static void read_configuration(void) { Conf_init( Config_file, My_name ); Cn = Conf(); My = Conf_my(); Alarm_clear_types(ALL); Alarm_set_types(PRINT | EXIT ); }
int main(int argc, char *argv[]) { #ifdef ARCH_PC_WIN95 int ret; #endif #ifndef ARCH_PC_WIN95 struct group *grp; struct passwd *pwd; #endif Alarm_set_types( CONF_SYS ); Alarm_set_priority( SPLOG_INFO ); Alarmp( SPLOG_PRINT, SYSTEM, "/===========================================================================\\\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| The Spread Toolkit. |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| Copyright (c) 1993-2013 Spread Concepts LLC |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| All rights reserved. |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| The Spread toolkit is licensed under the Spread Open-Source License. |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| You may only use this software in compliance with the License. |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| A copy of the license can be found at http://www.spread.org/license |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| This product uses software developed by Spread Concepts LLC for use |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| in the Spread toolkit. For more information about Spread, |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| see http://www.spread.org |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| This software is distributed on an \"AS IS\" basis, WITHOUT WARRANTY OF |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| ANY KIND, either express or implied. |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| Creators: |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| Yair Amir [email protected] |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| Michal Miskin-Amir [email protected] |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| Jonathan Stanton [email protected] |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| John Schultz [email protected] |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| Major Contributors: |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| Ryan Caudy [email protected] - contribution to process groups.|\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| Claudiu Danilov [email protected] - scalable, wide-area support. |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| Cristina Nita-Rotaru [email protected] - GC security. |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| Theo Schlossnagle [email protected] - Perl, autoconf, old skiplist. |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| Dan Schoenblum [email protected] - Java interface. |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| Special thanks to the following for discussions and ideas: |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| Ken Birman, Danny Dolev, Jacob Green, Mike Goodrich, Ben Laurie, |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| David Shaw, Gene Tsudik, Robbert VanRenesse. |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| Partial funding provided by the Defense Advanced Research Project Agency |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| (DARPA) and the National Security Agency (NSA) 2000-2004. The Spread |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| toolkit is not necessarily endorsed by DARPA or the NSA. |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| For a full list of contributors, see Readme.txt in the distribution. |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| WWW: www.spread.org www.spreadconcepts.com |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| Contact: [email protected] |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| |\n"); Alarmp( SPLOG_PRINT, SYSTEM, "| Version %d.%02d.