1 /* dnsmasq is Copyright (c) 2000-2009 Simon Kelley 2 3 This program is free software; you can redistribute it and/or modify 4 it under the terms of the GNU General Public License as published by 5 the Free Software Foundation; version 2 dated June, 1991, or 6 (at your option) version 3 dated 29 June, 2007. 7 8 This program is distributed in the hope that it will be useful, 9 but WITHOUT ANY WARRANTY; without even the implied warranty of 10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 GNU General Public License for more details. 12 13 You should have received a copy of the GNU General Public License 14 along with this program. If not, see <http://www.gnu.org/licenses/>. 15 */ 16 17 #include "dnsmasq.h" 18 19 #include <sys/stat.h> 20 21 #if defined(HAVE_BSD_NETWORK) 22 #error Should not HAVE_BSD_NETWORK 23 #endif 24 25 #if defined(HAVE_SOCKADDR_SA_LEN) 26 #error Should not HAVE_SOCKADDR_SA_LEN 27 #endif 28 29 #if defined(HAVE_SOLARIS_NETWORK) 30 #error Should not HAVE_SOLARIS_NETWORK 31 #endif 32 33 #if !defined(HAVE_LINUX_NETWORK) 34 #error Should HAVE_LINUX_NETWORK 35 #endif 36 37 struct daemon* daemon; 38 39 static char* compile_opts = 40 #ifndef HAVE_IPV6 41 "no-" 42 #endif 43 "IPv6 " 44 #ifndef HAVE_GETOPT_LONG 45 "no-" 46 #endif 47 "GNU-getopt " 48 #ifdef HAVE_BROKEN_RTC 49 "no-RTC " 50 #endif 51 #ifdef NO_FORK 52 "no-MMU " 53 #endif 54 #ifndef LOCALEDIR 55 "no-" 56 #endif 57 "I18N " 58 #ifndef HAVE_DHCP 59 "no-" 60 #endif 61 "DHCP " 62 #if defined(HAVE_DHCP) && !defined(HAVE_SCRIPT) 63 "no-scripts" 64 #endif 65 ""; 66 67 static volatile pid_t pid = 0; 68 static volatile int pipewrite; 69 70 static int set_dns_listeners(time_t now, fd_set* set, int* maxfdp); 71 static void check_dns_listeners(fd_set* set, time_t now); 72 static void sig_handler(int sig); 73 static void async_event(int pipe, time_t now); 74 static void fatal_event(struct event_desc* ev); 75 static void poll_resolv(void); 76 #ifdef __ANDROID__ 77 static int set_android_listeners(fd_set* set, int* maxfdp); 78 static int check_android_listeners(fd_set* set); 79 #endif 80 81 void setupSignalHandling() { 82 struct sigaction sigact; 83 84 sigact.sa_handler = sig_handler; 85 sigact.sa_flags = 0; 86 sigemptyset(&sigact.sa_mask); 87 sigaction(SIGUSR1, &sigact, NULL); 88 sigaction(SIGUSR2, &sigact, NULL); 89 sigaction(SIGHUP, &sigact, NULL); 90 sigaction(SIGTERM, &sigact, NULL); 91 sigaction(SIGALRM, &sigact, NULL); 92 sigaction(SIGCHLD, &sigact, NULL); 93 94 /* ignore SIGPIPE */ 95 sigact.sa_handler = SIG_IGN; 96 sigaction(SIGPIPE, &sigact, NULL); 97 } 98 99 void closeUnwantedFileDescriptors() { 100 const long kMaxFd = sysconf(_SC_OPEN_MAX); 101 long i; 102 struct stat stat_buf; 103 104 /* Close any file descriptors we inherited apart from std{in|out|err}. */ 105 for (i = 0; i < kMaxFd; i++) { 106 // TODO: Evaluate just skipping STDIN, since netd does not 107 // (intentionally) pass in any other file descriptors. 108 if (i == STDOUT_FILENO || i == STDERR_FILENO || i == STDIN_FILENO) { 109 continue; 110 } 111 112 if (fstat(i, &stat_buf) != 0) { 113 if (errno == EBADF) continue; 114 if (errno == EACCES) continue; // Lessen the log spam. 115 my_syslog(LOG_ERR, "fstat(%d) error: %d/%s", i, errno, strerror(errno)); 116 } else { 117 my_syslog(LOG_ERR, "Closing inherited file descriptor %d (%u:%u)", i, stat_buf.st_dev, 118 stat_buf.st_ino); 119 } 120 close(i); 121 } 122 } 123 124 int main(int argc, char** argv) { 125 int bind_fallback = 0; 126 time_t now; 127 struct iname* if_tmp; 128 int piperead, pipefd[2], err_pipe[2]; 129 struct passwd* ent_pw = NULL; 130 #if defined(HAVE_DHCP) && defined(HAVE_SCRIPT) 131 uid_t script_uid = 0; 132 gid_t script_gid = 0; 133 #endif 134 struct group* gp = NULL; 135 long i, max_fd = sysconf(_SC_OPEN_MAX); 136 char* baduser = NULL; 137 int log_err; 138 #if defined(HAVE_LINUX_NETWORK) 139 cap_user_header_t hdr = NULL; 140 cap_user_data_t data = NULL; 141 #endif 142 143 #ifdef LOCALEDIR 144 