/* return 0 as parent, 1 as child */
static int godaemon(void)
{
uid_t nobody, nogrp;
struct passwd *pw;
switch (fork()) {
case -1:
bb_perror_msg_and_die("Could not fork");
case 0:
pw = getpwnam(nobodystr);
if (pw == NULL)
bb_error_msg_and_die("Cannot find uid/gid of user '%s'", nobodystr);
nobody = pw->pw_uid;
nogrp = pw->pw_gid;
writepid(nobody, nogrp);
close(0);
inetbind();
xsetgid(nogrp);
xsetuid(nobody);
close(1);
close(2);
signal(SIGHUP, SIG_IGN);
signal(SIGPIPE, SIG_IGN); /* connection closed when writing (raises ???) */
setsid();
openlog(bb_applet_name, 0, LOG_DAEMON);
return 1;
}
return 0;
}
/* Become the user and group(s) specified by PW. */
const char *change_identity_e2str(const struct passwd *pw)
{
if (initgroups(pw->pw_name, pw->pw_gid) == -1)
return "cannot set groups";
endgrent(); /* ?? */
xsetgid(pw->pw_gid);
xsetuid(pw->pw_uid);
return NULL;
}
/* Become the user and group(s) specified by PW. */
void FAST_FUNC change_identity(const struct passwd *pw)
{
#ifdef MY_ABC_HERE
if (initgroups(pw->pw_name, pw->pw_gid) == -1)
bb_perror_msg_and_die("can't set groups");
endgrent(); /* helps to close a fd used internally by libc */
#endif
xsetgid(pw->pw_gid);
xsetuid(pw->pw_uid);
}
static void suidgid(char *user)
{
struct bb_uidgid_t ugid;
if (!get_uidgid(&ugid, user, 1)) {
bb_error_msg_and_die("unknown user/group: %s", user);
}
if (setgroups(1, &ugid.gid) == -1)
bb_perror_msg_and_die("setgroups");
xsetgid(ugid.gid);
xsetuid(ugid.uid);
}
int create_icmp_socket(void)
{
struct protoent *proto;
int sock;
proto = getprotobyname("icmp");
/* if getprotobyname failed, just silently force
* proto->p_proto to have the correct value for "icmp" */
if ((sock = socket(AF_INET, SOCK_RAW,
(proto ? proto->p_proto : 1))) < 0) { /* 1 == ICMP */
if (errno == EPERM)
bb_error_msg_and_die(bb_msg_perm_denied_are_you_root);
else
bb_perror_msg_and_die(bb_msg_can_not_create_raw_socket);
}
/* drop root privs if running setuid */
xsetuid(getuid());
return sock;
}
int ether_wake_main(int argc, char *argv[])
{
const char *ifname = "eth0";
char *pass = NULL;
unsigned long flags;
unsigned char wol_passwd[6];
int wol_passwd_sz = 0;
int s; /* Raw socket */
int pktsize;
unsigned char outpack[1000];
struct ether_addr eaddr;
struct whereto_t whereto; /* who to wake up */
/* handle misc user options */
flags = getopt32(argc, argv, "bi:p:", &ifname, &pass);
if (optind == argc)
bb_show_usage();
if (pass)
wol_passwd_sz = get_wol_pw(pass, wol_passwd);
/* create the raw socket */
s = make_socket();
/* now that we have a raw socket we can drop root */
xsetuid(getuid());
/* look up the dest mac address */
get_dest_addr(argv[optind], &eaddr);
/* fill out the header of the packet */
pktsize = get_fill(outpack, &eaddr, flags /*& 1 [OPT_BROADCAST]*/);
bb_debug_dump_packet(outpack, pktsize);
/* Fill in the source address, if possible. */
#ifdef __linux__
{
struct ifreq if_hwaddr;
strncpy(if_hwaddr.ifr_name, ifname, sizeof(if_hwaddr.ifr_name));
