Ejemplo n.º 1
0
int write_fifodir(char *dirname, stralloc *sa, void (*oaw_func)(char *, stralloc *))
{
  DIR *dir = NULL;
  stralloc name = {0};
  struct dirent *x = NULL;
  static struct stat st;

  /* read directory */
  dir = opendir(dirname);
  if(dir == NULL)
    {
      strerr_warn3("can't opendir() ", dirname, ": ", &strerr_sys);
      return -1;
    }

  while (x = readdir(dir))
    {
      if(x == NULL)
	{
	  strerr_warn3("can't readdir() ", dirname, ": ", &strerr_sys);
	  if(name.a) 
	    stralloc_free(&name);
	  return -1;
	}

      /* Ignore everything starting with a . */
      if(x->d_name[0] != '.')
	{ 
	  stralloc_copys(&name, dirname);
	  stralloc_cats(&name, "/");
	  stralloc_cats(&name, x->d_name);
	  stralloc_0(&name);

	  if(stat(name.s, &st) == -1)
	    {
	      strerr_warn2("can't stat ", name.s, &strerr_sys);
	    }

	  if(S_ISFIFO(st.st_mode))
	    {
	      oaw_func(name.s, sa);
	    }
	  else
	    {
	      buffer_puts(buffer_2, "ddnsd: warning: ");
	      buffer_puts(buffer_2, name.s);
	      buffer_puts(buffer_2, " is no fifo, ignoring\n");
	      buffer_flush(buffer_2);
	    }
	}
    }
  closedir(dir);  

  return 0;
}
Ejemplo n.º 2
0
void dump_db_to_cdb()
{
  char *z;

  z = "0";
  *z =+ flagchanged;
  buffer_puts(buffer_2, z);
  buffer_puts(buffer_2, " ");
  
  z = "0";
  *z =+ flagchildrunning;
  buffer_puts(buffer_2, z);
  buffer_putsflush(buffer_2, " checking if a dump is needed\n");

  if(flagsighup)
    {
      flagsighup = 0;
      buffer_putsflush(buffer_2, ARGV0 "SIGHUP recived, dumping withouth further asking\n");
    }
  if(flagchanged && !flagchildrunning)
    {
      flagchanged = 0;
      flagchildrunning++;

      buffer_putsflush(buffer_2, ARGV0 "yep, forking\n");

      /* fork of a child to do this */
      switch(fork()) 
	{
	case 0:
	  /* this is the child */
	  /* XXX close fifos? */
	  sig_ignore(sig_alarm);
	  sig_ignore(sig_hangup);
	  buffer_putsflush(buffer_2, ARGV0 "child started\n");
	  dodump();
	  buffer_putsflush(buffer_2, ARGV0 "child exiting\n");
	  _exit(0);
	case -1:
	  strerr_warn2(ARGV0, "unable to fork: ", &strerr_sys);
	  break;
	}
     
      /* this is the parent */
      flagdumpasap = 0;
      buffer_putsflush(buffer_2, ARGV0 "parent\n");
    } 
}
Ejemplo n.º 3
0
Archivo: runit.c Proyecto: Gottox/runit 
int main (int argc, const char * const *argv, char * const *envp) {
  const char * prog[2];
  int pid, pid2;
  int wstat;
  int st;
  iopause_fd x;
#ifndef IOPAUSE_POLL
  fd_set rfds;
  struct timeval t;
#endif
  char ch;
  int ttyfd;
  struct stat s;

  if (getpid() != 1) strerr_die2x(111, FATAL, "must be run as process no 1.");
  setsid();

  sig_block(sig_alarm);
  sig_block(sig_child);
  sig_catch(sig_child, sig_child_handler);
  sig_block(sig_cont);
  sig_catch(sig_cont, sig_cont_handler);
  sig_block(sig_hangup);
  sig_block(sig_int);
  sig_catch(sig_int, sig_int_handler);
  sig_block(sig_pipe);
  sig_block(sig_term);

  /* console */
  if ((ttyfd =open_write("/dev/console")) != -1) {
    dup2(ttyfd, 0); dup2(ttyfd, 1); dup2(ttyfd, 2);
    if (ttyfd > 2) close(ttyfd);
  }

  /* create selfpipe */
  while (pipe(selfpipe) == -1) {
    strerr_warn2(FATAL, "unable to create selfpipe, pausing: ", &strerr_sys);
    sleep(5);
  }
  coe(selfpipe[0]);
  coe(selfpipe[1]);
  ndelay_on(selfpipe[0]);
  ndelay_on(selfpipe[1]);

#ifdef RB_DISABLE_CAD
  /* activate ctrlaltdel handling, glibc, dietlibc */
  if (RB_DISABLE_CAD == 0) reboot_system(0);
#endif

  strerr_warn3(INFO, "$Id: 25da3b86f7bed4038b8a039d2f8e8c9bbcf0822b $",
               ": booting.", 0);

  /* runit */
  for (st =0; st < 3; st++) {
    /* if (st == 2) logwtmp("~", "reboot", ""); */
    while ((pid =fork()) == -1) {
      strerr_warn4(FATAL, "unable to fork for \"", stage[st], "\" pausing: ",
                   &strerr_sys);
      sleep(5);
    }
    if (!pid) {
      /* child */
      prog[0] =stage[st];
      prog[1] =0;

      /* stage 1 gets full control of console */
      if (st == 0) {
        if ((ttyfd =open("/dev/console", O_RDWR)) != -1) {
#ifdef TIOCSCTTY 
          ioctl(ttyfd, TIOCSCTTY, (char *)0);
#endif
          dup2(ttyfd, 0);
          if (ttyfd > 2) close(ttyfd);
        }
        else
          strerr_warn2(WARNING, "unable to open /dev/console: ", &strerr_sys);
      }
      else
        setsid();

      sig_unblock(sig_alarm);
      sig_unblock(sig_child);
      sig_uncatch(sig_child);
      sig_unblock(sig_cont);
      sig_ignore(sig_cont);
      sig_unblock(sig_hangup);
      sig_unblock(sig_int);
      sig_uncatch(sig_int);
      sig_unblock(sig_pipe);
      sig_unblock(sig_term);
            
      strerr_warn3(INFO, "enter stage: ", stage[st], 0);
      execve(*prog, (char *const *)prog, envp);
      strerr_die4sys(0, FATAL, "unable to start child: ", stage[st], ": ");
    }

    x.fd =selfpipe[0];
    x.events =IOPAUSE_READ;
    for (;;) {
      int child;

      sig_unblock(sig_child);
      sig_unblock(sig_cont);
      sig_unblock(sig_int);
#ifdef IOPAUSE_POLL
      poll(&x, 1, 14000);
#else
      t.tv_sec =14; t.tv_usec =0;
      FD_ZERO(&rfds);
      FD_SET(x.fd, &rfds);
      select(x.fd +1, &rfds, (fd_set*)0, (fd_set*)0, &t);
#endif
      sig_block(sig_cont);
      sig_block(sig_child);
      sig_block(sig_int);
      
      while (read(selfpipe[0], &ch, 1) == 1) {}
      while ((child =wait_nohang(&wstat)) > 0)
        if (child == pid) break;
      if (child == -1) {
        strerr_warn2(WARNING, "wait_nohang, pausing: ", &strerr_sys);
        sleep(5);
      }

      /* reget stderr */
      if ((ttyfd =open_write("/dev/console")) != -1) {
        dup2(ttyfd, 2);
        if (ttyfd > 2) close(ttyfd);
      }

      if (child == pid) {
        if (wait_exitcode(wstat) != 0) {
          if (wait_crashed(wstat))
            strerr_warn3(WARNING, "child crashed: ", stage[st], 0);
          else
            strerr_warn3(WARNING, "child failed: ", stage[st], 0);
          if (st == 0)
            /* this is stage 1 */
            if (wait_crashed(wstat) || (wait_exitcode(wstat) == 100)) {
              strerr_warn3(INFO, "leave stage: ", stage[st], 0);
              strerr_warn2(WARNING, "skipping stage 2...", 0);
              st++;
              break;
            }
          if (st == 1)
            /* this is stage 2 */
            if (wait_crashed(wstat) || (wait_exitcode(wstat) == 111)) {
              strerr_warn2(WARNING, "killing all processes in stage 2...", 0);
              kill(-pid, 9);
              sleep(5);
              strerr_warn2(WARNING, "restarting.", 0);
              st--;
              break;
            }
        }
        strerr_warn3(INFO, "leave stage: ", stage[st], 0);
        break;
      }
      if (child != 0) {
        /* collect terminated children */
        write(selfpipe[1], "", 1);
        continue;
      }

