static void read_configuration(void)
{
Conf_init( Config_file, My_name );
Cn = Conf();
My = Conf_my();
Alarm_clear_types(ALL);
Alarm_set_types(PRINT | EXIT );
}
int main(int argc, char *argv[])
{
#ifdef ARCH_PC_WIN95
int ret;
#endif
#ifndef ARCH_PC_WIN95
struct group *grp;
struct passwd *pwd;
#endif
Alarm_set_types( CONF_SYS );
Alarm_set_priority( SPLOG_INFO );
Alarmp( SPLOG_PRINT, SYSTEM, "/===========================================================================\\\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| The Spread Toolkit. |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| Copyright (c) 1993-2013 Spread Concepts LLC |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| All rights reserved. |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| The Spread toolkit is licensed under the Spread Open-Source License. |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| You may only use this software in compliance with the License. |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| A copy of the license can be found at http://www.spread.org/license |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| This product uses software developed by Spread Concepts LLC for use |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| in the Spread toolkit. For more information about Spread, |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| see http://www.spread.org |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| This software is distributed on an \"AS IS\" basis, WITHOUT WARRANTY OF |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| ANY KIND, either express or implied. |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| Creators: |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| Yair Amir [email protected] |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| Michal Miskin-Amir [email protected] |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| Jonathan Stanton [email protected] |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| John Schultz [email protected] |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| Major Contributors: |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| Ryan Caudy [email protected] - contribution to process groups.|\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| Claudiu Danilov [email protected] - scalable, wide-area support. |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| Cristina Nita-Rotaru [email protected] - GC security. |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| Theo Schlossnagle [email protected] - Perl, autoconf, old skiplist. |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| Dan Schoenblum [email protected] - Java interface. |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| Special thanks to the following for discussions and ideas: |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| Ken Birman, Danny Dolev, Jacob Green, Mike Goodrich, Ben Laurie, |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| David Shaw, Gene Tsudik, Robbert VanRenesse. |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| Partial funding provided by the Defense Advanced Research Project Agency |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| (DARPA) and the National Security Agency (NSA) 2000-2004. The Spread |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| toolkit is not necessarily endorsed by DARPA or the NSA. |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| For a full list of contributors, see Readme.txt in the distribution. |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| WWW: www.spread.org www.spreadconcepts.com |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| Contact: [email protected] |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| |\n");
Alarmp( SPLOG_PRINT, SYSTEM, "| Version %d.%02d.%02d Built %-17s |\n",
(int)SP_MAJOR_VERSION, (int)SP_MINOR_VERSION, (int)SP_PATCH_VERSION, Spread_build_date );
Alarmp( SPLOG_PRINT, SYSTEM, "\\===========================================================================/\n");
Usage( argc, argv );
#ifdef ARCH_PC_WIN95
ret = WSAStartup( MAKEWORD(1,1), &WSAData );
if( ret != 0 )
Alarmp( SPLOG_FATAL, NETWORK, "Spread: winsock initialization error %d\n", ret );
#endif /* ARCH_PC_WIN95 */