if (ioctl(s, SIOCGIFHWADDR, &if_hwaddr) < 0)
bb_perror_msg_and_die("SIOCGIFHWADDR on %s failed", ifname);
memcpy(outpack+6, if_hwaddr.ifr_hwaddr.sa_data, 6);
# ifdef DEBUG
{
unsigned char *hwaddr = if_hwaddr.ifr_hwaddr.sa_data;
printf("The hardware address (SIOCGIFHWADDR) of %s is type %d "
"%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x\n\n", ifname,
if_hwaddr.ifr_hwaddr.sa_family, hwaddr[0], hwaddr[1],
hwaddr[2], hwaddr[3], hwaddr[4], hwaddr[5]);
}
# endif
}
#endif /* __linux__ */
bb_debug_dump_packet(outpack, pktsize);
/* append the password if specified */
if (wol_passwd_sz > 0) {
memcpy(outpack+pktsize, wol_passwd, wol_passwd_sz);
pktsize += wol_passwd_sz;
}
bb_debug_dump_packet(outpack, pktsize);
/* This is necessary for broadcasts to work */
if (flags /*& 1 [OPT_BROADCAST]*/) {
if (setsockopt_broadcast(s) < 0)
bb_perror_msg("SO_BROADCAST");
}
#if defined(PF_PACKET)
{
struct ifreq ifr;
strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
if (ioctl(s, SIOCGIFINDEX, &ifr) == -1)
bb_perror_msg_and_die("SIOCGIFINDEX");
memset(&whereto, 0, sizeof(whereto));
whereto.sll_family = AF_PACKET;
whereto.sll_ifindex = ifr.ifr_ifindex;
/* The manual page incorrectly claims the address must be filled.
We do so because the code may change to match the docs. */
whereto.sll_halen = ETH_ALEN;
memcpy(whereto.sll_addr, outpack, ETH_ALEN);
}
#else
whereto.sa_family = 0;
strcpy(whereto.sa_data, ifname);
#endif
if (sendto(s, outpack, pktsize, 0, (struct sockaddr *)&whereto, sizeof(whereto)) < 0)
bb_perror_msg(bb_msg_write_error);
close(s);
return EXIT_SUCCESS;
}
int arping_main(int argc, char **argv)
{
const char *device = "eth0";
int ifindex;
char *source = NULL;
char *target;
s = xsocket(PF_PACKET, SOCK_DGRAM, 0);
// Drop suid root privileges
xsetuid(getuid());
{
unsigned opt;
char *_count, *_timeout;
/* Dad also sets quit_on_reply.
* Advert also sets unsolicited.
*/
opt_complementary = "Df:AU";
opt = getopt32(argc, argv, "DUAqfbc:w:i:s:",
&_count, &_timeout, &device, &source);
cfg |= opt & 0x3f; /* set respective flags */
if (opt & 0x40) /* -c: count */
count = xatou(_count);
if (opt & 0x80) /* -w: timeout */
timeout = xatoul_range(_timeout, 0, INT_MAX/2000);
//if (opt & 0x100) /* -i: interface */
if (strlen(device) > IF_NAMESIZE) {
bb_error_msg_and_die("interface name '%s' is too long",
device);
}
//if (opt & 0x200) /* -s: source */
}
argc -= optind;
argv += optind;
if (argc != 1)
bb_show_usage();
target = *argv;
xfunc_error_retval = 2;
{
struct ifreq ifr;
memset(&ifr, 0, sizeof(ifr));
strncpy(ifr.ifr_name, device, IFNAMSIZ - 1);
if (ioctl(s, SIOCGIFINDEX, &ifr) < 0) {
bb_error_msg_and_die("interface %s not found", device);
}
ifindex = ifr.ifr_ifindex;
if (ioctl(s, SIOCGIFFLAGS, (char *) &ifr)) {
bb_error_msg_and_die("SIOCGIFFLAGS");
}
if (!(ifr.ifr_flags & IFF_UP)) {
bb_error_msg_and_die("interface %s is down", device);
}
if (ifr.ifr_flags & (IFF_NOARP | IFF_LOOPBACK)) {
bb_error_msg("interface %s is not ARPable", device);
