/**
* xmlSecOpenSSLAppShutdown:
*
* General crypto engine shutdown. This function is used
* by XMLSec command line utility and called after
* @xmlSecShutdown function.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
xmlSecOpenSSLAppShutdown(void) {
xmlSecOpenSSLAppSaveRANDFile(NULL);
RAND_cleanup();
EVP_cleanup();
#ifndef XMLSEC_NO_X509
X509_TRUST_cleanup();
#endif /* XMLSEC_NO_X509 */
ENGINE_cleanup();
CONF_modules_unload(1);
CRYPTO_cleanup_all_ex_data();
/* finally cleanup errors */
#if defined(XMLSEC_OPENSSL_110)
ERR_remove_thread_state();
#elif defined(XMLSEC_OPENSSL_100)
ERR_remove_thread_state(NULL);
#else
ERR_remove_state(0);
#endif /* defined(XMLSEC_OPENSSL_100) || defined(XMLSEC_OPENSSL_110) */
ERR_free_strings();
/* done */
return(0);
}
int main(int argc, char* argv[])
{
BIO *bout = NULL;
unsigned char rand[32];
char buff[65];
int ret, i;
time_t tm;
bout = BIO_new_fp(stdout, BIO_NOCLOSE);
// refer to bn_rand.c+146
RAND_add(&tm, sizeof tm, 0.0);
ret = RAND_bytes(rand, sizeof rand);
if( !ret )
BIO_printf(bout, "RAND_bytes error.\n");
memset(buff, 0, sizeof buff);
for(i = 0; i < sizeof rand; i++)
sprintf(buff + 2 * i, "%02x", rand[i]);
BIO_printf(bout, "%s\n", buff);
BIO_free(bout);
RAND_cleanup();
return 0;
}
void openssl_bioBS_random()
{
int size;
const char *p;
unsigned char outs[SHA_DIGEST_LENGTH + 16] = { 0 };
char buf[32], filename[COMM_LEN];
strcpy(buf, "bioBS random");
RAND_add(buf, 32, strlen(buf));
strcpy(buf, "beike2012");
RAND_seed(buf, 32);
while (1) {
if (RAND_status() == 1)
break;
else
RAND_poll();
}
p = RAND_file_name(filename, COMM_LEN);
RAND_write_file(p);
RAND_load_file(p, MAX1_LEN);
RAND_bytes(outs, sizeof(outs));
printf("\nBIO_RANDOM() = ");
for (size = 0; size < strlen((char *)&outs); size++)
printf("%.02x", outs[size]);
printf("\n");
RAND_cleanup();
}
void li_rand_cleanup (void)
{
#ifdef USE_OPENSSL_CRYPTO
RAND_cleanup();
#endif
safe_memclear(xsubi, sizeof(xsubi));
}
/**
* Stop entropy gathering
* @return TRUE if successful, FALSE if failed
*/
static int ssl_entropy_stop(void) {
RAND_cleanup();
return TRUE;
}
void libless_clean(libless_t *env) {
RAND_cleanup();
ERR_clear_error();
ERR_remove_state(0);
ERR_free_strings();
}
void crypto_release(void)
{
/* Crypto deinit functions are deprecated in openssl-1.1.0. */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
RAND_cleanup();
ERR_free_strings();
#endif
}
/** Main routine for petal */
int main(int argc, char* argv[])
{
int c;
int port = 443;
char* addr = "127.0.0.1", *key = "petal.key", *cert = "petal.pem";
#ifdef USE_WINSOCK
WSADATA wsa_data;
if((c=WSAStartup(MAKEWORD(2,2), &wsa_data)) != 0)
{ printf("WSAStartup failed\n"); exit(1); }
atexit((void (*)(void))WSACleanup);
#endif
/* parse the options */
while( (c=getopt(argc, argv, "a:c:k:hp:v")) != -1) {
switch(c) {
case 'a':
addr = optarg;
break;
case 'c':
cert = optarg;
break;
case 'k':
key = optarg;
break;
case 'p':
port = atoi(optarg);
break;
case 'v':
verb++;
break;
case '?':
case 'h':
default:
usage();
}
}
argc -= optind;
argv += optind;
if(argc != 0)
usage();
#ifdef SIGPIPE
(void)signal(SIGPIPE, SIG_IGN);
#endif
ERR_load_crypto_strings();
ERR_load_SSL_strings();
OpenSSL_add_all_algorithms();
(void)SSL_library_init();
do_service(addr, port, key, cert);
CRYPTO_cleanup_all_ex_data();
ERR_remove_state(0);
ERR_free_strings();
RAND_cleanup();
return 0;
}
~CInit()
{
// Securely erase the memory used by the PRNG
RAND_cleanup();
// Shutdown OpenSSL library multithreading support
CRYPTO_set_locking_callback(nullptr);
// Clear the set of locks now to maintain symmetry with the constructor.