setlocale(LC_ALL, ""); 145 bindtextdomain("dnsmasq", LOCALEDIR); 146 textdomain("dnsmasq"); 147 #endif 148 149 setupSignalHandling(); 150 151 umask(022); /* known umask, create leases and pid files as 0644 */ 152 153 read_opts(argc, argv, compile_opts); 154 155 if (daemon->edns_pktsz < PACKETSZ) daemon->edns_pktsz = PACKETSZ; 156 daemon->packet_buff_sz = 157 daemon->edns_pktsz > DNSMASQ_PACKETSZ ? daemon->edns_pktsz : DNSMASQ_PACKETSZ; 158 daemon->packet = safe_malloc(daemon->packet_buff_sz); 159 160 #ifdef HAVE_DHCP 161 if (!daemon->lease_file) { 162 if (daemon->dhcp) daemon->lease_file = LEASEFILE; 163 } 164 #endif 165 166 closeUnwantedFileDescriptors(); 167 168 #ifdef HAVE_LINUX_NETWORK 169 netlink_init(); 170 #elif !(defined(IP_RECVDSTADDR) && defined(IP_RECVIF) && defined(IP_SENDSRCADDR)) 171 if (!(daemon->options & OPT_NOWILD)) { 172 bind_fallback = 1; 173 daemon->options |= OPT_NOWILD; 174 } 175 #endif 176 177 rand_init(); 178 179 now = dnsmasq_time(); 180 181 #ifdef HAVE_DHCP 182 if (daemon->dhcp) { 183 /* Note that order matters here, we must call lease_init before 184 creating any file descriptors which shouldn't be leaked 185 to the lease-script init process. */ 186 lease_init(now); 187 dhcp_init(); 188 } 189 #endif 190 191 if (!enumerate_interfaces()) die(_("failed to find list of interfaces: %s"), NULL, EC_MISC); 192 193 if (daemon->options & OPT_NOWILD) { 194 daemon->listeners = create_bound_listeners(); 195 196 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next) 197 if (if_tmp->name && !if_tmp->used) 198 die(_("unknown interface %s"), if_tmp->name, EC_BADNET); 199 200 for (if_tmp = daemon->if_addrs; if_tmp; if_tmp = if_tmp->next) 201 if (!if_tmp->used) { 202 prettyprint_addr(&if_tmp->addr, daemon->namebuff); 203 die(_("no interface with address %s"), daemon->namebuff, EC_BADNET); 204 } 205 } else if ((daemon->port != 0 || (daemon->options & OPT_TFTP)) && 206 !(daemon->listeners = create_wildcard_listeners())) 207 die(_("failed to create listening socket: %s"), NULL, EC_BADNET); 208 209 if (daemon->port != 0) cache_init(); 210 211 if (daemon->port != 0) pre_allocate_sfds(); 212 213 #if defined(HAVE_DHCP) && defined(HAVE_SCRIPT) 214 /* Note getpwnam returns static storage */ 215 if (daemon->dhcp && daemon->lease_change_command && daemon->scriptuser) { 216 if ((ent_pw = getpwnam(daemon->scriptuser))) { 217 script_uid = ent_pw->pw_uid; 218 script_gid = ent_pw->pw_gid; 219 } else 220 baduser = daemon->scriptuser; 221 } 222 #endif 223 224 if (daemon->username && !(ent_pw = getpwnam(daemon->username))) 225 baduser = daemon->username; 226 else if (daemon->groupname && !(gp = getgrnam(daemon->groupname))) 227 baduser = daemon->groupname; 228 229 if (baduser) die(_("unknown user or group: %s"), baduser, EC_BADCONF); 230 231 /* implement group defaults, "dip" if available, or group associated with uid */ 232 if (!daemon->group_set && !gp) { 233 if (!(gp = getgrnam(CHGRP)) && ent_pw) gp = getgrgid(ent_pw->pw_gid); 234 235 /* for error message */ 236 if (gp) daemon->groupname = gp->gr_name; 237 } 238 239 #if defined(HAVE_LINUX_NETWORK) 240 /* determine capability API version here, while we can still 241 call safe_malloc */ 242 if (ent_pw && ent_pw->pw_uid != 0) { 243 int capsize = 1; /* for header version 1 */ 244 hdr = safe_malloc(sizeof(*hdr)); 245 246 /* find version supported by kernel */ 247 memset(hdr, 0, sizeof(*hdr)); 248 capget(hdr, NULL); 249 250 if (hdr->version != LINUX_CAPABILITY_VERSION_1) { 251 /* if unknown version, use largest supported version (3) */ 252 if (hdr->version != LINUX_CAPABILITY_VERSION_2) 253 hdr->version = LINUX_CAPABILITY_VERSION_3; 254 capsize = 2; 255 } 256 257 data = safe_malloc(sizeof(*data) * capsize); 258 memset(data, 0, sizeof(*data) * capsize); 259 } 260 #endif 261 262 /* Use a pipe to carry signals and other events back to the event loop 263 in a race-free manner and another to carry errors to daemon-invoking process */ 264 safe_pipe(pipefd, 1); 265 266 piperead = pipefd[0]; 267 pipewrite = pipefd[1]; 268 /* prime the pipe to load stuff first time. */ 269 send_event(pipewrite, EVENT_RELOAD, 0); 270 271 err_pipe[1] = -1; 272 273 if (!