return (cfg & dad ? 0 : 2);
}
}
if (!inet_aton(target, &dst)) {
len_and_sockaddr *lsa;
lsa = xhost_and_af2sockaddr(target, 0, AF_INET);
memcpy(&dst, &lsa->sin.sin_addr.s_addr, 4);
if (ENABLE_FEATURE_CLEAN_UP)
free(lsa);
}
if (source && !inet_aton(source, &src)) {
bb_error_msg_and_die("invalid source address %s", source);
}
if (!(cfg & dad) && (cfg & unsolicited) && src.s_addr == 0)
src = dst;
if (!(cfg & dad) || src.s_addr) {
struct sockaddr_in saddr;
int probe_fd = xsocket(AF_INET, SOCK_DGRAM, 0);
if (device) {
if (setsockopt(probe_fd, SOL_SOCKET, SO_BINDTODEVICE, device, strlen(device) + 1) == -1)
bb_error_msg("warning: interface %s is ignored", device);
}
memset(&saddr, 0, sizeof(saddr));
saddr.sin_family = AF_INET;
if (src.s_addr) {
saddr.sin_addr = src;
xbind(probe_fd, (struct sockaddr *) &saddr, sizeof(saddr));
} else if (!(cfg & dad)) {
socklen_t alen = sizeof(saddr);
saddr.sin_port = htons(1025);
saddr.sin_addr = dst;
if (setsockopt(probe_fd, SOL_SOCKET, SO_DONTROUTE, &const_int_1, sizeof(const_int_1)) == -1)
bb_perror_msg("warning: setsockopt(SO_DONTROUTE)");
xconnect(probe_fd, (struct sockaddr *) &saddr, sizeof(saddr));
if (getsockname(probe_fd, (struct sockaddr *) &saddr, &alen) == -1) {
bb_error_msg_and_die("getsockname");
}
src = saddr.sin_addr;
}
close(probe_fd);
}
me.sll_family = AF_PACKET;
me.sll_ifindex = ifindex;
me.sll_protocol = htons(ETH_P_ARP);
xbind(s, (struct sockaddr *) &me, sizeof(me));
{
socklen_t alen = sizeof(me);
if (getsockname(s, (struct sockaddr *) &me, &alen) == -1) {
bb_error_msg_and_die("getsockname");
}
}
if (me.sll_halen == 0) {
bb_error_msg("interface \"%s\" is not ARPable (no ll address)", device);
return (cfg & dad ? 0 : 2);
}
he = me;
memset(he.sll_addr, -1, he.sll_halen);
if (!(cfg & quiet)) {
printf("ARPING to %s from %s via %s\n",
inet_ntoa(dst), inet_ntoa(src),
device ? device : "unknown");
}
if (!src.s_addr && !(cfg & dad)) {
bb_error_msg_and_die("no src address in the non-DAD mode");
}
{
struct sigaction sa;
memset(&sa, 0, sizeof(sa));
sa.sa_flags = SA_RESTART;
sa.sa_handler = (void (*)(int)) finish;
sigaction(SIGINT, &sa, NULL);
sa.sa_handler = (void (*)(int)) catcher;
sigaction(SIGALRM, &sa, NULL);
}
catcher();
while (1) {
sigset_t sset, osset;
RESERVE_CONFIG_UBUFFER(packet, 4096);
struct sockaddr_ll from;
socklen_t alen = sizeof(from);
int cc;
cc = recvfrom(s, packet, 4096, 0, (struct sockaddr *) &from, &alen);
if (cc < 0) {
bb_perror_msg("recvfrom");
continue;
}
sigemptyset(&sset);
sigaddset(&sset, SIGALRM);
sigaddset(&sset, SIGINT);
sigprocmask(SIG_BLOCK, &sset, &osset);
recv_pack(packet, cc, &from);
sigprocmask(SIG_SETMASK, &osset, NULL);
RELEASE_CONFIG_BUFFER(packet);
}
}
int arping_main(int argc, char **argv)
{
char *device = "eth0";
int ifindex;
char *source = NULL;
char *target;
s = socket(PF_PACKET, SOCK_DGRAM, 0);
ifindex = errno;
// Drop suid root privileges
xsetuid(getuid());
{
unsigned long opt;
char *_count, *_timeout, *_device;
/* Dad also sets quit_on_reply.