ppmutexOpenSSL.reset();
}
void li_rand_cleanup (void)
{
#ifdef USE_OPENSSL_CRYPTO
#if OPENSSL_VERSION_NUMBER < 0x10100000L
RAND_cleanup();
#endif
#endif
safe_memclear(xsubi, sizeof(xsubi));
}
static int rand_cleanup(lua_State *L)
{
#if CRYPTO_OPENSSL
RAND_cleanup();
#elif CRYPTO_GCRYPT
/* not completely sure there is nothing to do here... */
#endif
return 0;
}
void
msn_ssl_deinit (void)
{
RAND_cleanup ();
CONF_modules_unload (1);
EVP_cleanup ();
CRYPTO_cleanup_all_ex_data ();
ERR_remove_state (0);
ERR_free_strings ();
}
static int luaclose_openssl(lua_State *L)
{
if(atomic_fetch_sub(&init, 1) > 1)
return 0;
#if !defined(LIBRESSL_VERSION_NUMBER)
FIPS_mode_set(0);
#endif
OBJ_cleanup();
EVP_cleanup();
ENGINE_cleanup();
RAND_cleanup();
#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
SSL_COMP_free_compression_methods();
#endif
COMP_zlib_cleanup();
#if OPENSSL_VERSION_NUMBER < 0x10000000L
ERR_remove_state(0);
#elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
ERR_remove_thread_state(NULL);
#endif
#if defined(OPENSSL_THREADS)
CRYPTO_thread_cleanup();
#endif
CRYPTO_set_locking_callback(NULL);
CRYPTO_set_id_callback(NULL);
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
CONF_modules_free();
CONF_modules_unload(1);
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
#if !(defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_FP_API))
#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10101000L
CRYPTO_mem_leaks_fp(stderr);
#else
if(CRYPTO_mem_leaks_fp(stderr)!=1)
{
fprintf(stderr,
"Please report a bug on https://github.com/zhaozg/lua-openssl."
"And if can, please provide a reproduce method and minimal code.\n"
"\n\tThank You.");
}
#endif
#endif /* OPENSSL_NO_STDIO or OPENSSL_NO_FP_API */
#endif /* OPENSSL_NO_CRYPTO_MDEBUG */
return 0;
}
unsigned char * get_random_bytes(size_t len) {
char timeseed[32];
time_t now = time(NULL);
size_t b = snprintf(timeseed,32,"%ld",now);
RAND_add(×eed[0],b,2);
unsigned char *randbytes = malloc(sizeof(unsigned char)*len);
RAND_bytes(randbytes,len);
RAND_cleanup();
return randbytes;
}
/**
* Stop SSL support library
* @return TRUE, or FALSE if an error has occured.
*/
void stop_ssl() {
if (ssl_initialized) {
int i;
ssl_initialized = FALSE;
ERR_free_strings();
CRYPTO_set_id_callback(NULL);
CRYPTO_set_locking_callback(NULL);
for (i = 0; i < CRYPTO_num_locks(); i++)
assert(pthread_mutex_destroy(&ssl_mutex_table[i]) == 0);
FREE(ssl_mutex_table);
RAND_cleanup();
}
}
:return: None\n\
";
static PyObject *
rand_cleanup(PyObject *spam, PyObject *args)
{
if (!PyArg_ParseTuple(args, ":cleanup"))
return NULL;
RAND_cleanup();
Py_INCREF(Py_None);
return Py_None;
}
void
dst__openssl_destroy() {
/*
* Sequence taken from apps_shutdown() in <apps/apps.h>.
*/
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
CONF_modules_unload(1);
#endif
EVP_cleanup();
#if defined(USE_ENGINE) && OPENSSL_VERSION_NUMBER >= 0x00907000L
ENGINE_cleanup();
#endif
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
CRYPTO_cleanup_all_ex_data();
#endif
ERR_clear_error();
ERR_free_strings();
ERR_remove_state(0);
#ifdef DNS_CRYPTO_LEAKS
CRYPTO_mem_leaks_fp(stderr);
#endif
#if 0
/*
* The old error sequence that leaked. Remove for 9.4.1 if
* there are no issues by then.
*/
ERR_clear_error();
#ifdef USE_ENGINE
if (e != NULL) {
ENGINE_free(e);
e = NULL;
}
#endif
#endif
if (rm != NULL) {
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
RAND_cleanup();
#endif
mem_free(rm);
}
if (locks != NULL) {
CRYPTO_set_locking_callback(NULL);
DESTROYMUTEXBLOCK(locks, nlocks);
mem_free(locks);
}
}
/* Generates a new serial number for a certificate. */
long get_serial()
{
long serial = read_serial();
if (serial == INVALID_SERIAL) { /* Read failed */
/* Generate a new serial */
RAND_pseudo_bytes((unsigned char*)&serial, sizeof(serial));
serial &= 0x0FFFFFFF; /* Fix sign and allow loads of serials before an overflow occurs */
RAND_cleanup();
write_serial(serial);
} else
write_serial(++serial); /* Update serial file */
return serial;
}
int torque_stop_ssl(void){
int ret = 0;
unsigned z;
RAND_cleanup();
CRYPTO_set_locking_callback(NULL);
CRYPTO_set_id_callback(NULL);
for(z = 0 ; z < numlocks ; ++z){
if(pthread_mutex_destroy(&openssl_locks[z])){
ret = -1;
}
}
numlocks = 0;
free(openssl_locks);
openssl_locks = NULL;
return ret;
}
static void
openssl_shutdown(void)
{
CONF_modules_unload(1);
destroy_ui_method();
OBJ_cleanup();
EVP_cleanup();
#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
#endif
CRYPTO_cleanup_all_ex_data();
ERR_remove_thread_state(NULL);
RAND_cleanup();
ERR_free_strings();
}
void
dst__openssl_destroy(void) {
/*
* Sequence taken from apps_shutdown() in <apps/apps.h>.