(daemon->options & OPT_DEBUG)) { 274 #ifndef __ANDROID__ 275 int nullfd; 276 #endif 277 278 /* The following code "daemonizes" the process. 279 See Stevens section 12.4 */ 280 281 if (chdir("/") != 0) die(_("cannot chdir to filesystem root: %s"), NULL, EC_MISC); 282 283 #ifndef NO_FORK 284 if (!(daemon->options & OPT_NO_FORK)) { 285 pid_t pid; 286 287 /* pipe to carry errors back to original process. 288 When startup is complete we close this and the process terminates. */ 289 safe_pipe(err_pipe, 0); 290 291 if ((pid = fork()) == -1) /* fd == -1 since we've not forked, never returns. */ 292 send_event(-1, EVENT_FORK_ERR, errno); 293 294 if (pid != 0) { 295 struct event_desc ev; 296 297 /* close our copy of write-end */ 298 close(err_pipe[1]); 299 300 /* check for errors after the fork */ 301 if (read_write(err_pipe[0], (unsigned char*) &ev, sizeof(ev), 1)) fatal_event(&ev); 302 303 _exit(EC_GOOD); 304 } 305 306 close(err_pipe[0]); 307 308 /* NO calls to die() from here on. */ 309 310 setsid(); 311 312 if ((pid = fork()) == -1) send_event(err_pipe[1], EVENT_FORK_ERR, errno); 313 314 if (pid != 0) _exit(0); 315 } 316 #endif 317 318 /* write pidfile _after_ forking ! */ 319 if (daemon->runfile) { 320 FILE* pidfile; 321 322 /* only complain if started as root */ 323 if ((pidfile = fopen(daemon->runfile, "w"))) { 324 fprintf(pidfile, "%d\n", (int) getpid()); 325 fclose(pidfile); 326 } else if (getuid() == 0) { 327 send_event(err_pipe[1], EVENT_PIDFILE, errno); 328 _exit(0); 329 } 330 } 331 332 #ifndef __ANDROID__ 333 /* open stdout etc to /dev/null */ 334 nullfd = open("/dev/null", O_RDWR); 335 dup2(nullfd, STDOUT_FILENO); 336 dup2(nullfd, STDERR_FILENO); 337 dup2(nullfd, STDIN_FILENO); 338 close(nullfd); 339 #endif 340 } 341 342 log_err = log_start(ent_pw, err_pipe[1]); 343 344 /* if we are to run scripts, we need to fork a helper before dropping root. */ 345 daemon->helperfd = -1; 346 #if defined(HAVE_DHCP) && defined(HAVE_SCRIPT) 347 if (daemon->dhcp && daemon->lease_change_command) 348 daemon->helperfd = create_helper(pipewrite, err_pipe[1], script_uid, script_gid, max_fd); 349 #endif 350 351 if (!(daemon->options & OPT_DEBUG) && getuid() == 0) { 352 int bad_capabilities = 0; 353 gid_t dummy; 354 355 /* remove all supplimentary groups */ 356 if (gp && (setgroups(0, &dummy) == -1 || setgid(gp->gr_gid) == -1)) { 357 send_event(err_pipe[1], EVENT_GROUP_ERR, errno); 358 _exit(0); 359 } 360 361 if (ent_pw && ent_pw->pw_uid != 0) { 362 #if defined(HAVE_LINUX_NETWORK) 363 /* On linux, we keep CAP_NETADMIN (for ARP-injection) and 364 CAP_NET_RAW (for icmp) if we're doing dhcp */ 365 data->effective = data->permitted = data->inheritable = 366 #ifdef __ANDROID__ 367 (1 << CAP_NET_BIND_SERVICE) | 368 #endif 369 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID); 370 371 /* Tell kernel to not clear capabilities when dropping root */ 372 if (capset(hdr, data) == -1 || prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1) 373 bad_capabilities = errno; 374 375 #endif 376 377 if (bad_capabilities != 0) { 378 send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities); 379 _exit(0); 380 } 381 382 /* finally drop root */ 383 if (setuid(ent_pw->pw_uid) == -1) { 384 send_event(err_pipe[1], EVENT_USER_ERR, errno); 385 _exit(0); 386 } 387 388 #ifdef HAVE_LINUX_NETWORK 389 data->effective = data->permitted = 390 #ifdef __ANDROID__ 391 (1 << CAP_NET_BIND_SERVICE) | 392 #endif 393 (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW); 394 data->inheritable = 0; 395 396 /* lose the setuid and setgid capbilities */ 397 if (capset(hdr, data) == -1) { 398 send_event(err_pipe[1], EVENT_CAP_ERR, errno); 399 _exit(0); 400 } 401 #endif 402 } 403 } 404 405 #ifdef HAVE_LINUX_NETWORK 406 if (daemon->options & OPT_DEBUG) prctl(PR_SET_DUMPABLE, 1, 0, 0, 0); 407 #endif 408 409 if (daemon->port == 0) 410 my_syslog(LOG_INFO, _("started, version %s DNS disabled"), VERSION); 411 else if (daemon->cachesize != 0) 412 my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize); 413 else 414 my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION); 415 416 my_syslog(LOG_INFO, _("compile time options: %s"), compile_opts); 417 418 if (log_err != 0) 419 my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"), daemon->log_file, 420 strerror(log_err)); 421 422 if (bind_fallback) 423 my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations")); 424 425 if (!(daemon->options & OPT_NOWILD)) 426 for (if_tmp = daemon->if_names; if_tmp; if_tmp = if_tmp->next) 427 if (if_tmp->name && !if_tmp->used) 428 my_syslog(LOG_WARNING, _("warning: interface %s does not currently exist"), 429 if_tmp->name); 430 431 if (daemon->port != 0 && (daemon->options & OPT_NO_RESOLV)) { 432 if (daemon->resolv_files && !daemon->resolv_files->is_default) 433 my_syslog(LOG_WARNING, 434 _("warning: ignoring resolv-file flag because no-resolv is set")); 435 daemon->resolv_files = NULL; 436 if (!daemon->servers) my_syslog(LOG_WARNING, _("warning: no upstream servers configured")); 437 } 438 439 if (daemon->max_logs != 0) 440 my_syslog(LOG_INFO, _("asynchronous logging enabled, queue limit is %d messages"), 441 daemon->max_logs); 442 443 #ifdef HAVE_DHCP 444 if (daemon->dhcp) { 445 struct dhcp_context* dhcp_tmp; 446 447 for (dhcp_tmp = daemon->dhcp; dhcp_tmp; dhcp_tmp = dhcp_tmp->next) { 448 prettyprint_time(daemon->dhcp_buff2, dhcp_tmp->lease_time); 449 strcpy(daemon->dhcp_buff, inet_ntoa(dhcp_tmp->start)); 450 my_syslog(MS_DHCP | LOG_INFO, 451 (dhcp_tmp->flags & CONTEXT_STATIC) 452 ? _("DHCP, static leases only on %.0s%s, lease time %s") 453 : (dhcp_tmp->flags & CONTEXT_PROXY) 454 ? _("DHCP, proxy on subnet %.0s%s%.0s") 455 : _("DHCP, IP range %s -- %s, lease time %s"), 456 daemon->dhcp_buff, inet_ntoa(dhcp_tmp->end), daemon->dhcp_buff2); 457 } 458 } 459 #endif 460 461 /* finished start-up - release original process */ 462 if (err_pipe[1] != -1) close(err_pipe[1]); 463 464 if (daemon->port != 0) check_servers(); 465 466 pid = getpid(); 467 468 while (1) { 469 int maxfd = -1; 470 struct timeval t, *tp = NULL; 471 fd_set rset, wset, eset; 472 473 FD_ZERO(&rset); 474 FD_ZERO(&wset); 475 FD_ZERO(&eset); 476 477 /* if we are out of resources, find how long we have to wait 478 for some to come free, we'll loop around then and restart 479 listening for queries */ 480 if ((t.tv_sec = set_dns_listeners(now, &rset, &maxfd)) != 0) { 481 t.tv_usec = 0; 482 tp = &t; 483 } 484 #ifdef __ANDROID__ 485 set_android_listeners(&rset, &maxfd); 486 #endif 487 488 #ifdef HAVE_DHCP 489 if (daemon->dhcp) { 490 FD_SET(daemon->dhcpfd, &rset); 491 bump_maxfd(daemon->dhcpfd, &maxfd); 492 } 493 #endif 494 495 #ifdef HAVE_LINUX_NETWORK 496 FD_SET(daemon->netlinkfd, &rset); 497 bump_maxfd(daemon->netlinkfd, &maxfd); 498 #endif 499 500 FD_SET(piperead, &rset); 501 bump_maxfd(piperead, &maxfd); 502 503 #ifdef HAVE_DHCP 504 #ifdef HAVE_SCRIPT 505 while (helper_buf_empty() && do_script_run(now)) 506 ; 507 508 if (!helper_buf_empty()) { 509 FD_SET(daemon->helperfd, &wset); 510 bump_maxfd(daemon->helperfd, &maxfd); 511 } 512 #else 513 /* need this for other side-effects */ 514 while (do_script_run(now)) 515 ; 516 #endif 517 #endif 518 519 /* must do this just before select(), when we know no 520 more calls to my_syslog() can occur */ 521 set_log_writer(&wset, &maxfd); 522 523 if (select(maxfd + 1, &rset, &wset, &eset, tp) < 0) { 524 /* otherwise undefined after error */ 525 FD_ZERO(&rset); 526 FD_ZERO(&wset); 527 FD_ZERO(&eset); 528 } 529 530 now = dnsmasq_time(); 531 532 check_log_writer(&wset); 533 534 /* Check for changes to resolv files once per second max. */ 535 /* Don't go silent for long periods if the clock goes backwards. */ 536 if (daemon->last_resolv == 0 || difftime(now, daemon->last_resolv) > 1.0 || 537 difftime(now, daemon->last_resolv) < -1.0) { 538 daemon->last_resolv = now; 539 540 if (daemon->port != 0 && !