* Advert also sets unsolicited.
*/
bb_opt_complementally = "Df:AU";
opt = bb_getopt_ulflags(argc, argv, "DUAqfbc:w:i:s:",
&_count, &_timeout, &_device);
cfg |= opt & 63; /* set respective flags */
if (opt & 64) /* count */
count = atoi(_count);
if (opt & 128) /* timeout */
timeout = atoi(_timeout);
if (opt & 256) { /* interface */
if (strlen(_device) > IF_NAMESIZE) {
bb_error_msg_and_die("Interface name `%s' must be less than %d",
_device, IF_NAMESIZE);
}
device = _device;
}
if (opt & 512) /* source */
source = optarg;
}
argc -= optind;
argv += optind;
if (argc != 1)
bb_show_usage();
target = *argv;
if (s < 0) {
bb_default_error_retval = ifindex;
bb_perror_msg_and_die("socket");
}
bb_default_error_retval = 2;
{
struct ifreq ifr;
memset(&ifr, 0, sizeof(ifr));
strncpy(ifr.ifr_name, device, IFNAMSIZ - 1);
if (ioctl(s, SIOCGIFINDEX, &ifr) < 0) {
bb_error_msg_and_die("Interface %s not found", device);
}
ifindex = ifr.ifr_ifindex;
if (ioctl(s, SIOCGIFFLAGS, (char *) &ifr)) {
bb_error_msg_and_die("SIOCGIFFLAGS");
}
if (!(ifr.ifr_flags & IFF_UP)) {
bb_error_msg_and_die("Interface %s is down", device);
}
if (ifr.ifr_flags & (IFF_NOARP | IFF_LOOPBACK)) {
bb_error_msg("Interface %s is not ARPable", device);
exit(cfg&dad ? 0 : 2);
}
}
if (!inet_aton(target, &dst)) {
struct hostent *hp;
hp = gethostbyname2(target, AF_INET);
if (!hp) {
bb_error_msg_and_die("invalid or unknown target %s", target);
}
memcpy(&dst, hp->h_addr, 4);
}
if (source && !inet_aton(source, &src)) {
bb_error_msg_and_die("invalid source address %s", source);
}
if (!(cfg&dad) && cfg&unsolicited && src.s_addr == 0)
src = dst;
if (!(cfg&dad) || src.s_addr) {
struct sockaddr_in saddr;
int probe_fd = socket(AF_INET, SOCK_DGRAM, 0); /* maybe use bb_xsocket? */
if (probe_fd < 0) {
bb_error_msg_and_die("socket");
}
if (device) {
if (setsockopt
(probe_fd, SOL_SOCKET, SO_BINDTODEVICE, device,
strlen(device) + 1) == -1)
bb_error_msg("WARNING: interface %s is ignored", device);
}
memset(&saddr, 0, sizeof(saddr));
saddr.sin_family = AF_INET;
if (src.s_addr) {
saddr.sin_addr = src;
if (bind(probe_fd, (struct sockaddr *) &saddr, sizeof(saddr)) == -1) {
bb_error_msg_and_die("bind");
}
} else if (!(cfg&dad)) {
int on = 1;
socklen_t alen = sizeof(saddr);
saddr.sin_port = htons(1025);
saddr.sin_addr = dst;
if (setsockopt
(probe_fd, SOL_SOCKET, SO_DONTROUTE, (char *) &on,
sizeof(on)) == -1)
bb_perror_msg("WARNING: setsockopt(SO_DONTROUTE)");
if (connect(probe_fd, (struct sockaddr *) &saddr, sizeof(saddr))
== -1) {
bb_error_msg_and_die("connect");
}
if (getsockname(probe_fd, (struct sockaddr *) &saddr, &alen) ==
-1) {
bb_error_msg_and_die("getsockname");
}
src = saddr.sin_addr;
}
close(probe_fd);
};