*/
if (rm != NULL) {
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
RAND_cleanup();
#endif
mem_free(rm);
rm = NULL;
}
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
CONF_modules_free();
#endif
OBJ_cleanup();
EVP_cleanup();
#if defined(USE_ENGINE)
if (e != NULL)
ENGINE_free(e);
e = NULL;
#if defined(USE_ENGINE) && OPENSSL_VERSION_NUMBER >= 0x00907000L
ENGINE_cleanup();
#endif
#endif
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
CRYPTO_cleanup_all_ex_data();
#endif
ERR_clear_error();
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ERR_remove_state(0);
#endif
ERR_free_strings();
#ifdef DNS_CRYPTO_LEAKS
CRYPTO_mem_leaks_fp(stderr);
#endif
if (locks != NULL) {
CRYPTO_set_locking_callback(NULL);
DESTROYMUTEXBLOCK(locks, nlocks);
mem_free(locks);
locks = NULL;
}
}
static void apps_shutdown()
{
#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
#endif
destroy_ui_method();
CONF_modules_unload(1);
#ifndef OPENSSL_NO_COMP
COMP_zlib_cleanup();
SSL_COMP_free_compression_methods();
#endif
OBJ_cleanup();
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
ERR_remove_thread_state(NULL);
RAND_cleanup();
ERR_free_strings();
}
golle_error golle_random_clear (void) {
UNLOAD_HARDWARE_ENGINE;
RAND_cleanup ();
return GOLLE_OK;
}
void free_openssl()
{
RAND_cleanup();
ERR_free_strings();
}
int
main(int argc, char **argv)
{
int i;
sigset_t set;
#if ENABLE_MPEGTS
uint32_t adapter_mask = 0;
#endif
int log_level = LOG_INFO;
int log_options = TVHLOG_OPT_MILLIS | TVHLOG_OPT_STDERR | TVHLOG_OPT_SYSLOG;
const char *log_debug = NULL, *log_trace = NULL;
gid_t gid = -1;
uid_t uid = -1;
char buf[512];
FILE *pidfile = NULL;
extern int dvb_bouquets_parse;
main_tid = pthread_self();
/* Setup global mutexes */
pthread_mutex_init(&fork_lock, NULL);
pthread_mutex_init(&global_lock, NULL);
pthread_mutex_init(&tasklet_lock, NULL);
pthread_mutex_init(&atomic_lock, NULL);
pthread_cond_init(>imer_cond, NULL);
pthread_cond_init(&tasklet_cond, NULL);
TAILQ_INIT(&tasklets);
/* Defaults */
tvheadend_webui_port = 9981;
tvheadend_webroot = NULL;
tvheadend_htsp_port = 9982;
tvheadend_htsp_port_extra = 0;
time(&dispatch_clock);
/* Command line options */
int opt_help = 0,
opt_version = 0,
opt_fork = 0,
opt_firstrun = 0,
opt_stderr = 0,
opt_syslog = 0,
opt_nosyslog = 0,
opt_uidebug = 0,
opt_abort = 0,
opt_noacl = 0,
opt_fileline = 0,
opt_threadid = 0,
opt_libav = 0,
opt_ipv6 = 0,
opt_satip_rtsp = 0,
#if ENABLE_TSFILE
opt_tsfile_tuner = 0,
#endif
opt_dump = 0,
opt_xspf = 0,
opt_dbus = 0,
opt_dbus_session = 0,
opt_nobackup = 0,
opt_nobat = 0;
const char *opt_config = NULL,
*opt_user = NULL,
*opt_group = NULL,
*opt_logpath = NULL,
*opt_log_debug = NULL,
*opt_log_trace = NULL,
*opt_pidpath = "/var/run/tvheadend.pid",
#if ENABLE_LINUXDVB
*opt_dvb_adapters = NULL,
#endif
*opt_bindaddr = NULL,
*opt_subscribe = NULL,
*opt_user_agent = NULL;
str_list_t opt_satip_xml = { .max = 10, .num = 0, .str = calloc(10, sizeof(char*)) };
str_list_t opt_tsfile = { .max = 10, .num = 0, .str = calloc(10, sizeof(char*)) };
cmdline_opt_t cmdline_opts[] = {
{ 0, NULL, N_("Generic Options"), OPT_BOOL, NULL },
{ 'h', "help", N_("Show this page"), OPT_BOOL, &opt_help },
{ 'v', "version", N_("Show version information"),OPT_BOOL, &opt_version },
{ 0, NULL, N_("Service Configuration"), OPT_BOOL, NULL },
{ 'c', "config", N_("Alternate config path"), OPT_STR, &opt_config },
{ 'B', "nobackup", N_("Don't backup config tree at upgrade"), OPT_BOOL, &opt_nobackup },
{ 'f', "fork", N_("Fork and run as daemon"), OPT_BOOL, &opt_fork },
{ 'u', "user", N_("Run as user"), OPT_STR, &opt_user },
{ 'g', "group", N_("Run as group"), OPT_STR, &opt_group },
{ 'p', "pid", N_("Alternate pid path"), OPT_STR, &opt_pidpath },
{ 'C', "firstrun", N_("If no user account exists then create one with\n"
"no username and no password. Use with care as\n"