(daemon->options & OPT_NO_POLL)) poll_resolv(); 541 } 542 543 if (FD_ISSET(piperead, &rset)) async_event(piperead, now); 544 545 #ifdef HAVE_LINUX_NETWORK 546 if (FD_ISSET(daemon->netlinkfd, &rset)) netlink_multicast(); 547 #endif 548 549 #ifdef __ANDROID__ 550 check_android_listeners(&rset); 551 #endif 552 553 check_dns_listeners(&rset, now); 554 555 #ifdef HAVE_DHCP 556 if (daemon->dhcp && FD_ISSET(daemon->dhcpfd, &rset)) dhcp_packet(now); 557 558 #ifdef HAVE_SCRIPT 559 if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset)) helper_write(); 560 #endif 561 #endif 562 } 563 } 564 565 static void sig_handler(int sig) { 566 if (pid == 0) { 567 /* ignore anything other than TERM during startup 568 and in helper proc. (helper ignore TERM too) */ 569 if (sig == SIGTERM) exit(EC_MISC); 570 } else if (pid != getpid()) { 571 /* alarm is used to kill TCP children after a fixed time. */ 572 if (sig == SIGALRM) _exit(0); 573 } else { 574 /* master process */ 575 const int errsave = errno; 576 int event; 577 578 if (sig == SIGHUP) 579 event = EVENT_RELOAD; 580 else if (sig == SIGCHLD) 581 event = EVENT_CHILD; 582 else if (sig == SIGALRM) 583 event = EVENT_ALARM; 584 else if (sig == SIGTERM) 585 event = EVENT_TERM; 586 else if (sig == SIGUSR1) 587 event = EVENT_DUMP; 588 else if (sig == SIGUSR2) 589 event = EVENT_REOPEN; 590 else 591 return; 592 593 send_event(pipewrite, event, 0); 594 errno = errsave; 595 } 596 } 597 598 void send_event(int fd, int event, int data) { 599 struct event_desc ev; 600 601 ev.event = event; 602 ev.data = data; 603 604 /* error pipe, debug mode. */ 605 if (fd == -1) 606 fatal_event(&ev); 607 else 608 /* pipe is non-blocking and struct event_desc is smaller than 609 PIPE_BUF, so this either fails or writes everything */ 610 while (write(fd, &ev, sizeof(ev)) == -1 && errno == EINTR) 611 ; 612 } 613 614 static void fatal_event(struct event_desc* ev) { 615 errno = ev->data; 616 617 switch (ev->event) { 618 case EVENT_DIE: 619 exit(0); 620 621 case EVENT_FORK_ERR: 622 die(_("cannot fork into background: %s"), NULL, EC_MISC); 623 624 case EVENT_PIPE_ERR: 625 die(_("failed to create helper: %s"), NULL, EC_MISC); 626 627 case EVENT_CAP_ERR: 628 die(_("setting capabilities failed: %s"), NULL, EC_MISC); 629 630 case EVENT_USER_ERR: 631 case EVENT_HUSER_ERR: 632 die(_("failed to change user-id to %s: %s"), 633 ev->event == EVENT_USER_ERR ? daemon->username : daemon->scriptuser, EC_MISC); 634 635 case EVENT_GROUP_ERR: 636 die(_("failed to change group-id to %s: %s"), daemon->groupname, EC_MISC); 637 638 case EVENT_PIDFILE: 639 die(_("failed to open pidfile %s: %s"), daemon->runfile, EC_FILE); 640 641 case EVENT_LOG_ERR: 642 die(_("cannot open %s: %s"), daemon->log_file ? daemon->log_file : "log", EC_FILE); 643 } 644 } 645 646 static void async_event(int pipe, time_t now) { 647 pid_t p; 648 struct event_desc ev; 649 int i; 650 651 if (read_write(pipe, (unsigned char*) &ev, sizeof(ev), 1)) switch (ev.event) { 652 case EVENT_RELOAD: 653 clear_cache_and_reload(now); 654 if (daemon->port != 0 && daemon->resolv_files && (daemon->options & OPT_NO_POLL)) { 655 reload_servers(daemon->resolv_files->name); 656 check_servers(); 657 } 658 #ifdef HAVE_DHCP 659 rerun_scripts(); 660 #endif 661 break; 662 663 case EVENT_DUMP: 664 if (daemon->port != 0) dump_cache(now); 665 break; 666 667 case EVENT_ALARM: 668 #ifdef HAVE_DHCP 669 if (daemon->dhcp) { 670 lease_prune(NULL, now); 671 lease_update_file(now); 672 } 673 #endif 674 break; 675 676 case EVENT_CHILD: 677 /* See Stevens 5.10 */ 678 while ((p = waitpid(-1, NULL, WNOHANG)) != 0) 679 if (p == -1) { 680 if (errno != EINTR) break; 681 } else 682 for (i = 0; i < MAX_PROCS; i++) 683 if (daemon->tcp_pids[i] == p) daemon->tcp_pids[i] = 0; 684 break; 685 686 case EVENT_KILLED: 687 