me.sll_family = AF_PACKET;
me.sll_ifindex = ifindex;
me.sll_protocol = htons(ETH_P_ARP);
if (bind(s, (struct sockaddr *) &me, sizeof(me)) == -1) {
bb_error_msg_and_die("bind");
}
{
socklen_t alen = sizeof(me);
if (getsockname(s, (struct sockaddr *) &me, &alen) == -1) {
bb_error_msg_and_die("getsockname");
}
}
if (me.sll_halen == 0) {
bb_error_msg("Interface \"%s\" is not ARPable (no ll address)", device);
exit(cfg&dad ? 0 : 2);
}
he = me;
memset(he.sll_addr, -1, he.sll_halen);
if (!(cfg&quiet)) {
printf("ARPING to %s from %s via %s\n",
inet_ntoa(dst), inet_ntoa(src),
device ? device : "unknown");
}
if (!src.s_addr && !(cfg&dad)) {
bb_error_msg_and_die("no src address in the non-DAD mode");
}
{
struct sigaction sa;
memset(&sa, 0, sizeof(sa));
sa.sa_flags = SA_RESTART;
sa.sa_handler = (void (*)(int)) finish;
sigaction(SIGINT, &sa, NULL);
sa.sa_handler = (void (*)(int)) catcher;
sigaction(SIGALRM, &sa, NULL);
}
catcher();
while (1) {
sigset_t sset, osset;
RESERVE_CONFIG_UBUFFER(packet, 4096);
struct sockaddr_ll from;
socklen_t alen = sizeof(from);
int cc;
if ((cc = recvfrom(s, packet, 4096, 0,
(struct sockaddr *) &from, &alen)) < 0) {
bb_perror_msg("recvfrom");
continue;
}
sigemptyset(&sset);
sigaddset(&sset, SIGALRM);
sigaddset(&sset, SIGINT);
sigprocmask(SIG_BLOCK, &sset, &osset);
recv_pack(packet, cc, &from);
sigprocmask(SIG_SETMASK, &osset, NULL);
RELEASE_CONFIG_BUFFER(packet);
}
}
int passwd_main(int argc UNUSED_PARAM, char **argv)
{
enum {
OPT_algo = (1 << 0), /* -a - password algorithm */
OPT_lock = (1 << 1), /* -l - lock account */
OPT_unlock = (1 << 2), /* -u - unlock account */
OPT_delete = (1 << 3), /* -d - delete password */
OPT_lud = OPT_lock | OPT_unlock | OPT_delete,
};
unsigned opt;
int rc;
const char *opt_a = CONFIG_FEATURE_DEFAULT_PASSWD_ALGO;
const char *filename;
char *myname;
char *name;
char *newp;
struct passwd *pw;
uid_t myuid;
struct rlimit rlimit_fsize;
char c;
#if ENABLE_FEATURE_SHADOWPASSWDS
/* Using _r function to avoid pulling in static buffers */
struct spwd spw;
char buffer[256];
#endif
logmode = LOGMODE_BOTH;
openlog(applet_name, 0, LOG_AUTH);
opt = getopt32(argv, "a:lud", &opt_a);
//argc -= optind;
argv += optind;
myuid = getuid();
/* -l, -u, -d require root priv and username argument */
if ((opt & OPT_lud) && (myuid != 0 || !argv[0]))
bb_show_usage();
/* Will complain and die if username not found */
myname = xstrdup(xuid2uname(myuid));
name = argv[0] ? argv[0] : myname;
pw = xgetpwnam(name);
if (myuid != 0 && pw->pw_uid != myuid) {
/* LOGMODE_BOTH */
bb_error_msg_and_die("%s can't change password for %s", myname, name);
}
#if ENABLE_FEATURE_SHADOWPASSWDS
{
/* getspnam_r may return 0 yet set result to NULL.
