limit for plock on AIX: %m");
}
# endif /* _AIX */
/*
* lock the process into memory
*/
if (plock(PROCLOCK) < 0)
msyslog(LOG_ERR, "plock(PROCLOCK): %m");
# else /* not PROCLOCK */
# ifdef TXTLOCK
/*
* Lock text into ram
*/
if (plock(TXTLOCK) < 0)
msyslog(LOG_ERR, "plock(TXTLOCK) error: %m");
# else /* not TXTLOCK */
msyslog(LOG_ERR, "plock() - don't know what to lock!");
# endif /* not TXTLOCK */
# endif /* not PROCLOCK */
# endif /* HAVE_PLOCK */
#endif /* not (HAVE_MLOCKALL && MCL_CURRENT && MCL_FUTURE) */
/*
* Set up signals we pay attention to locally.
*/
#ifdef SIGDIE1
(void) signal_no_reset(SIGDIE1, finish);
#endif /* SIGDIE1 */
#ifdef SIGDIE2
(void) signal_no_reset(SIGDIE2, finish);
#endif /* SIGDIE2 */
#ifdef SIGDIE3
(void) signal_no_reset(SIGDIE3, finish);
#endif /* SIGDIE3 */
#ifdef SIGDIE4
(void) signal_no_reset(SIGDIE4, finish);
#endif /* SIGDIE4 */
#ifdef SIGBUS
(void) signal_no_reset(SIGBUS, finish);
#endif /* SIGBUS */
#if !defined(SYS_WINNT) && !defined(VMS)
# ifdef DEBUG
(void) signal_no_reset(MOREDEBUGSIG, moredebug);
(void) signal_no_reset(LESSDEBUGSIG, lessdebug);
# else
(void) signal_no_reset(MOREDEBUGSIG, no_debug);
(void) signal_no_reset(LESSDEBUGSIG, no_debug);
# endif /* DEBUG */
#endif /* !SYS_WINNT && !VMS */
/*
* Set up signals we should never pay attention to.
*/
#if defined SIGPIPE
(void) signal_no_reset(SIGPIPE, SIG_IGN);
#endif /* SIGPIPE */
/*
* Call the init_ routines to initialize the data structures.
*
* Exactly what command-line options are we expecting here?
*/
init_auth();
init_util();
init_restrict();
init_mon();
init_timer();
init_lib();
init_request();
init_control();
init_peer();
#ifdef REFCLOCK
init_refclock();
#endif
set_process_priority();
init_proto(); /* Call at high priority */
init_io();
init_loopfilter();
mon_start(MON_ON); /* monitor on by default now */
/* turn off in config if unwanted */
/*
* Get the configuration. This is done in a separate module
* since this will definitely be different for the gizmo board.
*/
getconfig(argc, argv);
report_event(EVNT_SYSRESTART, NULL, NULL);
loop_config(LOOP_DRIFTCOMP, old_drift);
initializing = 0;
#ifdef HAVE_DROPROOT
if( droproot ) {
/* Drop super-user privileges and chroot now if the OS supports this */
#ifdef HAVE_LINUX_CAPABILITIES
/* set flag: keep privileges accross setuid() call (we only really need cap_sys_time): */
if (prctl( PR_SET_KEEPCAPS, 1L, 0L, 0L, 0L ) == -1) {
msyslog( LOG_ERR, "prctl( PR_SET_KEEPCAPS, 1L ) failed: %m" );
exit(-1);
}
#else
/* we need a user to switch to */
if (user == NULL) {
msyslog(LOG_ERR, "Need user name to drop root privileges (see -u flag!)" );
exit(-1);
}
#endif /* HAVE_LINUX_CAPABILITIES */
if (user != NULL) {
if (isdigit((unsigned char)*user)) {
sw_uid = (uid_t)strtoul(user, &endp, 0);
if (*endp != '\0')
goto getuser;
if ((pw = getpwuid(sw_uid)) != NULL) {
user = strdup(pw->pw_name);
if (NULL == user) {
msyslog(LOG_ERR, "strdup() failed: %m");
exit (-1);
}
sw_gid = pw->pw_gid;
} else {
errno = 0;
msyslog(LOG_ERR, "Cannot find user ID %s", user);
exit (-1);
}
} else {
getuser:
errno = 0;
if ((pw = getpwnam(user)) != NULL) {
sw_uid = pw->pw_uid;