      /* sig? */
      if (!sigc  && !sigi) {
#ifdef DEBUG
        strerr_warn2(WARNING, "poll: ", &strerr_sys);
#endif
        continue;
      }
      if (st != 1) {
        strerr_warn2(WARNING, "signals only work in stage 2.", 0);
        sigc =sigi =0;
        continue;
      }
      if (sigi && (stat(CTRLALTDEL, &s) != -1) && (s.st_mode & S_IXUSR)) {
        strerr_warn2(INFO, "ctrl-alt-del request...", 0);
        prog[0] =CTRLALTDEL; prog[1] =0;
        while ((pid2 =fork()) == -1) {
          strerr_warn4(FATAL, "unable to fork for \"", CTRLALTDEL,
                       "\" pausing: ", &strerr_sys);
          sleep(5);
        }
        if (!pid2) {
          /* child */
          strerr_warn3(INFO, "enter stage: ", prog[0], 0);
          execve(*prog, (char *const *) prog, envp);
          strerr_die4sys(0, FATAL, "unable to start child: ", prog[0], ": ");
        }
        if (wait_pid(&wstat, pid2) == -1)
          strerr_warn2(FATAL, "wait_pid: ", &strerr_sys);
        if (wait_crashed(wstat))
          strerr_warn3(WARNING, "child crashed: ", CTRLALTDEL, 0);
        strerr_warn3(INFO, "leave stage: ", prog[0], 0);
        sigi =0;
        sigc++;
      }
      if (sigc && (stat(STOPIT, &s) != -1) && (s.st_mode & S_IXUSR)) {
        int i;
        /* unlink(STOPIT); */
        chmod(STOPIT, 0);

        /* kill stage 2 */
#ifdef DEBUG
        strerr_warn2(WARNING, "sending sigterm...", 0);
#endif
        kill(pid, sig_term);
        i =0;
        while (i < 5) {
          if ((child =wait_nohang(&wstat)) == pid) {
#ifdef DEBUG
            strerr_warn2(WARNING, "stage 2 terminated.", 0);
#endif
            pid =0;
            break;
          }
          if (child) continue;
          if (child == -1) 
            strerr_warn2(WARNING, "wait_nohang: ", &strerr_sys);
#ifdef DEBUG
          strerr_warn2(WARNING, "waiting...", 0);
#endif
          sleep(1);
          i++;
        }
        if (pid) {
          /* still there */
          strerr_warn2(WARNING,
                       "stage 2 not terminated, sending sigkill...", 0);
          kill(pid, 9);
          if (wait_pid(&wstat, pid) == -1)
            strerr_warn2(WARNING, "wait_pid: ", &strerr_sys);
        }
        sigc =0;
        strerr_warn3(INFO, "leave stage: ", stage[st], 0);

        /* enter stage 3 */
        break;
      }
      sigc =sigi =0;
#ifdef DEBUG
      strerr_warn2(WARNING, "no request.", 0);
#endif
    }
  }

  /* reget stderr */
  if ((ttyfd =open_write("/dev/console")) != -1) {
    dup2(ttyfd, 2);
    if (ttyfd > 2) close(ttyfd);
  }

#ifdef RB_AUTOBOOT
  /* fallthrough stage 3 */
  strerr_warn2(INFO, "sending KILL signal to all processes...", 0);
  kill(-1, SIGKILL);

  pid =fork();
  switch (pid) {
  case  0:
  case -1:
  if ((stat(REBOOT, &s) != -1) && (s.st_mode & S_IXUSR)) {
    strerr_warn2(INFO, "system reboot.", 0);
    sync();
    reboot_system(RB_AUTOBOOT);
  }
  else {
#ifdef RB_POWER_OFF
    strerr_warn2(INFO, "power off...", 0);
    sync();
    reboot_system(RB_POWER_OFF);
    sleep(2);
#endif
#ifdef RB_HALT_SYSTEM
    strerr_warn2(INFO, "system halt.", 0);
    sync();
    reboot_system(RB_HALT_SYSTEM);
#else
#ifdef RB_HALT
    strerr_warn2(INFO, "system halt.", 0);
    sync();
    reboot_system(RB_HALT);
#else
    strerr_warn2(INFO, "system reboot.", 0);
    sync();
    reboot_system(RB_AUTOBOOT);
#endif
#endif
  }
  if (pid == 0) _exit(0);
  break;
  default:
  sig_unblock(sig_child);
  while (wait_pid(0, pid) == -1);
  }
#endif

  for (;;) sig_pause();
  /* not reached */
  strerr_die2x(0, INFO, "exit.");
  return(0);
}
Ejemplo n.º 4
0
int main(int argc,char * const *argv) {
  const char *hostname;
  int opt;
  struct servent *se;
  char *x;
  unsigned long u;
  int s;
  int t;

  io_opt = ssl_io_opt_default;
  io_opt.timeout = 3600;

  while ((opt = getopt(argc,argv,"46dDvqQhHrR1UXx:t:T:u:g:l:b:B:c:Z:pPoO3IiEeSsaAw:nNyYuUjJ")) != opteof)
    switch(opt) {
      case 'b': scan_ulong(optarg,&backlog); break;
      case 'c': scan_ulong(optarg,&limit); break;
      case 'X': flagallownorules = 1; break;
      case 'x': fnrules = optarg; break;
      case 'B': banner = optarg; break;
      case 'd': flagdelay = 1; break;
      case 'D': flagdelay = 0; break;
      case 'v': verbosity = 2; break;
      case 'q': verbosity = 0; break;
      case 'Q': verbosity = 1; break;
      case 'P': flagparanoid = 0; break;
      case 'p': flagparanoid = 1; break;
      case 'O': flagkillopts = 1; break;
      case 'o': flagkillopts = 0; break;
      case 'H': flagremotehost = 0; break;
      case 'h': flagremotehost = 1; break;
      case 'R': flagremoteinfo = 0; break;
      case 'r': flagremoteinfo = 1; break;
      case 't': scan_ulong(optarg,&timeout); break;
      case 'T': scan_ulong(optarg,&ssltimeout); break;
      case 'w': scan_uint(optarg,&io_opt.timeout); break;
      case 'U': x = env_get("UID"); if (x) scan_ulong(x,&uid);
		x = env_get("GID"); if (x) scan_ulong(x,&gid); break;
      case 'u': scan_ulong(optarg,&uid); break;
      case 'g': scan_ulong(optarg,&gid); break;
      case 'Z': netif=socket_getifidx(optarg); break;
      case '1': flag1 = 1; break;
      case '4': noipv6 = 1; break;
      case '6': forcev6 = 1; break;
      case 'l': localhost = optarg; break;
      case '3': flag3 = 1; break;
      case 'I': flagclientcert = 0; break;
      case 'i': flagclientcert = 1; break;
      case 'S': flagsslenv = 0; break;
      case 's': flagsslenv = 1; break;
      case 'E': flagtcpenv = 0; break;
      case 'e': flagtcpenv = 1; break;
      case 'n': case 'y': flagsslwait = 1; break;
      case 'N': case 'Y': flagsslwait = 0; break;
      case 'j': io_opt.just_shutdown = 1; break;
      case 'J': io_opt.just_shutdown = 0; break;
      default: usage();
    }
  argc -= optind;
  argv += optind;

  if (!verbosity)
    buffer_2->fd = -1;
 
  hostname = *argv++;
  if (!hostname) usage();
  if (str_equal(hostname,"")) hostname = "0";

  x = *argv++;
  if (!x) usage();
  prog = argv;
  if (!*argv) usage();
  if (!x[scan_ulong(x,&u)])
    localport = u;
  else {
    se = getservbyname(x,"tcp");
    if (!se)
      strerr_die3x(111,FATAL,"unable to figure out port number for ",x);
    uint16_unpack_big((char*)&se->s_port,&localport);
  }

  if (x = env_get("VERIFYDEPTH")) {
    scan_ulong(x,&u);
    verifydepth = u;
  }

  if (x = env_get("CAFILE")) cafile = x;
  if (cafile && str_equal(cafile,"")) cafile = 0;

  if (x = env_get("CCAFILE")) ccafile = x;
  if (ccafile && str_equal(ccafile,"")) ccafile = 0;
  if (!flagclientcert) ccafile = 0;

  if (x = env_get("CADIR")) cadir = x;
  if (cadir && str_equal(cadir,"")) cadir= 0;

  if (x = env_get("CERTFILE")) certfile = x;
  if (certfile && str_equal(certfile,"")) certfile = 0;

  if (x = env_get("KEYFILE")) keyfile = x;
  if (keyfile && str_equal(keyfile,"")) keyfile = 0;

  if (x = env_get("DHFILE")) dhfile = x;
  if (dhfile && str_equal(dhfile,"")) dhfile = 0;

  if (x = env_get("CIPHERS")) ciphers = x;
  if (ciphers && str_equal(ciphers,"")) ciphers = 0;

  sig_block(sig_child);
  sig_catch(sig_child,sigchld);
  sig_catch(sig_term,sigterm);
  sig_ignore(sig_pipe);
 
  if (str_equal(hostname,"0")) {
    byte_zero(localip,sizeof localip);
  } else {
    if (!stralloc_copys(&tmp,hostname))
      strerr_die2x(111,FATAL,"out of memory");
    if (dns_ip6_qualify(&addresses,&fqdn,&tmp) == -1)
      strerr_die4sys(111,FATAL,"temporarily unable to figure out IP address for ",hostname,": ");
    if (addresses.len < 16)
      strerr_die3x(111,FATAL,"no IP address for ",hostname);
    byte_copy(localip,16,addresses.s);
    if (ip6_isv4mapped(localip))
      noipv6=1;
  }

  s = socket_tcp6();
  if (s == -1)
    strerr_die2sys(111,FATAL,"unable to create socket: ");

  if (socket_bind6_reuse(s,localip,localport,netif) == -1)
    strerr_die2sys(111,FATAL,"unable to bind: ");