* At least glibc 2.4 does this. Be extra paranoid here. */
struct spwd *result = NULL;
errno = 0;
if (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result) != 0
|| !result /* no error, but no record found either */
|| strcmp(result->sp_namp, pw->pw_name) != 0 /* paranoia */
) {
if (errno != ENOENT) {
/* LOGMODE_BOTH */
bb_perror_msg("no record of %s in %s, using %s",
name, bb_path_shadow_file,
bb_path_passwd_file);
}
/* else: /etc/shadow does not exist,
* apparently we are on a shadow-less system,
* no surprise there */
} else {
pw->pw_passwd = result->sp_pwdp;
}
}
#endif
/* Decide what the new password will be */
newp = NULL;
c = pw->pw_passwd[0] - '!';
if (!(opt & OPT_lud)) {
if (myuid != 0 && !c) { /* passwd starts with '!' */
/* LOGMODE_BOTH */
bb_error_msg_and_die("can't change "
"locked password for %s", name);
}
printf("Changing password for %s\n", name);
newp = new_password(pw, myuid, opt_a);
if (!newp) {
logmode = LOGMODE_STDIO;
bb_error_msg_and_die("password for %s is unchanged", name);
}
} else if (opt & OPT_lock) {
if (!c)
goto skip; /* passwd starts with '!' */
newp = xasprintf("!%s", pw->pw_passwd);
} else if (opt & OPT_unlock) {
if (c)
goto skip; /* not '!' */
/* pw->pw_passwd points to static storage,
* strdup'ing to avoid nasty surprizes */
newp = xstrdup(&pw->pw_passwd[1]);
} else if (opt & OPT_delete) {
newp = (char*)"";
}
rlimit_fsize.rlim_cur = rlimit_fsize.rlim_max = 512L * 30000;
setrlimit(RLIMIT_FSIZE, &rlimit_fsize);
bb_signals(0
+ (1 << SIGHUP)
+ (1 << SIGINT)
+ (1 << SIGQUIT)
, SIG_IGN);
umask(077);
xsetuid(0);
#if ENABLE_FEATURE_SHADOWPASSWDS
filename = bb_path_shadow_file;
rc = update_passwd(bb_path_shadow_file, name, newp, NULL);
if (rc > 0)
/* password in /etc/shadow was updated */
newp = (char*) "x";
if (rc >= 0)
/* 0 = /etc/shadow missing (not an error), >0 = passwd changed in /etc/shadow */
#endif
{
filename = bb_path_passwd_file;
rc = update_passwd(bb_path_passwd_file, name, newp, NULL);
}
/* LOGMODE_BOTH */
if (rc < 0)
bb_error_msg_and_die("can't update password file %s", filename);
bb_error_msg("password for %s changed by %s", name, myname);
/*if (ENABLE_FEATURE_CLEAN_UP) free(newp); - can't, it may be non-malloced */
skip:
if (!newp) {
bb_error_msg_and_die("password for %s is already %slocked",
name, (opt & OPT_unlock) ? "un" : "");
}
if (ENABLE_FEATURE_CLEAN_UP)
free(myname);
return 0;
}
int tcpudpsvd_main(int argc ATTRIBUTE_UNUSED, char **argv)
{
char *str_C, *str_t;
char *user;
struct hcc *hccp;
const char *instructs;
char *msg_per_host = NULL;
unsigned len_per_host = len_per_host; /* gcc */
#ifndef SSLSVD
struct bb_uidgid_t ugid;
#endif
bool tcp;
uint16_t local_port;
char *preset_local_hostname = NULL;
char *remote_hostname = remote_hostname; /* for compiler */
char *remote_addr = remote_addr; /* for compiler */
len_and_sockaddr *lsa;
len_and_sockaddr local, remote;
socklen_t sa_len;
int pid;
int sock;
int conn;
unsigned backlog = 20;
INIT_G();
tcp = (applet_name[0] == 't');
/* 3+ args, -i at most once, -p implies -h, -v is counter, -b N, -c N */
opt_complementary = "-3:i--i:ph:vv:b+:c+";
#ifdef SSLSVD
getopt32(argv, "+c:C:i:x:u:l:Eb:hpt:vU:/:Z:K:",
&cmax, &str_C, &instructs, &instructs, &user, &preset_local_hostname,