sw_gid = pw->pw_gid;
} else {
if (errno)
msyslog(LOG_ERR, "getpwnam(%s) failed: %m", user);
else
msyslog(LOG_ERR, "Cannot find user `%s'", user);
exit (-1);
}
}
}
if (group != NULL) {
if (isdigit((unsigned char)*group)) {
sw_gid = (gid_t)strtoul(group, &endp, 0);
if (*endp != '\0')
goto getgroup;
} else {
getgroup:
if ((gr = getgrnam(group)) != NULL) {
sw_gid = gr->gr_gid;
} else {
errno = 0;
msyslog(LOG_ERR, "Cannot find group `%s'", group);
exit (-1);
}
}
}
if (chrootdir ) {
/* make sure cwd is inside the jail: */
if (chdir(chrootdir)) {
msyslog(LOG_ERR, "Cannot chdir() to `%s': %m", chrootdir);
exit (-1);
}
if (chroot(chrootdir)) {
msyslog(LOG_ERR, "Cannot chroot() to `%s': %m", chrootdir);
exit (-1);
}
if (chdir("/")) {
msyslog(LOG_ERR, "Cannot chdir() to`root after chroot(): %m");
exit (-1);
}
}
if (user && initgroups(user, sw_gid)) {
msyslog(LOG_ERR, "Cannot initgroups() to user `%s': %m", user);
exit (-1);
}
if (group && setgid(sw_gid)) {
msyslog(LOG_ERR, "Cannot setgid() to group `%s': %m", group);
exit (-1);
}
if (group && setegid(sw_gid)) {
msyslog(LOG_ERR, "Cannot setegid() to group `%s': %m", group);
exit (-1);
}
if (user && setuid(sw_uid)) {
msyslog(LOG_ERR, "Cannot setuid() to user `%s': %m", user);
exit (-1);
}
if (user && seteuid(sw_uid)) {
msyslog(LOG_ERR, "Cannot seteuid() to user `%s': %m", user);
exit (-1);
}
#ifndef HAVE_LINUX_CAPABILITIES
/*
* for now assume that the privilege to bind to privileged ports
* is associated with running with uid 0 - should be refined on
* ports that allow binding to NTP_PORT with uid != 0
*/
disable_dynamic_updates |= (sw_uid != 0); /* also notifies routing message listener */
#endif
if (disable_dynamic_updates && interface_interval) {
interface_interval = 0;
msyslog(LOG_INFO, "running in unprivileged mode disables dynamic interface tracking");
}
#ifdef HAVE_LINUX_CAPABILITIES
do {
/*
* We may be running under non-root uid now, but we still hold full root privileges!
* We drop all of them, except for the crucial one or two: cap_sys_time and
* cap_net_bind_service if doing dynamic interface tracking.
*/
cap_t caps;
char *captext = (interface_interval)
? "cap_sys_time,cap_net_bind_service=ipe"
: "cap_sys_time=ipe";
if( ! ( caps = cap_from_text( captext ) ) ) {
msyslog( LOG_ERR, "cap_from_text() failed: %m" );
exit(-1);
}
if( cap_set_proc( caps ) == -1 ) {
msyslog( LOG_ERR, "cap_set_proc() failed to drop root privileges: %m" );
exit(-1);
}
cap_free( caps );
} while(0);
#endif /* HAVE_LINUX_CAPABILITIES */
} /* if( droproot ) */
#endif /* HAVE_DROPROOT */
/*
* Use select() on all on all input fd's for unlimited
* time. select() will terminate on SIGALARM or on the
* reception of input. Using select() means we can't do
* robust signal handling and we get a potential race
* between checking for alarms and doing the select().
* Mostly harmless, I think.
*/
/* On VMS, I suspect that select() can't be interrupted
* by a "signal" either, so I take the easy way out and
* have select() time out after one second.
* System clock updates really aren't time-critical,
* and - lacking a hardware reference clock - I have
* yet to learn about anything else that is.