  if (socket_local6(s,localip,&localport,&netif) == -1)
    strerr_die2sys(111,FATAL,"unable to get local address: ");
  if (socket_listen(s,backlog) == -1)
    strerr_die2sys(111,FATAL,"unable to listen: ");
  ndelay_off(s);

  localportstr[fmt_ulong(localportstr,localport)] = 0;
  if (flag1) {
    buffer_init(&b,buffer_unixwrite,1,bspace,sizeof bspace);
    buffer_puts(&b,localportstr);
    buffer_puts(&b,"\n");
    buffer_flush(&b);
  }
 
  if (flag3) read_passwd();

  ctx = ssl_server();
  ssl_errstr();
  if (!ctx) strerr_die2x(111,FATAL,"unable to create SSL context");

  switch (ssl_certkey(ctx,certfile,keyfile,passwd_cb)) {
    case -1: strerr_die2x(111,FATAL,"unable to load certificate");
    case -2: strerr_die2x(111,FATAL,"unable to load key");
    case -3: strerr_die2x(111,FATAL,"key does not match certificate");
    default: break;
  }

  if (!ssl_ca(ctx,cafile,cadir,verifydepth))
    strerr_die2x(111,FATAL,"unable to load CA list");

  if (!ssl_cca(ctx,ccafile))
    strerr_die2x(111,FATAL,"unable to load client CA list");

  if (!ssl_params(ctx,dhfile,rsalen))
    strerr_die2x(111,FATAL,"unable to set cipher parameters");

  if (!ssl_ciphers(ctx,ciphers))
    strerr_die2x(111,FATAL,"unable to set cipher list");

  if (verbosity >= 2) {
    strnum[fmt_ulong(strnum,getpid())] = 0;
    strnum2[fmt_ulong(strnum2,rsalen)] = 0;
    strerr_warn4("sslserver: cafile ",strnum," ",cafile,0);
    strerr_warn4("sslserver: ccafile ",strnum," ",ccafile,0);
    strerr_warn4("sslserver: cadir ",strnum," ",cadir,0);
    strerr_warn4("sslserver: cert ",strnum," ",certfile,0);
    strerr_warn4("sslserver: key ",strnum," ",keyfile,0);
    strerr_warn6("sslserver: param ",strnum," ",dhfile," ",strnum2,0);
  }

  close(0); open_read("/dev/null");
  close(1); open_append("/dev/null");

  printstatus();
 
  for (;;) {
    while (numchildren >= limit) sig_pause();

    sig_unblock(sig_child);
    t = socket_accept6(s,remoteip,&remoteport,&netif);
    sig_block(sig_child);

    if (t == -1) continue;
    ++numchildren; printstatus();
 
    switch(fork()) {
      case 0:
        close(s);
        doit(t);
	strerr_die4sys(111,DROP,"unable to run ",*argv,": ");
      case -1:
        strerr_warn2(DROP,"unable to fork: ",&strerr_sys);
        --numchildren; printstatus();
    }
    close(t);
  }
}
Ejemplo n.º 5
0
void doit(int t) {
  int fakev4=0;
  int j;
  SSL *ssl;
  int wstat;
  uint32 scope_id;
  int sslctl[2];
  char *s;
  unsigned long tmp_long;
  char sslctl_cmd;
  stralloc ssl_env = { 0 };
  buffer ssl_env_buf;

  if (pipe(pi) == -1) strerr_die2sys(111,DROP,"unable to create pipe: ");
  if (pipe(po) == -1) strerr_die2sys(111,DROP,"unable to create pipe: ");
  if (socketpair(AF_UNIX, SOCK_STREAM, 0, sslctl) == -1) strerr_die2sys(111,DROP,"unable to create socketpair: ");

  switch(fork()) {
    case -1:
      strerr_die2sys(111,DROP,"unable to fork: ");
    case 0:
      /* Child */
      break;
    default:
      /* Parent */

      close(pi[0]); close(po[1]); close(sslctl[1]);

      if ((s=env_get("SSL_CHROOT")))
        if (chroot(s) == -1)
          strerr_die2x(111,DROPSSL,"unable to chroot");

      if ((s=env_get("SSL_GID"))) {
        scan_ulong(s,&tmp_long);
        gid = tmp_long;
      }
      if (gid) if (prot_gid(gid) == -1) strerr_die2sys(111,DROPSSL,"unable to set gid: ");

      if ((s=env_get("SSL_UID"))) {
        scan_ulong(s,&tmp_long);
        uid = tmp_long;
      }
      if (uid) if (prot_uid(uid) == -1)
        strerr_die2sys(111,DROPSSL,"unable to set uid: ");

      /* This will exit on a fatal error or if the client quits
       * without activating SSL
       */
      sslctl_cmd = ucspitls_master_wait_for_activation(sslctl[0]);

      /* If we got here, SSL must have been activated */
      ssl = ssl_new(ctx,t);
      if (!ssl) strerr_die2x(111,DROP,"unable to create SSL instance");
      if (ndelay_on(t) == -1)
        strerr_die2sys(111,DROP,"unable to set socket options: ");
      if (ssl_timeoutaccept(ssl,ssltimeout) == -1)
        strerr_die3x(111,DROP,"unable to accept SSL: ",ssl_error_str(ssl_errno));

      if (verbosity >= 2) {
        strnum[fmt_ulong(strnum,getpid())] = 0;
        strerr_warn3("sslserver: ssl ",strnum," accept ",0);
      }

      if (flagclientcert) {
        switch(ssl_verify(ssl,verifyhost)) {
          case -1:
            strerr_die2x(111,DROP,"unable to verify client certificate");
          case -2:
            strerr_die2x(111,DROP,"no client certificate");
          case -3:
            strerr_die2x(111,DROP,"client name does not match certificate");
          default: break;
        }
      }

      if (sslctl_cmd == 'Y') {
        ssl_server_env(ssl, &ssl_env);
        stralloc_0(&ssl_env); /* Add another NUL */

        buffer_init(&ssl_env_buf,buffer_unixwrite,sslctl[0],NULL,0);
        if (buffer_putflush(&ssl_env_buf, ssl_env.s, ssl_env.len) == -1) {
          strerr_die2sys(111, FATAL, "unable to write SSL environment: ");
        }
      } else if (sslctl_cmd != 'y') {
        strerr_die2x(111,DROP,"Protocol error on SSL control descriptor: invalid command character read");
      }

      if (close(sslctl[0]) != 0) {
        strerr_die2sys(111, DROP, "Error closing SSL control socket: ");
      }

      if (ssl_io(ssl,pi[1],po[0],io_opt) != 0)
        strerr_die3x(111,DROP,"unable to speak SSL: ",ssl_error_str(ssl_errno));
      if (wait_nohang(&wstat) > 0)
        _exit(wait_exitcode(wstat));
      ssl_close(ssl);
      _exit(0);
  }

  /* Child-only below this point */
  if (close(sslctl[0]) != 0) { 
    strerr_die2sys(111, DROP, "Error closing SSL control socket: ");
  }

  if (!forcev6 && ip6_isv4mapped(remoteip))
    fakev4=1;
  if (fakev4)
    remoteipstr[ip4_fmt(remoteipstr,remoteip+12)] = 0;
  else
    remoteipstr[ip6_fmt(remoteipstr,remoteip)] = 0;

  if (verbosity >= 2) {
    strnum[fmt_ulong(strnum,getpid())] = 0;
    strerr_warn4("sslserver: pid ",strnum," from ",remoteipstr,0);
  }

  if (socket_local6(t,localip,&localport,&scope_id) == -1)
    strerr_die2sys(111,DROP,"unable to get local address: ");

  if (fakev4)
    localipstr[ip4_fmt(localipstr,localip+12)] = 0;
  else
    localipstr[ip6_fmt(localipstr,localip)] = 0;
  remoteportstr[fmt_ulong(remoteportstr,remoteport)] = 0;

  if (!localhost)
    if (dns_name6(&localhostsa,localip) == 0)
      if (localhostsa.len) {
	if (!stralloc_0(&localhostsa)) drop_nomem();
	localhost = localhostsa.s;
      }
  env("PROTO",fakev4?"SSL":"SSL6");
  env("SSLLOCALIP",localipstr);
  env("SSL6LOCALIP",localipstr);
  env("SSLLOCALPORT",localportstr);
  env("SSL6LOCALPORT",localportstr);
  env("SSLLOCALHOST",localhost);
  env("SSL6LOCALHOST",localhost);
  if (!fakev4 && scope_id)
    env("SSL6INTERFACE",socket_getifname(scope_id));

  if (flagtcpenv) {
    env("TCPLOCALIP",localipstr);
    env("TCP6LOCALIP",localipstr);
    env("TCPLOCALPORT",localportstr);
    env("TCP6LOCALPORT",localportstr);
    env("TCPLOCALHOST",localhost);
    env("TCP6LOCALHOST",localhost);
    if (!fakev4 && scope_id)
      env("TCP6INTERFACE",socket_getifname(scope_id));
  }