my_syslog(LOG_WARNING, _("child process killed by signal %d"), ev.data); 688 break; 689 690 case EVENT_EXITED: 691 my_syslog(LOG_WARNING, _("child process exited with status %d"), ev.data); 692 break; 693 694 case EVENT_EXEC_ERR: 695 my_syslog(LOG_ERR, _("failed to execute %s: %s"), daemon->lease_change_command, 696 strerror(ev.data)); 697 break; 698 699 /* necessary for fatal errors in helper */ 700 case EVENT_HUSER_ERR: 701 case EVENT_DIE: 702 fatal_event(&ev); 703 break; 704 705 case EVENT_REOPEN: 706 /* Note: this may leave TCP-handling processes with the old file still open. 707 Since any such process will die in CHILD_LIFETIME or probably much sooner, 708 we leave them logging to the old file. */ 709 if (daemon->log_file != NULL) log_reopen(daemon->log_file); 710 break; 711 712 case EVENT_TERM: 713 /* Knock all our children on the head. */ 714 for (i = 0; i < MAX_PROCS; i++) 715 if (daemon->tcp_pids[i] != 0) kill(daemon->tcp_pids[i], SIGALRM); 716 717 #if defined(HAVE_DHCP) && defined(HAVE_SCRIPT) 718 /* handle pending lease transitions */ 719 if (daemon->helperfd != -1) { 720 /* block in writes until all done */ 721 if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1) 722 fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK); 723 do { 724 helper_write(); 725 } while (!helper_buf_empty() || do_script_run(now)); 726 close(daemon->helperfd); 727 } 728 #endif 729 730 if (daemon->lease_stream) fclose(daemon->lease_stream); 731 732 if (daemon->runfile) unlink(daemon->runfile); 733 734 my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM")); 735 flush_log(); 736 exit(EC_GOOD); 737 } 738 } 739 740 static void poll_resolv() { 741 struct resolvc *res, *latest; 742 struct stat statbuf; 743 time_t last_change = 0; 744 /* There may be more than one possible file. 745 Go through and find the one which changed _last_. 746 Warn of any which can't be read. */ 747 for (latest = NULL, res = daemon->resolv_files; res; res = res->next) 748 if (stat(res->name, &statbuf) == -1) { 749 if (!res->logged) 750 my_syslog(LOG_WARNING, _("failed to access %s: %s"), res->name, strerror(errno)); 751 res->logged = 1; 752 } else { 753 res->logged = 0; 754 if (statbuf.st_mtime != res->mtime) { 755 res->mtime = statbuf.st_mtime; 756 if (difftime(statbuf.st_mtime, last_change) > 0.0) { 757 last_change = statbuf.st_mtime; 758 latest = res; 759 } 760 } 761 } 762 763 if (latest) { 764 static int warned = 0; 765 if (reload_servers(latest->name)) { 766 my_syslog(LOG_INFO, _("reading %s"), latest->name); 767 warned = 0; 768 check_servers(); 769 if (daemon->options & OPT_RELOAD) cache_reload(); 770 } else { 771 latest->mtime = 0; 772 if (!warned) { 773 my_syslog(LOG_WARNING, _("no servers found in %s, will retry"), latest->name); 774 warned = 1; 775 } 776 } 777 } 778 } 779 780 void clear_cache_and_reload(time_t now) { 781 if (daemon->port != 0) cache_reload(); 782 783 #ifdef HAVE_DHCP 784 if (daemon->dhcp) { 785 reread_dhcp(); 786 dhcp_update_configs(daemon->dhcp_conf); 787 check_dhcp_hosts(0); 788 lease_update_from_configs(); 789 lease_update_file(now); 790 lease_update_dns(); 791 } 792 #endif 793 } 794 795 #ifdef __ANDROID__ 796 797 static int set_android_listeners(fd_set* set, int* maxfdp) { 798 FD_SET(STDIN_FILENO, set); 799 bump_maxfd(STDIN_FILENO, maxfdp); 800 return 0; 801 } 802 803 static int check_android_listeners(fd_set* set) { 804 int retcode = 0; 805 if (FD_ISSET(STDIN_FILENO, set)) { 806 char buffer[1024]; 807 int rc; 808 int consumed = 0; 809 810 if ((rc = read(STDIN_FILENO, buffer, sizeof(buffer) - 1)) < 0) { 811 my_syslog(LOG_ERR, _("Error reading from stdin (%s)"), strerror(errno)); 812 return -1; 813 } 814 buffer[rc] = '\0'; 815 while (consumed < rc) { 816 char* cmd; 817 char* current_cmd = &buffer[consumed]; 818 char* params = current_cmd; 819 int len = strlen(current_cmd); 820 821 cmd = strsep(¶ms, "|"); 822 if (!strcmp(cmd, "update_dns")) { 823 if (params != NULL) { 824 set_servers(params); 825 