&backlog, &str_t, &ssluser, &root, &cert, &key, &verbose
);
#else
/* "+": stop on first non-option */
getopt32(argv, "+c:C:i:x:u:l:Eb:hpt:v",
&cmax, &str_C, &instructs, &instructs, &user, &preset_local_hostname,
&backlog, &str_t, &verbose
);
#endif
if (option_mask32 & OPT_C) { /* -C n[:message] */
max_per_host = bb_strtou(str_C, &str_C, 10);
if (str_C[0]) {
if (str_C[0] != ':')
bb_show_usage();
msg_per_host = str_C + 1;
len_per_host = strlen(msg_per_host);
}
}
if (max_per_host > cmax)
max_per_host = cmax;
if (option_mask32 & OPT_u) {
if (!get_uidgid(&ugid, user, 1))
bb_error_msg_and_die("unknown user/group: %s", user);
}
#ifdef SSLSVD
if (option_mask32 & OPT_U) ssluser = optarg;
if (option_mask32 & OPT_slash) root = optarg;
if (option_mask32 & OPT_Z) cert = optarg;
if (option_mask32 & OPT_K) key = optarg;
#endif
argv += optind;
if (!argv[0][0] || LONE_CHAR(argv[0], '0'))
argv[0] = (char*)"0.0.0.0";
/* Per-IP flood protection is not thought-out for UDP */
if (!tcp)
max_per_host = 0;
bb_sanitize_stdio(); /* fd# 0,1,2 must be opened */
#ifdef SSLSVD
sslser = user;
client = 0;
if ((getuid() == 0) && !(option_mask32 & OPT_u)) {
xfunc_exitcode = 100;
bb_error_msg_and_die("-U ssluser must be set when running as root");
}
if (option_mask32 & OPT_u)
if (!uidgid_get(&sslugid, ssluser, 1)) {
if (errno) {
bb_perror_msg_and_die("fatal: cannot get user/group: %s", ssluser);
}
bb_error_msg_and_die("unknown user/group '%s'", ssluser);
}
if (!cert) cert = "./cert.pem";
if (!key) key = cert;
if (matrixSslOpen() < 0)
fatal("cannot initialize ssl");
if (matrixSslReadKeys(&keys, cert, key, 0, ca) < 0) {
if (client)
fatal("cannot read cert, key, or ca file");
fatal("cannot read cert or key file");
}
if (matrixSslNewSession(&ssl, keys, 0, SSL_FLAGS_SERVER) < 0)
fatal("cannot create ssl session");
#endif
sig_block(SIGCHLD);
signal(SIGCHLD, sig_child_handler);
bb_signals(BB_FATAL_SIGS, sig_term_handler);
signal(SIGPIPE, SIG_IGN);
if (max_per_host)
ipsvd_perhost_init(cmax);
local_port = bb_lookup_port(argv[1], tcp ? "tcp" : "udp", 0);
lsa = xhost2sockaddr(argv[0], local_port);
argv += 2;
sock = xsocket(lsa->u.sa.sa_family, tcp ? SOCK_STREAM : SOCK_DGRAM, 0);
setsockopt_reuseaddr(sock);
sa_len = lsa->len; /* I presume sockaddr len stays the same */
xbind(sock, &lsa->u.sa, sa_len);
if (tcp)
xlisten(sock, backlog);
else /* udp: needed for recv_from_to to work: */
socket_want_pktinfo(sock);
/* ndelay_off(sock); - it is the default I think? */
#ifndef SSLSVD
if (option_mask32 & OPT_u) {
/* drop permissions */
xsetgid(ugid.gid);
xsetuid(ugid.uid);
}
#endif
if (verbose) {
char *addr = xmalloc_sockaddr2dotted(&lsa->u.sa);
bb_error_msg("listening on %s, starting", addr);
free(addr);
#ifndef SSLSVD
if (option_mask32 & OPT_u)
printf(", uid %u, gid %u",
(unsigned)ugid.uid, (unsigned)ugid.gid);
#endif
}
/* Main accept() loop */
again:
hccp = NULL;
while (cnum >= cmax)
wait_for_any_sig(); /* expecting SIGCHLD */
/* Accept a connection to fd #0 */
again1:
close(0);
again2:
sig_unblock(SIGCHLD);
local.len = remote.len = sa_len;
if (tcp) {
conn = accept(sock, &remote.u.sa, &remote.len);
} else {
/* In case recv_from_to won't be able to recover local addr.