%02d Built %-17s |\n", (int)SP_MAJOR_VERSION, (int)SP_MINOR_VERSION, (int)SP_PATCH_VERSION, Spread_build_date ); Alarmp( SPLOG_PRINT, SYSTEM, "\\===========================================================================/\n"); Usage( argc, argv ); #ifdef ARCH_PC_WIN95 ret = WSAStartup( MAKEWORD(1,1), &WSAData ); if( ret != 0 ) Alarmp( SPLOG_FATAL, NETWORK, "Spread: winsock initialization error %d\n", ret ); #endif /* ARCH_PC_WIN95 */ /* initialize each valid authentication protocol */ null_init(); ip_init(); #ifdef ENABLE_PASSWORD pword_init(); #endif permit_init(); /* Initialize Access Control & Authentication */ Acm_init(); Conf_init( Config_file, My_name ); E_init(); #ifndef ARCH_PC_WIN95 /* Verify that unix socket dir is safe if runing as root user */ if (geteuid() == (uid_t) 0) { struct stat usock_stat; Alarmp( SPLOG_INFO, SECURITY, "Spread is running as root so check file locations\n"); if (stat( SP_UNIX_SOCKET, &usock_stat)) { Alarmp( SPLOG_FATAL, SECURITY, "Spread unable to stat the unix domain socket dir (%s). Please verify the selected directory and restart the daemon\n", SP_UNIX_SOCKET ); exit( 0 ); } if ( (usock_stat.st_mode & S_IWOTH) || !(usock_stat.st_uid == (uid_t) 0) ) Alarmp( SPLOG_WARNING, PRINT, "Spread: SECURITY RISK! running as root, but unix domain socket is not in a root-only writable directory. May risk denial of service or malicious deletion of unexpected file in directory: %s\n", SP_UNIX_SOCKET ); } #endif Sess_init(); Stat_init(); if( Log ) Log_init(); #ifndef ARCH_PC_WIN95 /* Yupp, we're paranoid */ if (geteuid() != (uid_t) 0) { Alarmp( SPLOG_WARNING, SECURITY, "Spread: not running as root, won't chroot\n" ); } else if ( (grp = getgrnam(Conf_get_group())) == NULL || (pwd = getpwnam(Conf_get_user())) == NULL ) { Invalid_privilege_decrease(Conf_get_user(), Conf_get_group()); } else if (chdir(Conf_get_runtime_dir()) < 0 || chroot(Conf_get_runtime_dir()) < 0 ) { Alarmp( SPLOG_FATAL, SECURITY, "Spread: FAILED chroot to '%s'\n", Conf_get_runtime_dir() ); } else if ( setgroups(1, &grp->gr_gid) < 0 || setgid(grp->gr_gid) < 0 || setuid(pwd->pw_uid) < 0) { Invalid_privilege_decrease(Conf_get_user(), Conf_get_group()); } else { Alarmp( SPLOG_INFO, SECURITY, "Spread: setugid and chroot successeful\n" ); } #endif /* ARCH_PC_WIN95 */ E_handle_events(); return 0; }
int main(int argc, char **argv) { bool_t nodaemon = false; #ifdef POSIX_PRIORITY_SCHEDULING bool_t realtime = false; #endif bool_t testconfig = false; char *conffile = NULL, *pidfile = NULL; int c; struct utsname utsbuf; /* Arguments */ #ifdef POSIX_PRIORITY_SCHEDULING while ((c = getopt(argc, argv, "drp:c:a:A:b:B:ht")) != EOF) { #else while ((c = getopt(argc, argv, "dp:c:a:A:b:B:ht")) != EOF) { #endif switch(c) { case 'c': conffile = optarg; break; case 'p': pidfile = optarg; break; case 'a': bindaddr = optarg; break; case 'A': bindaddr6 = optarg; break; case 'b': bindport = atoi(optarg); break; case 'B': bindport6 = atoi(optarg); break; case 'd': nodaemon = true; break; case 'h': printhelp(); break; case 't': testconfig = true; break; #ifdef POSIX_PRIORITY_SCHEDULING case 'r': realtime = true; break; #endif default: fprintf(stderr, "Unrecognized option\n"); printhelp(); break; } } if (testconfig) { if (!Conf_ok(conffile)) exit(1); else exit(0); } /* Initialize the config subsystem early; * switch_user() will need to read some config variables as well as logging. */ Conf_init(conffile); /* Logging to terminal if not daemonizing, otherwise to syslog or log file. */ if (!nodaemon) { daemonize(); Log_init(false); if (pidfile != NULL) lockfile(pidfile); switch_user(); /* Reopen log file. If user switch results in access denied, we catch * it early. */ Log_reset(); } else Log_init(true); signal(SIGCHLD, SIG_IGN); /* ignore child */ signal(SIGTSTP, SIG_IGN); /* ignore tty signals */ signal(SIGTTOU, SIG_IGN); signal(SIGTTIN, SIG_IGN); signal(SIGPIPE, SIG_IGN); signal(SIGHUP, signal_handler); /* catch hangup signal */ signal(SIGTERM, signal_handler); /* catch kill signal */ /* Build system string */ if (uname(&utsbuf) == 0) { snprintf(system_string, 64, "%s %s", utsbuf.sysname, utsbuf.machine); snprintf(version_string, 64, "%s", utsbuf.release); } else { snprintf(system_string, 64, "unknown unknown"); snprintf(version_string, 64, "unknown"); } /* Initializing */ SSLi_init(); Chan_init(); Client_init(); Ban_init(); #ifdef USE_SHAREDMEMORY_API Sharedmemory_init( bindport, bindport6 ); #endif #ifdef POSIX_PRIORITY_SCHEDULING if (realtime) setscheduler(); #endif Server_run(); #ifdef USE_SHAREDMEMORY_API Sharedmemory_deinit(); #endif Ban_deinit(); SSLi_deinit(); Chan_free(); Log_free(); Conf_deinit(); if (pidfile != NULL) unlink(pidfile); return 0; }