*/
#if defined(HAVE_IO_COMPLETION_PORT)
for (;;) {
GetReceivedBuffers();
#else /* normal I/O */
BLOCK_IO_AND_ALARM();
was_alarmed = 0;
for (;;)
{
# if !defined(HAVE_SIGNALED_IO)
extern fd_set activefds;
extern int maxactivefd;
fd_set rdfdes;
int nfound;
# endif
if (alarm_flag) /* alarmed? */
{
was_alarmed = 1;
alarm_flag = 0;
}
if (!was_alarmed && has_full_recv_buffer() == ISC_FALSE)
{
/*
* Nothing to do. Wait for something.
*/
# ifndef HAVE_SIGNALED_IO
rdfdes = activefds;
# if defined(VMS) || defined(SYS_VXWORKS)
/* make select() wake up after one second */
{
struct timeval t1;
t1.tv_sec = 1; t1.tv_usec = 0;
nfound = select(maxactivefd+1, &rdfdes, (fd_set *)0,
(fd_set *)0, &t1);
}
# else
nfound = select(maxactivefd+1, &rdfdes, (fd_set *)0,
(fd_set *)0, (struct timeval *)0);
# endif /* VMS */
if (nfound > 0)
{
l_fp ts;
get_systime(&ts);
(void)input_handler(&ts);
}
else if (nfound == -1 && errno != EINTR)
msyslog(LOG_ERR, "select() error: %m");
# ifdef DEBUG
else if (debug > 5)
msyslog(LOG_DEBUG, "select(): nfound=%d, error: %m", nfound);
# endif /* DEBUG */
# else /* HAVE_SIGNALED_IO */
wait_for_signal();
# endif /* HAVE_SIGNALED_IO */
if (alarm_flag) /* alarmed? */
{
was_alarmed = 1;
alarm_flag = 0;
}
}
if (was_alarmed)
{
UNBLOCK_IO_AND_ALARM();
/*
* Out here, signals are unblocked. Call timer routine
* to process expiry.
*/
timer();
was_alarmed = 0;
BLOCK_IO_AND_ALARM();
}
#endif /* ! HAVE_IO_COMPLETION_PORT */
#ifdef DEBUG_TIMING
{
l_fp pts;
l_fp tsa, tsb;
int bufcount = 0;
get_systime(&pts);
tsa = pts;
#endif
rbuf = get_full_recv_buffer();
while (rbuf != NULL)
{
if (alarm_flag)
{
was_alarmed = 1;
alarm_flag = 0;
}
UNBLOCK_IO_AND_ALARM();
if (was_alarmed)
{ /* avoid timer starvation during lengthy I/O handling */
timer();
was_alarmed = 0;
}
/*
* Call the data procedure to handle each received
* packet.
*/
if (rbuf->receiver != NULL) /* This should always be true */
{
#ifdef DEBUG_TIMING
l_fp dts = pts;
L_SUB(&dts, &rbuf->recv_time);
DPRINTF(2, ("processing timestamp delta %s (with prec. fuzz)\n", lfptoa(&dts, 9)));
collect_timing(rbuf, "buffer processing delay", 1, &dts);
bufcount++;
#endif
(rbuf->receiver)(rbuf);
} else {
msyslog(LOG_ERR, "receive buffer corruption - receiver found to be NULL - ABORTING");
abort();
}
BLOCK_IO_AND_ALARM();
freerecvbuf(rbuf);
rbuf = get_full_recv_buffer();
}
#ifdef DEBUG_TIMING
get_systime(&tsb);
L_SUB(&tsb, &tsa);
if (bufcount) {
collect_timing(NULL, "processing", bufcount, &tsb);
DPRINTF(2, ("processing time for %d buffers %s\n", bufcount, lfptoa(&tsb, 9)));
}
}
#endif
/*
* Go around again
*/
#ifdef HAVE_DNSREGISTRATION
if (mdnsreg && (current_time - mdnsreg ) > 60 && mdnstries && sys_leap != LEAP_NOTINSYNC) {
mdnsreg = current_time;
msyslog(LOG_INFO, "Attempting to register mDNS");
if ( DNSServiceRegister (&mdns, 0, 0, NULL, "_ntp._udp", NULL, NULL,
htons(NTP_PORT), 0, NULL, NULL, NULL) != kDNSServiceErr_NoError ) {
if (!--mdnstries) {
msyslog(LOG_ERR, "Unable to register mDNS, giving up.");
} else {