  if (flagremotehost)
    if (dns_name6(&remotehostsa,remoteip) == 0)
      if (remotehostsa.len) {
	if (flagparanoid) {
	  verifyhost = remoteipstr;
	  if (dns_ip6(&tmp,&remotehostsa) == 0)
	    for (j = 0;j + 16 <= tmp.len;j += 16)
	      if (byte_equal(remoteip,16,tmp.s + j)) {
		flagparanoid = 0;
		break;
	      }
	  }
	if (!flagparanoid) {
	  if (!stralloc_0(&remotehostsa)) drop_nomem();
	  remotehost = remotehostsa.s;
	  verifyhost = remotehostsa.s;
	}
      }
  env("SSLREMOTEIP",remoteipstr);
  env("SSL6REMOTEIP",remoteipstr);
  remoteipstr[ip6_fmt(remoteipstr,remoteip)]=0;
  env("SSLREMOTEPORT",remoteportstr);
  env("SSL6REMOTEPORT",remoteportstr);
  env("SSLREMOTEHOST",remotehost);
  env("SSL6REMOTEHOST",remotehost);
  if (flagtcpenv) {
    env("TCPREMOTEIP",remoteipstr);
    env("TCP6REMOTEIP",remoteipstr);
    env("TCPREMOTEPORT",remoteportstr);
    env("TCP6REMOTEPORT",remoteportstr);
    env("TCPREMOTEHOST",remotehost);
    env("TCP6REMOTEHOST",remotehost);
  }

  if (flagremoteinfo) {
    if (remoteinfo6(&tcpremoteinfo,remoteip,remoteport,localip,localport,timeout,netif) == -1)
      flagremoteinfo = 0;
    if (!stralloc_0(&tcpremoteinfo)) drop_nomem();
  }
  env("SSLREMOTEINFO",flagremoteinfo ? tcpremoteinfo.s : 0);
  env("SSL6REMOTEINFO",flagremoteinfo ? tcpremoteinfo.s : 0);
  if (flagtcpenv) {
    env("TCPREMOTEINFO",flagremoteinfo ? tcpremoteinfo.s : 0);
    env("TCP6REMOTEINFO",flagremoteinfo ? tcpremoteinfo.s : 0);
  }

  if (fnrules) {
    int fdrules;
    fdrules = open_read(fnrules);
    if (fdrules == -1) {
      if (errno != error_noent) drop_rules();
      if (!flagallownorules) drop_rules();
    }
    else {
      int fakev4=0;
      char* temp;
      if (!forcev6 && ip6_isv4mapped(remoteip))
	fakev4=1;
      if (fakev4)
	temp=remoteipstr+7;
      else
	temp=remoteipstr;
      if (rules(found,fdrules,temp,remotehost,flagremoteinfo ? tcpremoteinfo.s : 0) == -1) drop_rules();
      close(fdrules);
    }
  }

  if (verbosity >= 2) {
    strnum[fmt_ulong(strnum,getpid())] = 0;
    if (!stralloc_copys(&tmp,"sslserver: ")) drop_nomem();
    safecats(flagdeny ? "deny" : "ok");
    cats(" "); safecats(strnum);
    cats(" "); if (localhost) safecats(localhost);
    cats(":"); safecats(localipstr);
    cats(":"); safecats(localportstr);
    cats(" "); if (remotehost) safecats(remotehost);
    cats(":"); safecats(remoteipstr);
    cats(":"); if (flagremoteinfo) safecats(tcpremoteinfo.s);
    cats(":"); safecats(remoteportstr);
    cats("\n");
    buffer_putflush(buffer_2,tmp.s,tmp.len);
  }

  if (flagdeny) _exit(100);

  if (gid) if (prot_gid(gid) == -1)
    strerr_die2sys(111,FATAL,"unable to set gid: ");
  if (uid) if (prot_uid(uid) == -1)
    strerr_die2sys(111,FATAL,"unable to set uid: ");

  close(pi[1]); close(po[0]);

  sig_uncatch(sig_child);
  sig_unblock(sig_child);
  sig_uncatch(sig_term);
  sig_uncatch(sig_pipe);

  if (fcntl(sslctl[1],F_SETFD,0) == -1)
    strerr_die2sys(111,FATAL,"unable to clear close-on-exec flag");
  strnum[fmt_ulong(strnum,sslctl[1])]=0;
  setenv("SSLCTLFD",strnum,1);

  if (fcntl(pi[0],F_SETFD,0) == -1)
    strerr_die2sys(111,FATAL,"unable to clear close-on-exec flag");
  strnum[fmt_ulong(strnum,pi[0])]=0;
  setenv("SSLREADFD",strnum,1);

  if (fcntl(po[1],F_SETFD,0) == -1)
    strerr_die2sys(111,FATAL,"unable to clear close-on-exec flag");
  strnum[fmt_ulong(strnum,po[1])]=0;
  setenv("SSLWRITEFD",strnum,1);
  
  if (flagsslwait) {
    if (fd_copy(0,t) == -1)
      strerr_die2sys(111,DROP,"unable to set up descriptor 0: ");
    if (fd_copy(1,t) == -1)
      strerr_die2sys(111,DROP,"unable to set up descriptor 1: ");
  } else {
    if (fd_move(0,pi[0]) == -1)
      strerr_die2sys(111,DROP,"unable to set up descriptor 0: ");
    if (fd_move(1,po[1]) == -1)
      strerr_die2sys(111,DROP,"unable to set up descriptor 1: ");
  }

  if (flagkillopts)
    socket_ipoptionskill(t);
  if (!flagdelay)
    socket_tcpnodelay(t);

  if (*banner) {
    buffer_init(&b,buffer_unixwrite,1,bspace,sizeof bspace);
    if (buffer_putsflush(&b,banner) == -1)
      strerr_die2sys(111,DROP,"unable to print banner: ");
  }

  if (!flagsslwait) {
    strnum[fmt_ulong(strnum,flagsslenv)] = 0;
    strerr_warn2("flagsslenv: ", strnum, 0);
    ucspitls(flagsslenv,0,1);
  }

  pathexec(prog);
  strerr_die4sys(111,DROP,"unable to run ",*prog,": ");
}
Ejemplo n.º 6
0
int error_warn(const char *x) {
  if (!x) return 0;
  strerr_warn2("sslserver: ",x,0);
  return 0;
}
Ejemplo n.º 7
0
int main(int argc,char * const *argv) {
  const char *hostname;
  int opt;
  char *x;
  unsigned long u;
  int s;
  int t;
  int flagv4 = 1, flagv6 = 1, rc;
  struct addrinfo *localai = NULL, hints = {0}, *ai;
 
  while ((opt = getopt(argc,argv,"dDvqQhHrR1UXx:t:T:u:g:l:b:B:c:pPoO3IiEeSsw:nN46")) != opteof)
    switch(opt) {
      case 'b': scan_ulong(optarg,&backlog); break;
      case 'c': scan_ulong(optarg,&limit); break;
      case 'X': flagallownorules = 1; break;
      case 'x': fnrules = optarg; break;
      case 'B': banner = optarg; break;
      case 'd': flagdelay = 1; break;
      case 'D': flagdelay = 0; break;
      case 'v': verbosity = 2; break;
      case 'q': verbosity = 0; break;
      case 'Q': verbosity = 1; break;
      case 'P': flagparanoid = 0; break;
      case 'p': flagparanoid = 1; break;
      case 'O': flagkillopts = 1; break;
      case 'o': flagkillopts = 0; break;
      case 'H': flagremotehost = 0; break;
      case 'h': flagremotehost = 1; break;
      case 'R': flagremoteinfo = 0; break;
      case 'r': flagremoteinfo = 1; break;
      case 't': scan_ulong(optarg,&timeout); break;
      case 'T': scan_ulong(optarg,&ssltimeout); break;
      case 'w': scan_uint(optarg,&progtimeout); break;
      case 'U': x = env_get("UID"); if (x) scan_ulong(x,&uid);
		x = env_get("GID"); if (x) scan_ulong(x,&gid); break;
      case 'u': scan_ulong(optarg,&uid); break;
      case 'g': scan_ulong(optarg,&gid); break;
      case '1': flag1 = 1; break;
      case 'l': localhost = optarg; break;
      case '3': flag3 = 1; break;
      case 'I': flagclientcert = 0; break;
      case 'i': flagclientcert = 1; break;
      case 'S': flagsslenv = 0; break;
      case 's': flagsslenv = 1; break;
      case 'E': flagtcpenv = 0; break;
      case 'e': flagtcpenv = 1; break;
      case 'n': flagsslwait = 1; break;
      case 'N': flagsslwait = 0; break;
      case '4': flagv6 = 0; break;
      case '6': flagv4 = 0; break;
      default: usage();
    }
  if (flagv4 == flagv6) { flagv4 = flagv6 = 1; }
  argc -= optind;
  argv += optind;

  if (!verbosity)
    buffer_2->fd = -1;
 
  hostname = *argv++;
  if (!hostname) usage();
  if (str_equal(hostname,"")) hostname = NULL;
  if (str_equal(hostname,"0")) hostname = NULL;

  x = *argv++;
  if (!x) usage();
  prog = argv;
  if (!*argv) usage();

  hints.ai_family = flagv4 == flagv6 ? AF_UNSPEC : flagv4 ? AF_INET : AF_INET6;
  hints.ai_socktype = SOCK_STREAM;
  hints.ai_flags = AI_PASSIVE;
  if ((rc = getaddrinfo(hostname, x, &hints, &localai))) {
    strerr_die(111,FATAL "unable to figure out address for ", hostname ? hostname : "0",
		" ",x,": ",gai_strerror(rc),0);
  }
  if (!localai) {
    strerr_die2x(111,FATAL,"address not found");
  }