"it will allow world-wide administrative access\n"
"to your Tvheadend installation until you edit/create\n"
"access-control from within the Tvheadend UI"),
OPT_BOOL, &opt_firstrun },
#if ENABLE_DBUS_1
{ 'U', "dbus", N_("Enable DBus"),
OPT_BOOL, &opt_dbus },
{ 'e', "dbus_session", N_("DBus - use the session message bus instead system one"),
OPT_BOOL, &opt_dbus_session },
#endif
#if ENABLE_LINUXDVB
{ 'a', "adapters", N_("Only use specified DVB adapters (comma separated)"),
OPT_STR, &opt_dvb_adapters },
#endif
#if ENABLE_SATIP_SERVER
{ 0, "satip_rtsp", N_("SAT>IP RTSP port number for server\n"
"(default: -1 = disable, 0 = webconfig, standard port is 554)"),
OPT_INT, &opt_satip_rtsp },
#endif
#if ENABLE_SATIP_CLIENT
{ 0, "satip_xml", N_("URL with the SAT>IP server XML location"),
OPT_STR_LIST, &opt_satip_xml },
#endif
{ 0, NULL, N_("Server Connectivity"), OPT_BOOL, NULL },
{ '6', "ipv6", N_("Listen on IPv6"), OPT_BOOL, &opt_ipv6 },
{ 'b', "bindaddr", N_("Specify bind address"), OPT_STR, &opt_bindaddr},
{ 0, "http_port", N_("Specify alternative http port"),
OPT_INT, &tvheadend_webui_port },
{ 0, "http_root", N_("Specify alternative http webroot"),
OPT_STR, &tvheadend_webroot },
{ 0, "htsp_port", N_("Specify alternative htsp port"),
OPT_INT, &tvheadend_htsp_port },
{ 0, "htsp_port2", N_("Specify extra htsp port"),
OPT_INT, &tvheadend_htsp_port_extra },
{ 0, "useragent", N_("Specify User-Agent header for the http client"),
OPT_STR, &opt_user_agent },
{ 0, "xspf", N_("Use XSPF playlist instead of M3U"),
OPT_BOOL, &opt_xspf },
{ 0, NULL, N_("Debug Options"), OPT_BOOL, NULL },
{ 'd', "stderr", N_("Enable debug on stderr"), OPT_BOOL, &opt_stderr },
{ 's', "syslog", N_("Enable debug to syslog"), OPT_BOOL, &opt_syslog },
{ 'S', "nosyslog", N_("Disable syslog (all msgs)"), OPT_BOOL, &opt_nosyslog },
{ 'l', "logfile", N_("Enable debug to file"), OPT_STR, &opt_logpath },
{ 0, "debug", N_("Enable debug subsystems"), OPT_STR, &opt_log_debug },
#if ENABLE_TRACE
{ 0, "trace", N_("Enable trace subsystems"), OPT_STR, &opt_log_trace },
#endif
{ 0, "fileline", N_("Add file and line numbers to debug"), OPT_BOOL, &opt_fileline },
{ 0, "threadid", N_("Add the thread ID to debug"), OPT_BOOL, &opt_threadid },
#if ENABLE_LIBAV
{ 0, "libav", N_("More verbose libav log"), OPT_BOOL, &opt_libav },
#endif
{ 0, "uidebug", N_("Enable webUI debug (non-minified JS)"), OPT_BOOL, &opt_uidebug },
{ 'A', "abort", N_("Immediately abort"), OPT_BOOL, &opt_abort },
{ 'D', "dump", N_("Enable coredumps for daemon"), OPT_BOOL, &opt_dump },
{ 0, "noacl", N_("Disable all access control checks"),
OPT_BOOL, &opt_noacl },
{ 0, "nobat", N_("Disable DVB bouquets"),
OPT_BOOL, &opt_nobat },
{ 'j', "join", N_("Subscribe to a service permanently"),
OPT_STR, &opt_subscribe },
#if ENABLE_TSFILE || ENABLE_TSDEBUG
{ 0, NULL, N_("Testing options"), OPT_BOOL, NULL },
{ 0, "tsfile_tuners", N_("Number of tsfile tuners"), OPT_INT, &opt_tsfile_tuner },
{ 0, "tsfile", N_("tsfile input (mux file)"), OPT_STR_LIST, &opt_tsfile },
#endif
#if ENABLE_TSDEBUG
{ 0, "tsdebug", N_("Output directory for tsdebug"), OPT_STR, &tvheadend_tsdebug },
#endif
};
/* Get current directory */
tvheadend_cwd0 = dirname(tvh_strdupa(argv[0]));
tvheadend_cwd = dirname(tvh_strdupa(tvheadend_cwd0));
/* Set locale */
setlocale(LC_ALL, "");
setlocale(LC_NUMERIC, "C");
/* make sure the timezone is set */
tzset();
/* Process command line */
for (i = 1; i < argc; i++) {
/* Find option */
cmdline_opt_t *opt
= cmdline_opt_find(cmdline_opts, ARRAY_SIZE(cmdline_opts), argv[i]);
if (!opt)
show_usage(argv[0], cmdline_opts, ARRAY_SIZE(cmdline_opts),
_("invalid option specified [%s]"), argv[i]);
/* Process */
if (opt->type == OPT_BOOL)
*((int*)opt->param) = 1;
else if (++i == argc)
show_usage(argv[0], cmdline_opts, ARRAY_SIZE(cmdline_opts),
_("option %s requires a value"), opt->lopt);