check_servers(); 826 } else { 827 my_syslog(LOG_ERR, _("Misformatted msg '%s'"), current_cmd); 828 retcode = -1; 829 } 830 } else if (!strcmp(cmd, "update_ifaces")) { 831 if (params != NULL) { 832 set_interfaces(params); 833 } else { 834 my_syslog(LOG_ERR, _("Misformatted msg '%s'"), current_cmd); 835 retcode = -1; 836 } 837 } else { 838 my_syslog(LOG_ERR, _("Unknown cmd '%s'"), cmd); 839 retcode = -1; 840 } 841 consumed += len + 1; 842 } 843 } 844 return retcode; 845 } 846 #endif 847 848 static int set_dns_listeners(time_t now, fd_set* set, int* maxfdp) { 849 struct serverfd* serverfdp; 850 struct listener* listener; 851 int wait = 0, i; 852 853 /* will we be able to get memory? */ 854 if (daemon->port != 0) get_new_frec(now, &wait); 855 856 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next) { 857 FD_SET(serverfdp->fd, set); 858 bump_maxfd(serverfdp->fd, maxfdp); 859 } 860 861 if (daemon->port != 0 && !daemon->osport) 862 for (i = 0; i < RANDOM_SOCKS; i++) 863 if (daemon->randomsocks[i].refcount != 0) { 864 FD_SET(daemon->randomsocks[i].fd, set); 865 bump_maxfd(daemon->randomsocks[i].fd, maxfdp); 866 } 867 868 for (listener = daemon->listeners; listener; listener = listener->next) { 869 /* only listen for queries if we have resources */ 870 if (listener->fd != -1 && wait == 0) { 871 FD_SET(listener->fd, set); 872 bump_maxfd(listener->fd, maxfdp); 873 } 874 875 /* death of a child goes through the select loop, so 876 we don't need to explicitly arrange to wake up here */ 877 if (listener->tcpfd != -1) 878 for (i = 0; i < MAX_PROCS; i++) 879 if (daemon->tcp_pids[i] == 0) { 880 FD_SET(listener->tcpfd, set); 881 bump_maxfd(listener->tcpfd, maxfdp); 882 break; 883 } 884 } 885 886 return wait; 887 } 888 889 static void check_dns_listeners(fd_set* set, time_t now) { 890 struct serverfd* serverfdp; 891 struct listener* listener; 892 int i; 893 894 for (serverfdp = daemon->sfds; serverfdp; serverfdp = serverfdp->next) 895 if (FD_ISSET(serverfdp->fd, set)) 896 reply_query(serverfdp->fd, serverfdp->source_addr.sa.sa_family, now); 897 898 if (daemon->port != 0 && !daemon->osport) 899 for (i = 0; i < RANDOM_SOCKS; i++) 900 if (daemon->randomsocks[i].refcount != 0 && FD_ISSET(daemon->randomsocks[i].fd, set)) 901 reply_query(daemon->randomsocks[i].fd, daemon->randomsocks[i].family, now); 902 903 for (listener = daemon->listeners; listener; listener = listener->next) { 904 if (listener->fd != -1 && FD_ISSET(listener->fd, set)) receive_query(listener, now); 905 906 if (listener->tcpfd != -1 && FD_ISSET(listener->tcpfd, set)) { 907 int confd; 908 struct irec* iface = NULL; 909 pid_t p; 910 911 while ((confd = accept(listener->tcpfd, NULL, NULL)) == -1 && errno == EINTR) 912 ; 913 914 if (confd == -1) continue; 915 916 if (daemon->options & OPT_NOWILD) 917 iface = listener->iface; 918 else { 919 union mysockaddr tcp_addr; 920 socklen_t tcp_len = sizeof(union mysockaddr); 921 /* Check for allowed interfaces when binding the wildcard address: 922 we do this by looking for an interface with the same address as 923 the local address of the TCP connection, then looking to see if that's 924 an allowed interface. As a side effect, we get the netmask of the 925 interface too, for localisation. */ 926 927 /* interface may be new since startup */ 928 if (enumerate_interfaces() && 929 getsockname(confd, (struct sockaddr*) &tcp_addr, &tcp_len) != -1) 930 for (iface = daemon->interfaces; iface; iface = iface->next) 931 if (sockaddr_isequal(&iface->addr, &tcp_addr)) break; 932 } 933 934 if (!iface) { 935 shutdown(confd, SHUT_RDWR); 936 close(confd); 937 } 938 #ifndef NO_FORK 939 else if (!(daemon->options & OPT_DEBUG) && (p = fork()) != 0) { 940 if (p != -1) { 941 int i; 942 for (i = 0; i < MAX_PROCS; i++) 943 if (daemon->tcp_pids[i] == 0) { 944 daemon->tcp_pids[i] = p; 945 break; 946 } 947 } 948 close(confd); 949 } 950 #endif 951 else { 952 unsigned char* buff; 953 struct server* s; 954 int flags; 955 struct in_addr dst_addr_4; 956 957 dst_addr_4.s_addr = 0; 958 959 /* Arrange for SIGALARM after CHILD_LIFETIME seconds to 960 terminate the process. */ 961 if (!