  if (x = env_get("VERIFYDEPTH")) {
    scan_ulong(x,&u);
    verifydepth = u;
  }

  if (x = env_get("CAFILE")) cafile = x;
  if (cafile && str_equal(cafile,"")) cafile = 0;

  if (x = env_get("CCAFILE")) ccafile = x;
  if (ccafile && str_equal(ccafile,"")) ccafile = 0;
  if (!flagclientcert) ccafile = 0;

  if (x = env_get("CADIR")) cadir = x;
  if (cadir && str_equal(cadir,"")) cadir= 0;

  if (x = env_get("CERTCHAINFILE")) certchainfile = x;
  if (certchainfile && str_equal(certchainfile,"")) certchainfile = 0;

  if (x = env_get("CERTFILE")) certfile = x;
  if (certfile && str_equal(certfile,"")) certfile = 0;

  if (x = env_get("KEYFILE")) keyfile = x;
  if (keyfile && str_equal(keyfile,"")) keyfile = 0;

  if (x = env_get("DHFILE")) dhfile = x;
  if (dhfile && str_equal(dhfile,"")) dhfile = 0;

  if (x = env_get("CIPHERS")) ciphers = x;
  if (ciphers && str_equal(ciphers,"")) ciphers = 0;

  sig_block(sig_child);
  sig_catch(sig_child,sigchld);
  sig_catch(sig_term,sigterm);
  sig_ignore(sig_pipe);

  for (ai = localai; ai; ai = ai->ai_next) { 
    s = socket_tcp(ai->ai_family, ai->ai_protocol);
    if (s == -1)
      strerr_die2sys(111,FATAL,"unable to create socket: ");

    if (socket_bind_reuse(s,ai) == -1)
      strerr_die2sys(111,FATAL,"unable to bind: ");

    if (socket_local(s,&localaddr,&localport) == -1)
      strerr_die2sys(111,FATAL,"unable to get local address: ");
    if (socket_listen(s,backlog) == -1)
      strerr_die2sys(111,FATAL,"unable to listen: ");
    break;
  }
  freeaddrinfo(localai); localai = NULL;
  ndelay_off(s);

  localportstr[fmt_ulong(localportstr,localport)] = 0;
  if (flag1) {
    buffer_init(&b,buffer_unixwrite,1,bspace,sizeof bspace);
    buffer_puts(&b,localportstr);
    buffer_puts(&b,"\n");
    buffer_flush(&b);
  }
 
  if (flag3) read_passwd();

  ctx = ssl_server();
  ssl_errstr();
  if (!ctx) strerr_die2x(111,FATAL,"unable to create SSL context");

  if (certchainfile) {
    switch (ssl_chainfile(ctx,certchainfile,keyfile,passwd_cb)) {
      case -1: strerr_die2x(111,FATAL,"unable to load certificate chain file");
      case -2: strerr_die2x(111,FATAL,"unable to load key");
      case -3: strerr_die2x(111,FATAL,"key does not match certificate");
      default: break;
    }
  } 
  else {  
    switch (ssl_certkey(ctx,certfile,keyfile,passwd_cb)) {
      case -1: strerr_die2x(111,FATAL,"unable to load certificate");
      case -2: strerr_die2x(111,FATAL,"unable to load key");
      case -3: strerr_die2x(111,FATAL,"key does not match certificate");
      default: break;
    }
  }

  if (!ssl_ca(ctx,cafile,cadir,verifydepth))
    strerr_die2x(111,FATAL,"unable to load CA list");

  if (!ssl_cca(ctx,ccafile))
    strerr_die2x(111,FATAL,"unable to load client CA list");

  if (!ssl_params(ctx,dhfile,rsalen))
    strerr_die2x(111,FATAL,"unable to set DH/RSA parameters");

  if (!ssl_ciphers(ctx,ciphers))
    strerr_die2x(111,FATAL,"unable to set cipher list");

  if (verbosity >= 2) {
    strnum[fmt_ulong(strnum,getpid())] = 0;
    strnum2[fmt_ulong(strnum2,rsalen)] = 0;
    strerr_warn4("sslserver: cafile ",strnum," ",cafile,0);
    strerr_warn4("sslserver: ccafile ",strnum," ",ccafile,0);
    strerr_warn4("sslserver: cadir ",strnum," ",cadir,0);
    strerr_warn4("sslserver: chainfile ",strnum," ",certchainfile,0);
    strerr_warn4("sslserver: cert ",strnum," ",certfile,0);
    strerr_warn4("sslserver: key ",strnum," ",keyfile,0);
    strerr_warn6("sslserver: param ",strnum," ",dhfile," ",strnum2,0);
  }

  close(0); open_read("/dev/null");
  close(1); open_append("/dev/null");

  printstatus();
 
  for (;;) {
    while (numchildren >= limit) sig_pause();

    sig_unblock(sig_child);
    t = socket_accept(s,&remoteaddr,&remoteport);
    sig_block(sig_child);

    if (t == -1) continue;
    ++numchildren; printstatus();
 
    switch(fork()) {
      case 0:
        close(s);
        doit(t);
	strerr_die4sys(111,DROP,"unable to run ",*argv,": ");
      case -1:
        strerr_warn2(DROP,"unable to fork: ",&strerr_sys);
        --numchildren; printstatus();
    }
    close(t);
  }
}
Ejemplo n.º 8
0
int main(int argc, const char * const *argv) {
  int opt;
  unsigned long sec =600;
  int verbose =0;
  int doexit =0;
  int dokill =0;
  int wdir;
  int fd;
  char status[20];
  int r;
  unsigned long pid;
  struct tai start;
  struct tai now;
  
  progname =*argv;
  
  while ((opt =getopt(argc, argv, "t:xkvV")) != opteof) {
    switch(opt) {
    case 't':
      scan_ulong(optarg, &sec);
      if ((sec < 1) || (sec > 6000)) usage();
      break;
    case 'x':
      doexit =1;
      break;
    case 'k':
      dokill =1;
      break;
    case 'v':
      verbose =1;
      break;
    case 'V':
      strerr_warn1(VERSION, 0);
    case '?':
      usage();
    }
  }
  argv +=optind;
  if (! argv || ! *argv) usage();

  if ((wdir =open_read(".")) == -1)
    fatal("unable to open current working directory");

  for (dir =argv; *dir; ++dir) {
    if (dir != argv)
      if (fchdir(wdir) == -1) fatal("unable to switch to starting directory");
    if (chdir(*dir) == -1) continue; /* bummer */
    if ((fd =open_write("supervise/control")) == -1) continue; /* bummer */
    if (write(fd, "dx", 1 +doexit) != (1 +doexit)) {
      close(fd); continue; /* bummer */
    }
    close(fd);
  }
  dir =argv;

  tai_now(&start);
  while (*dir) {
    if (fchdir(wdir) == -1) fatal("unable to switch to starting directory");
    if (chdir(*dir) == -1) {
      warn(*dir, ": unable to change directory: ", &strerr_sys);
      continue;
    }
    if ((fd =open_write("supervise/ok")) == -1) {
      if (errno == error_nodevice) {
        if (verbose) strerr_warn3(INFO, *dir, ": runsv not running.", 0);
        dir++;
      }
      else
        warn(*dir, ": unable to open supervise/ok: ", &strerr_sys);
      continue;
    }
    close(fd);

    if ((fd =open_read("supervise/status")) == -1) {
      warn(*dir, "unable to open supervise/status: ", &strerr_sys);
      continue;
    }
    r =buffer_unixread(fd, status, 20);
    close(fd);
    if ((r < 18) || (r == 19)) { /* supervise compatibility */
      if (r == -1)
        warn(*dir, "unable to read supervise/status: ", &strerr_sys);
      else
        warn(*dir, ": unable to read supervise/status: bad format.", 0);
      continue;
    }
    pid =(unsigned char)status[15];
    pid <<=8; pid +=(unsigned char)status[14];
    pid <<=8; pid +=(unsigned char)status[13];
    pid <<=8; pid +=(unsigned char)status[12];

    if (! doexit && ! pid) {
      /* ok, service is down */
      if (verbose) strerr_warn3(INFO, *dir, ": down.", 0);
      dir++;
      continue;
    }

    if (status[17] != 'd') { /* catch previous failures */
      if ((fd =open_write("supervise/control")) == -1) {
        warn(*dir, ": unable to open supervise/control: ", &strerr_sys);
        continue;
      }
      if (write(fd, "dx", 1 +doexit) != (1 +doexit)) {
        warn(*dir, ": unable to write to supervise/control: ", &strerr_sys);
        close(fd);
        continue;
      }
      close(fd);
    }
  