else if (opt->type == OPT_INT)
*((int*)opt->param) = atoi(argv[i]);
else if (opt->type == OPT_STR_LIST) {
str_list_t *strl = opt->param;
if (strl->num < strl->max)
strl->str[strl->num++] = argv[i];
}
else
*((char**)opt->param) = argv[i];
/* Stop processing */
if (opt_help)
show_usage(argv[0], cmdline_opts, ARRAY_SIZE(cmdline_opts), NULL);
if (opt_version)
show_version(argv[0]);
}
/* Additional cmdline processing */
if (opt_nobat)
dvb_bouquets_parse = 0;
#if ENABLE_LINUXDVB
if (!opt_dvb_adapters) {
adapter_mask = ~0;
} else {
char *p, *e;
char *r = NULL;
char *dvb_adapters = strdup(opt_dvb_adapters);
adapter_mask = 0x0;
p = strtok_r(dvb_adapters, ",", &r);
while (p) {
int a = strtol(p, &e, 10);
if (*e != 0 || a < 0 || a > 31) {
fprintf(stderr, _("Invalid adapter number '%s'\n"), p);
free(dvb_adapters);
return 1;
}
adapter_mask |= (1 << a);
p = strtok_r(NULL, ",", &r);
}
free(dvb_adapters);
if (!adapter_mask) {
fprintf(stderr, "%s", _("No adapters specified!\n"));
return 1;
}
}
#endif
if (tvheadend_webroot) {
char *tmp;
if (*tvheadend_webroot == '/')
tmp = strdup(tvheadend_webroot);
else {
tmp = malloc(strlen(tvheadend_webroot)+2);
*tmp = '/';
strcpy(tmp+1, tvheadend_webroot);
}
if (tmp[strlen(tmp)-1] == '/')
tmp[strlen(tmp)-1] = '\0';
tvheadend_webroot = tmp;
}
tvheadend_webui_debug = opt_uidebug;
/* Setup logging */
if (isatty(2))
log_options |= TVHLOG_OPT_DECORATE;
if (opt_stderr || opt_syslog || opt_logpath) {
if (!opt_log_trace && !opt_log_debug)
log_debug = "all";
log_level = LOG_DEBUG;
if (opt_stderr)
log_options |= TVHLOG_OPT_DBG_STDERR;
if (opt_syslog)
log_options |= TVHLOG_OPT_DBG_SYSLOG;
if (opt_logpath)
log_options |= TVHLOG_OPT_DBG_FILE;
}
if (opt_nosyslog)
log_options &= ~(TVHLOG_OPT_SYSLOG|TVHLOG_OPT_DBG_SYSLOG);
if (opt_fileline)
log_options |= TVHLOG_OPT_FILELINE;
if (opt_threadid)
log_options |= TVHLOG_OPT_THREAD;
if (opt_libav)
log_options |= TVHLOG_OPT_LIBAV;
if (opt_log_trace) {
log_level = LOG_TRACE;
log_trace = opt_log_trace;
}
if (opt_log_debug)
log_debug = opt_log_debug;
tvhlog_init(log_level, log_options, opt_logpath);
tvhlog_set_debug(log_debug);
tvhlog_set_trace(log_trace);
tvhinfo("main", "Log started");
signal(SIGPIPE, handle_sigpipe); // will be redundant later
signal(SIGILL, handle_sigill); // see handler..
/* Set priviledges */
if(opt_fork || opt_group || opt_user) {
const char *homedir;
struct group *grp = getgrnam(opt_group ?: "video");
struct passwd *pw = opt_user ? getpwnam(opt_user) : NULL;
if(grp != NULL) {
gid = grp->gr_gid;
} else {
gid = 1;
}
if (pw != NULL) {
if (getuid() != pw->pw_uid) {
gid_t glist[16];
int gnum;
gnum = get_user_groups(pw, glist, ARRAY_SIZE(glist));
if (gnum > 0 && setgroups(gnum, glist)) {
char buf[256] = "";
int i;
for (i = 0; i < gnum; i++)
snprintf(buf + strlen(buf), sizeof(buf) - 1 - strlen(buf),
",%d", glist[i]);
tvhlog(LOG_ALERT, "START",
"setgroups(%s) failed, do you have permission?", buf+1);
return 1;
}
}
uid = pw->pw_uid;
homedir = pw->pw_dir;
setenv("HOME", homedir, 1);
} else {
uid = 1;
}
}
uuid_init();
config_boot(opt_config, gid, uid);
tcp_server_preinit(opt_ipv6);
http_server_init(opt_bindaddr); // bind to ports only
htsp_init(opt_bindaddr); // bind to ports only
satip_server_init(opt_satip_rtsp); // bind to ports only
if (opt_fork)
pidfile = tvh_fopen(opt_pidpath, "w+");
if (gid != -1 && (getgid() != gid) && setgid(gid)) {
tvhlog(LOG_ALERT, "START",
"setgid(%d) failed, do you have permission?", gid);
return 1;
}
if (uid != -1 && (getuid() != uid) && setuid(uid)) {
tvhlog(LOG_ALERT, "START",
"setuid(%d) failed, do you have permission?", uid);
return 1;
}
/* Daemonise */
if(opt_fork) {
if(daemon(0, 0)) {
exit(2);
}
if(pidfile != NULL) {
fprintf(pidfile, "%d\n", getpid());
fclose(pidfile);
}
/* Make dumpable */
if (opt_dump) {
#ifdef PLATFORM_LINUX
if (chdir("/tmp"))
tvhwarn("START", "failed to change cwd to /tmp");