/* initialize each valid authentication protocol */
null_init();
ip_init();
#ifdef ENABLE_PASSWORD
pword_init();
#endif
permit_init();
/* Initialize Access Control & Authentication */
Acm_init();
Conf_init( Config_file, My_name );
E_init();
#ifndef ARCH_PC_WIN95
/* Verify that unix socket dir is safe if runing as root user */
if (geteuid() == (uid_t) 0) {
struct stat usock_stat;
Alarmp( SPLOG_INFO, SECURITY, "Spread is running as root so check file locations\n");
if (stat( SP_UNIX_SOCKET, &usock_stat)) {
Alarmp( SPLOG_FATAL, SECURITY, "Spread unable to stat the unix domain socket dir (%s). Please verify the selected directory and restart the daemon\n", SP_UNIX_SOCKET );
exit( 0 );
}
if ( (usock_stat.st_mode & S_IWOTH) || !(usock_stat.st_uid == (uid_t) 0) )
Alarmp( SPLOG_WARNING, PRINT, "Spread: SECURITY RISK! running as root, but unix domain socket is not in a root-only writable directory. May risk denial of service or malicious deletion of unexpected file in directory: %s\n", SP_UNIX_SOCKET );
}
#endif
Sess_init();
Stat_init();
if( Log ) Log_init();
#ifndef ARCH_PC_WIN95
/* Yupp, we're paranoid */
if (geteuid() != (uid_t) 0) {
Alarmp( SPLOG_WARNING, SECURITY, "Spread: not running as root, won't chroot\n" );
}
else if ( (grp = getgrnam(Conf_get_group())) == NULL
|| (pwd = getpwnam(Conf_get_user())) == NULL ) {
Invalid_privilege_decrease(Conf_get_user(), Conf_get_group());
}
else if (chdir(Conf_get_runtime_dir()) < 0
|| chroot(Conf_get_runtime_dir()) < 0 ) {
Alarmp( SPLOG_FATAL, SECURITY, "Spread: FAILED chroot to '%s'\n",
Conf_get_runtime_dir() );
}
else if ( setgroups(1, &grp->gr_gid) < 0
|| setgid(grp->gr_gid) < 0
|| setuid(pwd->pw_uid) < 0) {
Invalid_privilege_decrease(Conf_get_user(), Conf_get_group());
} else {
Alarmp( SPLOG_INFO, SECURITY, "Spread: setugid and chroot successeful\n" );
}
#endif /* ARCH_PC_WIN95 */
E_handle_events();
return 0;
}
int main(int argc, char **argv)
{
bool_t nodaemon = false;
#ifdef POSIX_PRIORITY_SCHEDULING
bool_t realtime = false;
#endif
bool_t testconfig = false;
char *conffile = NULL, *pidfile = NULL;
int c;
struct utsname utsbuf;
/* Arguments */
#ifdef POSIX_PRIORITY_SCHEDULING
while ((c = getopt(argc, argv, "drp:c:a:A:b:B:ht")) != EOF) {
#else
while ((c = getopt(argc, argv, "dp:c:a:A:b:B:ht")) != EOF) {
#endif
switch(c) {
case 'c':
conffile = optarg;
break;
case 'p':
pidfile = optarg;
break;
case 'a':
bindaddr = optarg;
break;
case 'A':
bindaddr6 = optarg;
break;
case 'b':
bindport = atoi(optarg);
break;
case 'B':
bindport6 = atoi(optarg);
break;
case 'd':
nodaemon = true;
break;
case 'h':
printhelp();
break;
case 't':
testconfig = true;
break;
#ifdef POSIX_PRIORITY_SCHEDULING
case 'r':
realtime = true;
break;
#endif
default:
fprintf(stderr, "Unrecognized option\n");
printhelp();
break;
}
}
if (testconfig) {
if (!Conf_ok(conffile))
exit(1);
else
exit(0);
}
/* Initialize the config subsystem early;
* switch_user() will need to read some config variables as well as logging.
*/
Conf_init(conffile);
/* Logging to terminal if not daemonizing, otherwise to syslog or log file.
*/
if (!nodaemon) {
daemonize();
Log_init(false);
if (pidfile != NULL)
lockfile(pidfile);
switch_user();
/* Reopen log file. If user switch results in access denied, we catch
* it early.
*/
Log_reset();
}
else Log_init(true);
signal(SIGCHLD, SIG_IGN); /* ignore child */
signal(SIGTSTP, SIG_IGN); /* ignore tty signals */
signal(SIGTTOU, SIG_IGN);
signal(SIGTTIN, SIG_IGN);
signal(SIGPIPE, SIG_IGN);
signal(SIGHUP, signal_handler); /* catch hangup signal */
signal(SIGTERM, signal_handler); /* catch kill signal */
/* Build system string */
if (uname(&utsbuf) == 0) {
snprintf(system_string, 64, "%s %s", utsbuf.sysname, utsbuf.machine);
snprintf(version_string, 64, "%s", utsbuf.release);
}
else {
snprintf(system_string, 64, "unknown unknown");
snprintf(version_string, 64, "unknown");
}
/* Initializing */
SSLi_init();
Chan_init();
Client_init();
Ban_init();
#ifdef USE_SHAREDMEMORY_API
Sharedmemory_init( bindport, bindport6 );
#endif
#ifdef POSIX_PRIORITY_SCHEDULING
if (realtime)
setscheduler();
#endif
Server_run();
#ifdef USE_SHAREDMEMORY_API
Sharedmemory_deinit();
#endif
Ban_deinit();
SSLi_deinit();
Chan_free();
Log_free();
Conf_deinit();
if (pidfile != NULL)
unlink(pidfile);
return 0;
}