    tai_now(&now);
    tai_sub(&now, &now, &start);
    if (tai_approx(&now) >= sec) {
      /* timeout */
      if (verbose) strerr_warn2(INFO, "timeout.", 0);
      if (dokill) {
        if (chdir(*dir) == -1) {
          warn(*dir, ": unable to change directory: ", &strerr_sys);
          continue;
        }
        if ((fd =open_write("supervise/control")) == -1) {
          if (errno == error_nodevice) {
            if (verbose)
              strerr_warn3(INFO, *dir, ": runsv not running.", 0);
            dir++;
          }
          else
            warn(*argv, ": unable to open supervise/control: ", &strerr_sys);
          continue;
        }
        if (write(fd, "k", 1) != 1)
          warn(*argv, ": unable to write to supervise/control: ", &strerr_sys);
        else
          strerr_warn3(INFO, *dir, ": killed.", 0);
        close(fd);
        dir++;
        if (! *dir) _exit(111);
        continue;
      }
      _exit(111);
    }
    sleep(1);
  }
  if (fchdir(wdir) == -1) 
    strerr_warn2(WARN, "unable to switch to starting directory: ", &strerr_sys);
  close(wdir);
  if (rc > 100) rc =100;
  _exit(rc);
}
Ejemplo n.º 9
0
int main(int argc, const char * const *argv)
{
    int opt;
    int verbose =0;
    char status[18];
    int fd;
    int is;
    int r;
    int wdir;
    unsigned long pid;
    struct tai when;
    struct tai now;
    char sulong[FMT_ULONG];

    progname =*argv;

    while ((opt =getopt(argc, argv, "s:vV")) != opteof)
    {
        switch(opt)
        {
        case 's':
            scan_ulong(optarg, &sec);
            if ((sec < 1) || (sec > 600)) usage();
            break;
        case 'v':
            verbose =1;
            break;
        case 'V':
            strerr_warn1("$Id: e2d6c574c5e56f9931323fbc0e539c7f9b829b73 $", 0);
        case '?':
            usage();
        }
    }
    argv +=optind;
    if (! argv || ! *argv) usage();

    if ((wdir =open_read(".")) == -1)
        fatal("unable to open current working directory");

    dir =argv;
    while (*dir)
    {
        if (dir != argv)
            if (fchdir(wdir) == -1) fatal("unable to switch to starting directory");
        if (chdir(*dir) == -1)
        {
            warn(*dir, ": unable to change directory: ", &strerr_sys);
            continue;
        }
        if ((fd =open_write("supervise/ok")) == -1)
        {
            if (errno == error_nodevice)
                warn(*dir, ": runsv not running.", 0);
            else
                warn(*dir, ": unable to open supervise/ok: ", &strerr_sys);
            continue;
        }
        close(fd);

        if ((fd =open_read("supervise/status")) == -1)
        {
            warn(*dir, "unable to open supervise/status: ", &strerr_sys);
            continue;
        }
        r =buffer_unixread(fd, status, sizeof status);
        close(fd);
        if (r < sizeof status)
        {
            if (r == -1)
                warn(*dir, "unable to read supervise/status: ", &strerr_sys);
            else
                warn(*dir, ": unable to read supervise/status: bad format.", 0);
            continue;
        }

        pid =(unsigned char)status[15];
        pid <<=8;
        pid +=(unsigned char)status[14];
        pid <<=8;
        pid +=(unsigned char)status[13];
        pid <<=8;
        pid +=(unsigned char)status[12];
        if (! pid)
        {
            warn(*dir, ": is down.", 0);
            continue;
        }

        tai_unpack(status, &when);
        tai_now(&now);
        if (tai_less(&now, &when)) when =now;
        tai_sub(&when, &now, &when);
        is =tai_approx(&when);

        if (is >= sec)
        {
            /* ok */
            if (verbose)
            {
                sulong[fmt_ulong(sulong, is)] =0;
                strerr_warn5(INFO, *dir, ": is up (", sulong, " seconds)", 0);
            }
            dir++;
            continue;
        }
        sleep(sec -is);
    }
    if (fchdir(wdir) == -1)
        strerr_warn2(WARN, "unable to switch to starting directory: ", &strerr_sys);
    close(wdir);
    if (rc > 100) rc =100;
    _exit(rc);
}
Ejemplo n.º 10
0
void doit(int flagw)
{
  unsigned int i;
  int fd;
  int match;
  int fdhash;
  const char *err;

  fd = open_read(fn.s);
  if (fd == -1) die_read();
  substdio_fdbuf(&ssin,read,fd,inbuf,sizeof(inbuf));

  if (getln(&ssin,&addr,&match,'\0') == -1) die_read();
  if (!match) { close(fd); return; }
  if (!issub(workdir,0,addr.s)) { close(fd); /*XXX*/unlink(fn.s); return; }
  cookie(hash,"",0,"",addr.s,"");
  if (!stralloc_copys(&fnhash,workdir)) die_nomem();
  if (!stralloc_cats(&fnhash,"/bounce/h/")) die_nomem();
  if (!stralloc_catb(&fnhash,hash,1)) die_nomem();
  if (!stralloc_cats(&fnhash,"/h")) die_nomem();
  if (!stralloc_catb(&fnhash,hash+1,COOKIE-1)) die_nomem();
  if (!stralloc_0(&fnhash)) die_nomem();

  if (qmail_open(&qq, (stralloc *) 0) == -1)
    strerr_die2sys(111,FATAL,ERR_QMAIL_QUEUE);

  hdr_add2("Mailing-List: ",mailinglist.s,mailinglist.len);
  if (listid.len > 0)
    hdr_add2("\nList-ID: ",listid.s,listid.len);
  hdr_datemsgid(now());
  if (flagcd) {
    if (!stralloc_0(&line)) die_nomem();
  }
  hdr_from("-help");
  if (!quote2(&quoted,addr.s)) die_nomem();
  hdr_add2("To: ",quoted.s,quoted.len);
  /* to accomodate transfer-encoding */
  hdr_mime(flagcd ? CTYPE_MULTIPART : CTYPE_TEXT);
  hdr_listsubject1(flagw ? "probe from " : "warning from ");

  if (flagcd) {			/* first part for QP/base64 multipart msg */
    hdr_boundary(0);
    hdr_ctype(CTYPE_TEXT);
    hdr_transferenc();
  } else
    qmail_puts(&qq,"\n");

  copy(&qq,"text/top",flagcd);
  copy(&qq,flagw ? "text/bounce-probe" : "text/bounce-warn",flagcd);

  if (!flagw) {
    if (flagdig)
      copy(&qq,"text/dig-bounce-num",flagcd);
    else
      copy(&qq,"text/bounce-num",flagcd);
    if (!flagcd) {
      fdhash = open_read(fnhash.s);
      if (fdhash == -1) {
        if (errno != error_noent)
          strerr_die4sys(111,FATAL,ERR_OPEN,fnhash.s,": ");
      } else {
        substdio_fdbuf(&sstext,read,fdhash,textbuf,sizeof(textbuf));
        for(;;) {
          if (getln(&sstext,&line,&match,'\n') == -1)
            strerr_die4sys(111,FATAL,ERR_READ,fnhash.s,": ");
          if (!match) break;
          code_qput(line.s,line.len);
        }
      }
      close(fdhash);
    } else {
      if (!stralloc_copys(&line,"")) die_nomem();	/* slurp adds! */
      if (slurp(fnhash.s,&line,256) < 0)
        strerr_die4sys(111,FATAL,ERR_OPEN,fnhash.s,": ");
      code_qput(line.s,line.len);
    }
  }

  copy(&qq,"text/bounce-bottom",flagcd);
  if (flagcd) {
    if (flagcd == 'B') {
      encodeB("",0,&line,2);
      qmail_put(&qq,line.s,line.len);	/* flush */
    }
    hdr_boundary(0);
    hdr_ctype(CTYPE_MESSAGE);
    qmail_puts(&qq,"\n");
  }
  if (qmail_copy(&qq,&ssin,copylines) < 0) die_read();
  close(fd);

  if (flagcd)				/* end multipart/mixed */
    hdr_boundary(1);

  strnum[fmt_ulong(strnum,when)] = 0;
  cookie(hash,key.s,key.len,strnum,addr.s,flagw ? "P" : "W");
  if (!stralloc_copy(&line,&outlocal)) die_nomem();
  if (!stralloc_cats(&line,flagw ? "-return-probe-" : "-return-warn-"))
	die_nomem();
  if (!stralloc_cats(&line,strnum)) die_nomem();
  if (!stralloc_cats(&line,".")) die_nomem();
  if (!stralloc_catb(&line,hash,COOKIE)) die_nomem();
  if (!stralloc_cats(&line,"-")) die_nomem();
  i = str_chr(addr.s,'@');
  if (!stralloc_catb(&line,addr.s,i)) die_nomem();
  if (addr.s[i]) {
    if (!stralloc_cats(&line,"=")) die_nomem();
    if (!stralloc_cats(&line,addr.s + i + 1)) die_nomem();
  }
  if (!stralloc_cats(&line,"@")) die_nomem();
  if (!stralloc_cat(&line,&outhost)) die_nomem();
  if (!stralloc_0(&line)) die_nomem();
  qmail_from(&qq,line.s);

  qmail_to(&qq,addr.s);
  if (*(err = qmail_close(&qq)) != '\0')
    strerr_die3x(111,FATAL,ERR_TMP_QMAIL_QUEUE, err + 1);

  strnum[fmt_ulong(strnum,qmail_qp(&qq))] = 0;
  strerr_warn2("ezmlm-warn: info: qp ",strnum,0);