prctl(PR_SET_DUMPABLE, 1);
#else
tvhwarn("START", "Coredumps not implemented on your platform");
#endif
}
umask(0);
}
tvheadend_running = 1;
/* Start log thread (must be done post fork) */
tvhlog_start();
/* Alter logging */
if (opt_fork)
tvhlog_options &= ~TVHLOG_OPT_STDERR;
if (!isatty(2))
tvhlog_options &= ~TVHLOG_OPT_DECORATE;
/* Initialise clock */
pthread_mutex_lock(&global_lock);
time(&dispatch_clock);
/* Signal handling */
sigfillset(&set);
sigprocmask(SIG_BLOCK, &set, NULL);
trap_init(argv[0]);
/* SSL library init */
OPENSSL_config(NULL);
SSL_load_error_strings();
SSL_library_init();
/* Initialise configuration */
notify_init();
idnode_init();
spawn_init();
config_init(opt_nobackup == 0);
/**
* Initialize subsystems
*/
epg_in_load = 1;
tvhthread_create(&tasklet_tid, NULL, tasklet_thread, NULL);
dbus_server_init(opt_dbus, opt_dbus_session);
intlconv_init();
api_init();
fsmonitor_init();
libav_init();
tvhtime_init();
profile_init();
imagecache_init();
http_client_init(opt_user_agent);
esfilter_init();
bouquet_init();
service_init();
dvb_init();
#if ENABLE_MPEGTS
mpegts_init(adapter_mask, &opt_satip_xml, &opt_tsfile, opt_tsfile_tuner);
#endif
channel_init();
bouquet_service_resolve();
subscription_init();
dvr_config_init();
access_init(opt_firstrun, opt_noacl);
#if ENABLE_TIMESHIFT
timeshift_init();
#endif
tcp_server_init();
webui_init(opt_xspf);
#if ENABLE_UPNP
upnp_server_init(opt_bindaddr);
#endif
service_mapper_init();
descrambler_init();
epggrab_init();
epg_init();
dvr_init();
dbus_server_start();
http_server_register();
satip_server_register();
htsp_register();
if(opt_subscribe != NULL)
subscription_dummy_join(opt_subscribe, 1);
avahi_init();
bonjour_init();
epg_updated(); // cleanup now all prev ref's should have been created
epg_in_load = 0;
pthread_mutex_unlock(&global_lock);
/**
* Wait for SIGTERM / SIGINT, but only in this thread
*/
sigemptyset(&set);
sigaddset(&set, SIGTERM);
sigaddset(&set, SIGINT);
signal(SIGTERM, doexit);
signal(SIGINT, doexit);
pthread_sigmask(SIG_UNBLOCK, &set, NULL);
tvhlog(LOG_NOTICE, "START", "HTS Tvheadend version %s started, "
"running as PID:%d UID:%d GID:%d, CWD:%s CNF:%s",
tvheadend_version,
getpid(), getuid(), getgid(), getcwd(buf, sizeof(buf)),
hts_settings_get_root());
if(opt_abort)
abort();
mainloop();
#if ENABLE_DBUS_1
tvhftrace("main", dbus_server_done);
#endif
#if ENABLE_UPNP
tvhftrace("main", upnp_server_done);
#endif
tvhftrace("main", satip_server_done);
tvhftrace("main", htsp_done);
tvhftrace("main", http_server_done);
tvhftrace("main", webui_done);
tvhftrace("main", fsmonitor_done);
tvhftrace("main", http_client_done);
tvhftrace("main", tcp_server_done);
// Note: the locking is obviously a bit redundant, but without
// we need to disable the gtimer_arm call in epg_save()
pthread_mutex_lock(&global_lock);
tvhftrace("main", epg_save);
#if ENABLE_TIMESHIFT
tvhftrace("main", timeshift_term);
#endif
pthread_mutex_unlock(&global_lock);
tvhftrace("main", epggrab_done);
#if ENABLE_MPEGTS
tvhftrace("main", mpegts_done);
#endif
tvhftrace("main", descrambler_done);
tvhftrace("main", service_mapper_done);
tvhftrace("main", service_done);
tvhftrace("main", channel_done);
tvhftrace("main", bouquet_done);
tvhftrace("main", dvr_done);
tvhftrace("main", subscription_done);
tvhftrace("main", access_done);
tvhftrace("main", epg_done);
tvhftrace("main", avahi_done);
tvhftrace("main", bonjour_done);
tvhftrace("main", imagecache_done);
tvhftrace("main", lang_code_done);
tvhftrace("main", api_done);
tvhtrace("main", "tasklet enter");
pthread_cond_signal(&tasklet_cond);
pthread_join(tasklet_tid, NULL);
tvhtrace("main", "tasklet thread end");
tasklet_flush();
tvhtrace("main", "tasklet leave");
tvhftrace("main", hts_settings_done);
tvhftrace("main", dvb_done);
tvhftrace("main", lang_str_done);
tvhftrace("main", esfilter_done);