msyslog(LOG_INFO, "Unable to register mDNS, will try later.");
}
} else {
msyslog(LOG_INFO, "mDNS service registered.");
mdnsreg = 0;
}
}
#endif /* HAVE_DNSREGISTRATION */
}
UNBLOCK_IO_AND_ALARM();
return 1;
}
#ifdef SIGDIE2
/*
* finish - exit gracefully
*/
static RETSIGTYPE
finish(
int sig
)
{
msyslog(LOG_NOTICE, "ntpd exiting on signal %d", sig);
#ifdef HAVE_DNSREGISTRATION
if (mdns != NULL)
DNSServiceRefDeallocate(mdns);
#endif
switch (sig) {
# ifdef SIGBUS
case SIGBUS:
printf("\nfinish(SIGBUS)\n");
exit(0);
# endif
case 0: /* Should never happen... */
return;
default:
exit(0);
}
}
#endif /* SIGDIE2 */
/* assertion_failed
* Redirect trap messages from ISC libraries to syslog.
* This code was cloned and simplified from BIND.
*/
/*
* assertion_failed - Handle assertion failures.
*/
static void
assertion_failed(const char *file, int line, isc_assertiontype_t type,
const char *cond)
{
isc_assertion_setcallback(NULL); /* Avoid recursion */
msyslog(LOG_ERR, "%s:%d: %s(%s) failed",
file, line, isc_assertion_typetotext(type), cond);
msyslog(LOG_ERR, "exiting (due to assertion failure)");
abort();
}
/*
* library_fatal_error - Handle fatal errors from our libraries.
*/
static void
library_fatal_error(const char *file, int line, const char *format,
va_list args)
{
char errbuf[256];
isc_error_setfatal(NULL); /* Avoid recursion */
msyslog(LOG_ERR, "%s:%d: fatal error:", file, line);
vsnprintf(errbuf, sizeof(errbuf), format, args);
msyslog(LOG_ERR, errbuf);
msyslog(LOG_ERR, "exiting (due to fatal error in library)");
abort();
}
/*
* library_unexpected_error - Handle non fatal errors from our libraries.
*/
#define MAX_UNEXPECTED_ERRORS 100
int unexpected_error_cnt = 0;
static void
library_unexpected_error(const char *file, int line, const char *format,
va_list args)
{
char errbuf[256];
if (unexpected_error_cnt >= MAX_UNEXPECTED_ERRORS)
return; /* avoid clutter in log */
msyslog(LOG_ERR, "%s:%d: unexpected error:", file, line);
vsnprintf(errbuf, sizeof(errbuf), format, args);
msyslog(LOG_ERR, errbuf);
if (++unexpected_error_cnt == MAX_UNEXPECTED_ERRORS)
{
msyslog(LOG_ERR, "Too many errors. Shutting up.");
}
}
#ifdef DEBUG
#ifndef SYS_WINNT
/*
* moredebug - increase debugging verbosity
*/
static RETSIGTYPE
moredebug(
int sig
)
{
int saved_errno = errno;
if (debug < 255)
{
debug++;
msyslog(LOG_DEBUG, "debug raised to %d", debug);
}
errno = saved_errno;
}
/*
* lessdebug - decrease debugging verbosity
*/
static RETSIGTYPE
lessdebug(
int sig
)
{
int saved_errno = errno;
if (debug > 0)
{
debug--;
msyslog(LOG_DEBUG, "debug lowered to %d", debug);
}
errno = saved_errno;
}
#endif
#else /* not DEBUG */
#ifndef SYS_WINNT
/*
* no_debug - We don't do the debug here.
*/
static RETSIGTYPE
no_debug(
int sig
)
{
int saved_errno = errno;
msyslog(LOG_DEBUG, "ntpd not compiled for debugging (signal %d)", sig);
errno = saved_errno;
}
#endif /* not SYS_WINNT */
#endif /* not DEBUG */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to ntpd.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ntp / ntpd