  if (!flagw) {
    if (unlink(fnhash.s) == -1)
      if (errno != error_noent)
        strerr_die4sys(111,FATAL,ERR_DELETE,fnhash.s,": ");
  }
  if (unlink(fn.s) == -1)
    strerr_die4sys(111,FATAL,ERR_DELETE,fn.s,": ");
}
Ejemplo n.º 11
0
void sendnotice(const char *d)
/* sends file pointed to by d to the address in the return-path of the  */
/* message. */
{
  unsigned int x,y;
  const char *err;

      if (qmail_open(&qq, (stralloc *) 0) == -1)
        strerr_die2sys(111,FATAL,MSG(ERR_QMAIL_QUEUE));

      fd = open_read(d);
      if (fd == -1)
        strerr_die2sys(111,FATAL,MSG1(ERR_OPEN,d));
      substdio_fdbuf(&sstext,read,fd,textbuf,sizeof(textbuf));
      if (getln(&sstext,&line,&match,'\n') == -1) die_read();
      if (!match) die_read();
      if (!case_startb(line.s,line.len,"return-path:")) die_read();
      x = 12 + byte_chr(line.s + 12,line.len-12,'<');
      y = byte_rchr(line.s + x,line.len-x,'>');
      if (x != line.len && x+y != line.len) {
        if (!stralloc_copyb(&to,line.s+x+1, y-1)) die_nomem();
        if (!stralloc_0(&to)) die_nomem();
      } else
        die_read();
      hdr_add2s("Mailing-List: ",MSG(TXT_MAILING_LIST));
      if (listid.len > 0)
	hdr_add2("List-ID: ",listid.s,listid.len);
      hdr_datemsgid(when+msgnum++);
      hdr_from("-help");
      hdr_subject(MSG(SUB_RETURNED_POST));
      hdr_add2s("To: ",to.s);
      if (flagmime) {
	hdr_mime(CTYPE_MULTIPART);
	hdr_boundary(0);
	hdr_ctype(CTYPE_TEXT);
        hdr_transferenc();
      } else
      qmail_puts(&qq,"\n\n");

      copy(&qq,"text/top",flagcd);
      copy(&qq,"text/mod-timeout",flagcd);
      if (flagcd == 'B') {
        encodeB("",0,&line,2);
        qmail_put(&qq,line.s,line.len);
      }

      if (flagmime) {
	hdr_boundary(0);
	hdr_ctype(CTYPE_MESSAGE);
        qmail_puts(&qq,"\n");
      }

      if (seek_begin(fd) == -1)
        strerr_die2sys(111,FATAL,MSG1(ERR_SEEK,d));

      substdio_fdbuf(&sstext,read,fd,textbuf,sizeof(textbuf));
      if (qmail_copy(&qq,&sstext,-1) != 0) die_read();
      close (fd);

      if (flagmime)
	hdr_boundary(1);

      if (!stralloc_copy(&line,&outlocal)) die_nomem();
      if (!stralloc_cats(&line,"-return-@")) die_nomem();
      if (!stralloc_cat(&line,&outhost)) die_nomem();
      if (!stralloc_0(&line)) die_nomem();
      qmail_from(&qq,line.s);		/* sender */
        qmail_to(&qq,to.s);

     if (*(err = qmail_close(&qq)) != '\0')
       strerr_die4x(111,FATAL,MSG(ERR_TMP_QMAIL_QUEUE),": ", err + 1);

     strnum[fmt_ulong(strnum,qmail_qp(&qq))] = 0;
     strerr_warn2("ezmlm-clean: info: qp ",strnum,0);
}
Ejemplo n.º 12
0
void warn(const char *m) { strerr_warn2(WARNING, m, 0); }
Ejemplo n.º 13
0
int main(int argc, char **argv)
{
	enum { unset, uid, mail, filter } mode = unset;
	qldap	*q, *qpw;
	struct passwd *pw;
	char	*passwd = 0, *value = 0;
	char	*bindpw = 0, *binddn = 0;
	char	*f, *s;
	int	opt, r, done, status, id;
	unsigned int j, slen;
	unsigned long size, count, maxsize;
	
	const char *attrs[] = { LDAP_MAIL,
				LDAP_MAILALTERNATE,
				LDAP_UID,
				LDAP_QMAILUID,
				LDAP_QMAILGID,
				LDAP_ISACTIVE,
				LDAP_MAILHOST,
				LDAP_MAILSTORE,
				LDAP_HOMEDIR,
				LDAP_QUOTA_SIZE,
				LDAP_QUOTA_COUNT,
				LDAP_FORWARDS,
				LDAP_PROGRAM,
				LDAP_MODE,
				LDAP_REPLYTEXT,
				LDAP_DOTMODE,
				LDAP_MAXMSIZE,
				LDAP_OBJECTCLASS,
#if 0
				LDAP_GROUPCONFIRM,
				LDAP_GROUPMEMONLY,
				LDAP_GROUPCONFRIMTEXT,
				LDAP_GROUPMODERATTEXT,
				LDAP_GROUPMODERATDN,
				LDAP_GROUPMODERAT822,
				LDAP_GROUPMEMBERDN,
				LDAP_GROUPMEMBER822,
				LDAP_GROUPMEMBERFILTER,
#endif
				LDAP_PASSWD,
				0};

	while ((opt = getopt(argc, argv, "d:D:u:m:p:f:w:")) != opteof)
		switch (opt) {
		case 'd':
			if (env_put2("LOGLEVEL", optarg) == 0)
				strerr_die2sys(1, FATAL, "setting loglevel: ");
			break;
		case 'D':
			binddn = optarg;
			break;
		case 'u':
			if (value != 0)
				usage();
			value = optarg;
			mode = uid;
			break;
		case 'm':
			if (value != 0)
				usage();
			value = optarg;
			mode = mail;
			break;
		case 'f':
			if (value != 0)
				usage();
			value = optarg;
			mode = filter;
			break;
		case 'p':
			if (geteuid() != 0)
				strerr_die2x(1, FATAL,
				    "only the superuser may comapre passwords");
			passwd = optarg;
			break;
		case 'w':
			bindpw = optarg;
			break;
		default:
			usage();
		}
	if (argc != optind) usage();
	if (bindpw && !binddn) usage();
	
	log_init(STDERR, -1, 0);

	if (read_controls(ctrls) != 0)
		strerr_die2sys(111, FATAL, "unable to read controls: ");
	
	q = qldap_new();
	if (q == 0)
		strerr_die2sys(111, FATAL, "qldap_new failed: ");
	qpw = qldap_new();
	if (qpw == 0)
		strerr_die2sys(111, FATAL, "qldap_new failed: ");
	
	r = qldap_open(q);
	if (r != OK) fail(q, "qldap_open", r);
	r = qldap_open(qpw);
	if (r != OK) fail(qpw, "qldap_open", r);
	r = qldap_bind(q, binddn, bindpw);
	if (r != OK) fail(q, "qldap_bind", r);

	if (passwd == 0 || mode != uid || qldap_need_rebind() != 0)
		attrs[sizeof(attrs)/4 - 2] = 0; /* password */
	done = 0;
	f = 0;
	do {
		switch (mode) {
		case mail:
			f = filter_mail(value, &done);
			if (value == 0)
				strerr_die2sys(1, FATAL, "building filter: ");
			break;
		case uid:
			f = filter_uid(value);
			done = 1;
			if (value == 0)
				strerr_die2sys(1, FATAL, "building filter: ");
			break;
		case filter:
			f = value;
			break;
		default:
			usage();
		}
		output(subfdout, "Searching ldap for: %s\nunder dn: %s\n",
		    f, qldap_basedn());
		r = qldap_filter(q, f, attrs, qldap_basedn(), SCOPE_SUBTREE);
		if (r != OK) fail(q, "qldap_filter", r);

		r = qldap_count(q);
		switch (r) {
		case -1:
			fail(q, "qldap_count", FAILED);
		case 0:
			output(subfdout, "No entries found.\n");
			qldap_free(q);
			/* TODO hook for local lookups. */
			return 0;
		case 1:
			output(subfdout, "Found %i entry:\n", r);
			break;
		default:
			output(subfdout, "Found %i entries:\n", r);
			if (mode == uid || mode == uid) {
				output(subfdout,
				    "Uh-oh: multiple entries found but "
				    "should be unique!\n");
				passwd = 0;
			}
			break;
		}
		output(subfdout, "\n");
	} while (r == 0 && !done);

	r = qldap_first(q);
	if (r != OK) fail(q, "qldap_first", r);;
	do {
		r = qldap_get_dn(q, &dn);
		if (r != OK) fail(q, "qldap_get_dn", r);
		output(subfdout, "dn: %s\n"
		    "-------------------------------------------------------\n",
		    dn.s);
		
		r = qldap_get_attr(q, LDAP_OBJECTCLASS, &foo, MULTI_VALUE);
		if (r != OK) fail(q, "qldap_get_attr(" LDAP_OBJECTCLASS ")", r);
		unescape(foo.s, &bar);
		s = bar.s;
		slen = bar.len-1;
		for(;;) {
			output(subfdout, "%s: %s\n",LDAP_OBJECTCLASS ,s);
			j = byte_chr(s,slen,0);
			if (j++ >= slen) break;
			s += j; slen -= j;
		}
		
		r = qldap_get_attr(q, LDAP_MAIL, &foo, SINGLE_VALUE);
		if (r != OK) fail(q, "qldap_get_attr(" LDAP_MAIL ")", r);
		output(subfdout, "%s: %s\n", LDAP_MAIL, foo.s);