(daemon->options & OPT_DEBUG)) alarm(CHILD_LIFETIME); 962 963 /* start with no upstream connections. */ 964 for (s = daemon->servers; s; s = s->next) s->tcpfd = -1; 965 966 /* The connected socket inherits non-blocking 967 attribute from the listening socket. 968 Reset that here. */ 969 if ((flags = fcntl(confd, F_GETFL, 0)) != -1) 970 fcntl(confd, F_SETFL, flags & ~O_NONBLOCK); 971 972 if (listener->family == AF_INET) dst_addr_4 = iface->addr.in.sin_addr; 973 974 buff = tcp_request(confd, now, dst_addr_4, iface->netmask); 975 976 shutdown(confd, SHUT_RDWR); 977 close(confd); 978 979 if (buff) free(buff); 980 981 for (s = daemon->servers; s; s = s->next) 982 if (s->tcpfd != -1) { 983 shutdown(s->tcpfd, SHUT_RDWR); 984 close(s->tcpfd); 985 } 986 #ifndef NO_FORK 987 if (!(daemon->options & OPT_DEBUG)) { 988 flush_log(); 989 _exit(0); 990 } 991 #endif 992 } 993 } 994 } 995 } 996 997 #ifdef HAVE_DHCP 998 int make_icmp_sock(void) { 999 int fd; 1000 int zeroopt = 0; 1001 1002 if ((fd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1) { 1003 if (!fix_fd(fd) || 1004 setsockopt(fd, SOL_SOCKET, SO_DONTROUTE, &zeroopt, sizeof(zeroopt)) == -1) { 1005 close(fd); 1006 fd = -1; 1007 } 1008 } 1009 1010 return fd; 1011 } 1012 1013 int icmp_ping(struct in_addr addr) { 1014 /* Try and get an ICMP echo from a machine. */ 1015 1016 /* Note that whilst in the three second wait, we check for 1017 (and service) events on the DNS sockets, (so doing that 1018 better not use any resources our caller has in use...) 1019 but we remain deaf to signals or further DHCP packets. */ 1020 1021 int fd; 1022 struct sockaddr_in saddr; 1023 struct { 1024 struct ip ip; 1025 struct icmp icmp; 1026 } packet; 1027 unsigned short id = rand16(); 1028 unsigned int i, j; 1029 int gotreply = 0; 1030 time_t start, now; 1031 1032 #if defined(HAVE_LINUX_NETWORK) 1033 if ((fd = make_icmp_sock()) == -1) return 0; 1034 #else 1035 int opt = 2000; 1036 fd = daemon->dhcp_icmp_fd; 1037 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt)); 1038 #endif 1039 1040 saddr.sin_family = AF_INET; 1041 saddr.sin_port = 0; 1042 saddr.sin_addr = addr; 1043 1044 memset(&packet.icmp, 0, sizeof(packet.icmp)); 1045 packet.icmp.icmp_type = ICMP_ECHO; 1046 packet.icmp.icmp_id = id; 1047 for (j = 0, i = 0; i < sizeof(struct icmp) / 2; i++) j += ((u16*) &packet.icmp)[i]; 1048 while (j >> 16) j = (j & 0xffff) + (j >> 16); 1049 packet.icmp.icmp_cksum = (j == 0xffff) ? j : ~j; 1050 1051 while (sendto(fd, (char*) &packet.icmp, sizeof(struct icmp), 0, (struct sockaddr*) &saddr, 1052 sizeof(saddr)) == -1 && 1053 retry_send()) 1054 ; 1055 1056 for (now = start = dnsmasq_time(); difftime(now, start) < (float) PING_WAIT;) { 1057 struct timeval tv; 1058 fd_set rset, wset; 1059 struct sockaddr_in faddr; 1060 int maxfd = fd; 1061 socklen_t len = sizeof(faddr); 1062 1063 tv.tv_usec = 250000; 1064 tv.tv_sec = 0; 1065 1066 FD_ZERO(&rset); 1067 FD_ZERO(&wset); 1068 FD_SET(fd, &rset); 1069 set_dns_listeners(now, &rset, &maxfd); 1070 set_log_writer(&wset, &maxfd); 1071 1072 if (select(maxfd + 1, &rset, &wset, NULL, &tv) < 0) { 1073 FD_ZERO(&rset); 1074 FD_ZERO(&wset); 1075 } 1076 1077 now = dnsmasq_time(); 1078 1079 check_log_writer(&wset); 1080 check_dns_listeners(&rset, now); 1081 1082 if (FD_ISSET(fd, &rset) && 1083 recvfrom(fd, &packet, sizeof(packet), 0, (struct sockaddr*) &faddr, &len) == 1084 sizeof(packet) && 1085 saddr.sin_addr.s_addr == faddr.sin_addr.s_addr && 1086 packet.icmp.icmp_type == ICMP_ECHOREPLY && packet.icmp.icmp_seq == 0 && 1087 packet.icmp.icmp_id == id) { 1088 gotreply = 1; 1089 break; 1090 } 1091 } 1092 1093 #if defined(HAVE_LINUX_NETWORK) 1094 close(fd); 1095 #else 1096 opt = 1; 1097 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt)); 1098 #endif 1099 1100 return gotreply; 1101 } 1102 #endif 1103