tvhftrace("main", profile_done);
tvhftrace("main", intlconv_done);
tvhftrace("main", urlparse_done);
tvhftrace("main", idnode_done);
tvhftrace("main", notify_done);
tvhftrace("main", spawn_done);
tvhlog(LOG_NOTICE, "STOP", "Exiting HTS Tvheadend");
tvhlog_end();
tvhftrace("main", config_done);
if(opt_fork)
unlink(opt_pidpath);
#if ENABLE_TSFILE
free(opt_tsfile.str);
#endif
free(opt_satip_xml.str);
/* OpenSSL - welcome to the "cleanup" hell */
ENGINE_cleanup();
RAND_cleanup();
CRYPTO_cleanup_all_ex_data();
EVP_cleanup();
CONF_modules_free();
#ifndef OPENSSL_NO_COMP
COMP_zlib_cleanup();
#endif
ERR_remove_state(0);
ERR_free_strings();
#ifndef OPENSSL_NO_COMP
sk_SSL_COMP_free(SSL_COMP_get_compression_methods());
#endif
/* end of OpenSSL cleanup code */
#if ENABLE_DBUS_1
extern void dbus_shutdown(void);
if (opt_dbus) dbus_shutdown();
#endif
return 0;
}
/**
*
*/
void
tvh_str_set(char **strp, const char *src)
{
free(*strp);
*strp = src ? strdup(src) : NULL;
}
/**
*
*/
int
tvh_str_update(char **strp, const char *src)
{
if(src == NULL)
return 0;
free(*strp);
*strp = strdup(src);
return 1;
}
/**
*
*/
void
scopedunlock(pthread_mutex_t **mtxp)
{
pthread_mutex_unlock(*mtxp);
}
int main(int argc, char **argv) {
int c = 0;
char *ptr, *progname = *argv;
const char *cmdopts = "hqv", *secret = NULL;
ptr = strrchr(progname, '/');
if (ptr != NULL) {
progname = ptr+1;
}
opterr = 0;
while ((c =
#ifdef HAVE_GETOPT_LONG
getopt_long(argc, argv, cmdopts, opts, NULL)
#else /* HAVE_GETOPT_LONG */
getopt(argc, argv, cmdopts)
#endif /* HAVE_GETOPT_LONG */
) != -1) {
switch (c) {
case 'h':
show_usage(progname, 0);
break;
case 'q':
verbose = FALSE;
quiet = TRUE;
break;
case 'v':
quiet = FALSE;
verbose = TRUE;
break;
case '?':
fprintf(stderr, "unknown option: %c\n", (char) optopt);
show_usage(progname, 1);
break;
}
}
auth_otp_pool = make_sub_pool(NULL);
#if OPENSSL_VERSION_NUMBER < 0x10100000L
OPENSSL_config(NULL);
#endif /* prior to OpenSSL-1.1.x */
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
secret = generate_secret(auth_otp_pool);
if (secret == NULL) {
return 1;
}
if (quiet) {
fprintf(stdout, "%s\n", secret);
} else {
int code;
code = generate_code(auth_otp_pool, secret, strlen(secret));
if (code < 0) {
fprintf(stderr, "%s: error generating verification code: %s\n", progname,
strerror(errno));
destroy_pool(auth_otp_pool);
return 1;
}
fprintf(stdout, "-------------------------------------------------\n");
fprintf(stdout, "Your new secret key is: %s\n\n", secret);
fprintf(stdout, "To add this key to your SQL table, you might use:\n\n");
fprintf(stdout, " INSERT INTO auth_otp (secret, counter) VALUES ('%s', 0);\n\n",
secret);
fprintf(stdout, "Your verification code is: %06d\n", code);
fprintf(stdout, "-------------------------------------------------\n");
}
ERR_free_strings();
EVP_cleanup();
RAND_cleanup();
destroy_pool(auth_otp_pool);
return 0;
}
/*
* Wrapper for fork(). Return values are the same as those for fork():
* -1 if the fork failed, 0 in the child process, and the PID of the
* child in the parent process.
*/
pid_t
fork_process(void)
{
pid_t result;
#ifdef LINUX_PROFILE
struct itimerval prof_itimer;
#endif
/*
* Flush stdio channels just before fork, to avoid double-output problems.
* Ideally we'd use fflush(NULL) here, but there are still a few non-ANSI
* stdio libraries out there (like SunOS 4.1.x) that coredump if we do.
* Presently stdout and stderr are the only stdio output channels used by
* the postmaster, so fflush'ing them should be sufficient.
*/
fflush(stdout);
fflush(stderr);
#ifdef LINUX_PROFILE
/*
* Linux's fork() resets the profiling timer in the child process. If we
* want to profile child processes then we need to save and restore the
* timer setting. This is a waste of time if not profiling, however, so
* only do it if commanded by specific -DLINUX_PROFILE switch.