		r = qldap_get_attr(q, LDAP_MAILALTERNATE, &foo, MULTI_VALUE);
		if (r != OK && r != NOSUCH)
			fail(q, "qldap_get_attr(" LDAP_MAILALTERNATE ")", r);
		if (r == OK) {
			unescape(foo.s, &bar);
			s = bar.s;
			slen = bar.len-1;
			for(;;) {
				output(subfdout, "%s: %s\n",
				    LDAP_MAILALTERNATE, s);
				j = byte_chr(s,slen,0);
				if (j++ >= slen) break;
				s += j; slen -= j;
			}
		}
		
		r = qldap_get_user(q, &foo);
		if (r != OK && r != NOSUCH) fail(q, "qldap_get_user", r);
		if (r == OK)
			output(subfdout, "%s: %s\n", LDAP_UID, foo.s);
		else
			output(subfdout, "%s: undefined "
			    "(forward only account required)\n", LDAP_UID);

		r = qldap_get_status(q, &status);
		if (r != OK) fail(q, "qldap_get_status", r);
		switch (status) {
		case STATUS_BOUNCE:
			output(subfdout, "%s: %s\n",
			    LDAP_ISACTIVE, ISACTIVE_BOUNCE);
			break;
		case STATUS_NOACCESS:
			output(subfdout, "%s: %s\n",
			    LDAP_ISACTIVE, ISACTIVE_NOACCESS);
			break;
		case STATUS_OK:
			output(subfdout, "%s: %s\n",
			    LDAP_ISACTIVE, ISACTIVE_ACTIVE);
			break;
		case STATUS_UNDEF:
			output(subfdout, "%s: %s\n", LDAP_ISACTIVE,
			    "undefined -> active");
			break;
		default:
			strerr_warn2(WARN,
			    "qldap_get_status returned unknown status", 0);
		}
		
		r = qldap_get_attr(q, LDAP_MAILHOST, &foo, SINGLE_VALUE);
		if (r != OK && r != NOSUCH)
			fail(q, "qldap_get_attr(" LDAP_MAILHOST ")", r);
		if (r == OK) {
			output(subfdout, "%s: %s\n", LDAP_MAILHOST, foo.s);
			/*
			 * TODO we could check if we are in cluster mode and 
			 * if we would redirect to a differnet host
			 */
		} else
			output(subfdout, "%s: undefined\n", LDAP_MAILHOST);

		/* get the path of the maildir or mbox */
		r = qldap_get_mailstore(q, &foo, &bar);
		switch (r) {
		case OK:
			output(subfdout, "homeDirectory: %s\n", foo.s);
			if (bar.len > 0)
				output(subfdout, "aliasEmpty: %s\n", bar.s);
			else
				output(subfdout, "aliasEmpty: using default\n");
			break;
		case NEEDED:
			output(subfdout,
			    "forward only delivery via alias user\n");
			pw = getpwnam(auto_usera);
			if (!pw)
				strerr_die4x(100, FATAL,
				    "Aiiieeeee, now alias user '",
				    auto_usera, "'found in /etc/passwd.");
			output(subfdout, "alias user: %s\n", pw->pw_name);
			output(subfdout, "alias user uid: %i\n", pw->pw_uid);
			output(subfdout, "alias user gid: %i\n", pw->pw_gid);
			output(subfdout, "alias user home: %s\n", pw->pw_dir);
			output(subfdout, "alias user aliasempty: %s\n",
			    ALIASDEVNULL);
			/* get the forwarding addresses */
			r = qldap_get_attr(q, LDAP_FORWARDS, &foo, MULTI_VALUE);
			if (r != OK)
				fail(q, "qldap_get_attr("
				    LDAP_FORWARDS ") for forward only user", r);
			unescape(foo.s, &bar);
			s = bar.s;
			slen = bar.len-1;
			for(;;) {
				output(subfdout, "%s: %s\n", LDAP_FORWARDS, s);
				j = byte_chr(s,slen,0);
				if (j++ >= slen) break;
				s += j; slen -= j;
			}
			goto next;
		default:
			fail(q, "qldap_get_mailstore", r);
		}
		
		r = qldap_get_dotmode(q, &foo);
		if (r != OK) fail(q, "qldap_get_dotmode", r);
		output(subfdout, "%s: %s\n", LDAP_DOTMODE, foo.s);

		r = qldap_get_uid(q, &id);
		if (r != OK) fail(q, "qldap_get_uid", r);
		output(subfdout, "%s: %i\n", LDAP_QMAILUID, id);
		
		r = qldap_get_gid(q, &id);
		if (r != OK) fail(q, "qldap_get_gid", r);
		output(subfdout, "%s: %i\n", LDAP_QMAILGID, id);
		
		r = qldap_get_quota(q, &size, &count, &maxsize);
		if (r != OK) fail(q, "qldap_get_quota", r);
		output(subfdout, "%s: %u%s\n", LDAP_QUOTA_SIZE, size,
		    size==0?" (unlimited)":"");
		output(subfdout, "%s: %u%s\n", LDAP_QUOTA_COUNT, count,
		    count==0?" (unlimited)":"");
		output(subfdout, "%s: %u%s\n", LDAP_MAXMSIZE, maxsize,
		    maxsize==0?" (unlimited)":"");

		r = qldap_get_attr(q, LDAP_MODE, &foo, MULTI_VALUE);
		if (r != OK && r != NOSUCH)
			fail(q, "qldap_get_attr(" LDAP_MODE ")", r);
		if (r == OK) {
			unescape(foo.s, &bar);
			s = bar.s;
			slen = bar.len-1;
			for(;;) {
				if (case_diffs(MODE_FORWARD, s) &&
				    case_diffs(MODE_REPLY, s) &&
				    case_diffs(MODE_NOLOCAL, s) &&
				    case_diffs(MODE_NOMBOX, s) &&
				    case_diffs(MODE_NOFORWARD, s) &&
				    case_diffs(MODE_NOPROG, s) &&
				    case_diffs(MODE_LOCAL, s) &&
				    case_diffs(MODE_FORWARD, s) &&
				    case_diffs(MODE_PROG, s) &&
				    case_diffs(MODE_NOREPLY, s))
					strerr_warn4(WARN,
					    "undefined mail delivery mode: ",
					    s," (ignored).", 0);
				else if (!case_diffs(MODE_FORWARD, s))
					strerr_warn4(WARN,
					    "mail delivery mode: ",
					    s," should not be used "
					    "(used internally).", 0);
				output(subfdout, "%s: %s\n", LDAP_MODE, s);
				j = byte_chr(s,slen,0);
				if (j++ >= slen) break;
				s += j; slen -= j;
			}
		}

		r = qldap_get_attr(q, LDAP_FORWARDS, &foo, MULTI_VALUE);
		if (r != OK && r != NOSUCH)
			fail(q, "qldap_get_attr(" LDAP_FORWARDS ")", r);
		if (r == OK) {
			unescape(foo.s, &bar);
			s = bar.s;
			slen = bar.len-1;
			for(;;) {
				output(subfdout, "%s: %s\n", LDAP_FORWARDS, s);
				j = byte_chr(s,slen,0);
				if (j++ >= slen) break;
				s += j; slen -= j;
			}
		}

		r = qldap_get_attr(q, LDAP_PROGRAM, &foo, MULTI_VALUE);
		if (r != OK && r != NOSUCH)
			fail(q, "qldap_get_attr(" LDAP_PROGRAM ")", r);
		if (r == OK) {
			unescape(foo.s, &bar);
			s = bar.s;
			slen = bar.len-1;
			for(;;) {
				output(subfdout, "%s: %s\n", LDAP_PROGRAM, s);
				j = byte_chr(s,slen,0);
				if (j++ >= slen) break;
				s += j; slen -= j;
			}
		}

		r = qldap_get_attr(q, LDAP_REPLYTEXT, &foo, SINGLE_VALUE);
		if (r != OK && r != NOSUCH)
			fail(q, "qldap_get_attr(" LDAP_REPLYTEXT ")", r);
		if (r == OK)
			output(subfdout, "%s:\n=== begin ===\n%s\n"
			    "=== end ===\n", LDAP_REPLYTEXT, foo.s);
		else
			output(subfdout, "%s: undefined\n", LDAP_REPLYTEXT);

		if (mode == uid && passwd != 0) {
			if (qldap_need_rebind() == 0) {
				r = qldap_get_attr(q, LDAP_PASSWD,
				    &foo, SINGLE_VALUE);
				if (r != OK) fail(q, "qldap_get_attr("
				    LDAP_PASSWD ")", r);
				r = cmp_passwd(passwd, foo.s);
			} else {
				r = qldap_rebind(qpw, dn.s, passwd);
				switch (r) {
				case OK:
					r = OK;
					break;
				case LDAP_BIND_AUTH:
					r = BADPASS;
					break;
				default:
					break;
				}
			}
			output(subfdout, "\nPASSWORD COMPARE was %s.\n",
			    r == OK?"successful":"NOT successful");
			if (r != OK)
				output(subfdout, "\terror was: %s\n",
				    qldap_err_str(r));
		}

next:
		r = qldap_next(q);
		output(subfdout, "\n\n");
	} while (r == OK);
	if (r != NOSUCH) fail(q, "qldap_next", r);
	qldap_free(q);
	return 0;
}