*/
getitimer(ITIMER_PROF, &prof_itimer);
#endif
result = fork();
if (result == 0)
{
/* fork succeeded, in child */
#ifdef LINUX_PROFILE
setitimer(ITIMER_PROF, &prof_itimer, NULL);
#endif
/*
* By default, Linux tends to kill the postmaster in out-of-memory
* situations, because it blames the postmaster for the sum of child
* process sizes *including shared memory*. (This is unbelievably
* stupid, but the kernel hackers seem uninterested in improving it.)
* Therefore it's often a good idea to protect the postmaster by
* setting its oom_score_adj value negative (which has to be done in a
* root-owned startup script). If you just do that much, all child
* processes will also be protected against OOM kill, which might not
* be desirable. You can then choose to build with
* LINUX_OOM_SCORE_ADJ #defined to 0, or to some other value that you
* want child processes to adopt here.
*/
#ifdef LINUX_OOM_SCORE_ADJ
{
/*
* Use open() not stdio, to ensure we control the open flags. Some
* Linux security environments reject anything but O_WRONLY.
*/
int fd = open("/proc/self/oom_score_adj", O_WRONLY, 0);
/* We ignore all errors */
if (fd >= 0)
{
char buf[16];
int rc;
snprintf(buf, sizeof(buf), "%d\n", LINUX_OOM_SCORE_ADJ);
rc = write(fd, buf, strlen(buf));
(void) rc;
close(fd);
}
}
#endif /* LINUX_OOM_SCORE_ADJ */
/*
* Older Linux kernels have oom_adj not oom_score_adj. This works
* similarly except with a different scale of adjustment values. If
* it's necessary to build Postgres to work with either API, you can
* define both LINUX_OOM_SCORE_ADJ and LINUX_OOM_ADJ.
*/
#ifdef LINUX_OOM_ADJ
{
/*
* Use open() not stdio, to ensure we control the open flags. Some
* Linux security environments reject anything but O_WRONLY.
*/
int fd = open("/proc/self/oom_adj", O_WRONLY, 0);
/* We ignore all errors */
if (fd >= 0)
{
char buf[16];
int rc;
snprintf(buf, sizeof(buf), "%d\n", LINUX_OOM_ADJ);
rc = write(fd, buf, strlen(buf));
(void) rc;
close(fd);
}
}
#endif /* LINUX_OOM_ADJ */
/*
* Make sure processes do not share OpenSSL randomness state.
*/
#ifdef USE_SSL
RAND_cleanup();
#endif
}
return result;
}
static int openssl_random_cleanup(lua_State *L)
{
(void) L;
RAND_cleanup();
return 0;
}
void crypto_release(void)
{
RAND_cleanup();
ERR_free_strings();
}
void
daemon_delete(struct daemon* daemon)
{
size_t i;
if(!daemon)
return;
modstack_desetup(&daemon->mods, daemon->env);
daemon_remote_delete(daemon->rc);
for(i = 0; i < daemon->num_ports; i++)
listening_ports_free(daemon->ports[i]);
free(daemon->ports);
listening_ports_free(daemon->rc_ports);
if(daemon->env) {
slabhash_delete(daemon->env->msg_cache);
rrset_cache_delete(daemon->env->rrset_cache);
infra_delete(daemon->env->infra_cache);
edns_known_options_delete(daemon->env);
auth_zones_delete(daemon->env->auth_zones);
}
ub_randfree(daemon->rand);
alloc_clear(&daemon->superalloc);
acl_list_delete(daemon->acl);
free(daemon->chroot);
free(daemon->pidfile);
free(daemon->env);
#ifdef HAVE_SSL
SSL_CTX_free((SSL_CTX*)daemon->listen_sslctx);
SSL_CTX_free((SSL_CTX*)daemon->connect_sslctx);
#endif
free(daemon);
#ifdef LEX_HAS_YYLEX_DESTROY
/* lex cleanup */
ub_c_lex_destroy();
#endif
/* libcrypto cleanup */
#ifdef HAVE_SSL
# if defined(USE_GOST) && defined(HAVE_LDNS_KEY_EVP_UNLOAD_GOST)
sldns_key_EVP_unload_gost();
# endif
# if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS && HAVE_DECL_SK_SSL_COMP_POP_FREE
# ifndef S_SPLINT_S
# if OPENSSL_VERSION_NUMBER < 0x10100000
sk_SSL_COMP_pop_free(comp_meth, (void(*)())CRYPTO_free);
# endif
# endif
# endif
# ifdef HAVE_OPENSSL_CONFIG
EVP_cleanup();
# if OPENSSL_VERSION_NUMBER < 0x10100000
ENGINE_cleanup();
# endif
CONF_modules_free();
# endif
# ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
CRYPTO_cleanup_all_ex_data(); /* safe, no more threads right now */
# endif
# ifdef HAVE_ERR_FREE_STRINGS
ERR_free_strings();
# endif
# if OPENSSL_VERSION_NUMBER < 0x10100000
RAND_cleanup();
# endif
# if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
ub_openssl_lock_delete();
# endif
#ifndef HAVE_ARC4RANDOM
_ARC4_LOCK_DESTROY();
#endif
#elif defined(HAVE_NSS)
NSS_Shutdown();
#endif /* HAVE_SSL or HAVE_NSS */
checklock_stop();
#ifdef USE_WINSOCK
if(WSACleanup() != 0) {
log_err("Could not WSACleanup: %s",
wsa_strerror(WSAGetLastError()));
}
#endif
}