* Also sets port - recv_from_to is unable to do it. */
local = *lsa;
conn = recv_from_to(sock, NULL, 0, MSG_PEEK,
&remote.u.sa, &local.u.sa, sa_len);
}
sig_block(SIGCHLD);
if (conn < 0) {
if (errno != EINTR)
bb_perror_msg(tcp ? "accept" : "recv");
goto again2;
}
xmove_fd(tcp ? conn : sock, 0);
if (max_per_host) {
/* Drop connection immediately if cur_per_host > max_per_host
* (minimizing load under SYN flood) */
remote_addr = xmalloc_sockaddr2dotted_noport(&remote.u.sa);
cur_per_host = ipsvd_perhost_add(remote_addr, max_per_host, &hccp);
if (cur_per_host > max_per_host) {
/* ipsvd_perhost_add detected that max is exceeded
* (and did not store ip in connection table) */
free(remote_addr);
if (msg_per_host) {
/* don't block or test for errors */
send(0, msg_per_host, len_per_host, MSG_DONTWAIT);
}
goto again1;
}
/* NB: remote_addr is not leaked, it is stored in conn table */
}
if (!tcp) {
/* Voodoo magic: making udp sockets each receive its own
* packets is not trivial, and I still not sure
* I do it 100% right.
* 1) we have to do it before fork()
* 2) order is important - is it right now? */
/* Open new non-connected UDP socket for further clients... */
sock = xsocket(lsa->u.sa.sa_family, SOCK_DGRAM, 0);
setsockopt_reuseaddr(sock);
/* Make plain write/send work for old socket by supplying default
* destination address. This also restricts incoming packets
* to ones coming from this remote IP. */
xconnect(0, &remote.u.sa, sa_len);
/* hole? at this point we have no wildcard udp socket...
* can this cause clients to get "port unreachable" icmp?
* Yup, time window is very small, but it exists (is it?) */
/* ..."open new socket", continued */
xbind(sock, &lsa->u.sa, sa_len);
socket_want_pktinfo(sock);
/* Doesn't work:
* we cannot replace fd #0 - we will lose pending packet
* which is already buffered for us! And we cannot use fd #1
* instead - it will "intercept" all following packets, but child
* does not expect data coming *from fd #1*! */
#if 0
/* Make it so that local addr is fixed to localp->u.sa
* and we don't accidentally accept packets to other local IPs. */
/* NB: we possibly bind to the _very_ same_ address & port as the one
* already bound in parent! This seems to work in Linux.
* (otherwise we can move socket to fd #0 only if bind succeeds) */
close(0);
set_nport(localp, htons(local_port));
xmove_fd(xsocket(localp->u.sa.sa_family, SOCK_DGRAM, 0), 0);
setsockopt_reuseaddr(0); /* crucial */
xbind(0, &localp->u.sa, localp->len);
#endif
}
pid = vfork();
if (pid == -1) {
bb_perror_msg("vfork");
goto again;
}
if (pid != 0) {
/* Parent */
cnum++;
if (verbose)
connection_status();
if (hccp)
hccp->pid = pid;
/* clean up changes done by vforked child */
undo_xsetenv();
goto again;
}
/* Child: prepare env, log, and exec prog */
/* Closing tcp listening socket */
if (tcp)
close(sock);
{ /* vfork alert! every xmalloc in this block should be freed! */
char *local_hostname = local_hostname; /* for compiler */
char *local_addr = NULL;
char *free_me0 = NULL;
char *free_me1 = NULL;
char *free_me2 = NULL;
if (verbose || !(option_mask32 & OPT_E)) {
if (!max_per_host) /* remote_addr is not yet known */
free_me0 = remote_addr = xmalloc_sockaddr2dotted(&remote.u.sa);
if (option_mask32 & OPT_h) {
free_me1 = remote_hostname = xmalloc_sockaddr2host_noport(&remote.u.sa);
if (!remote_hostname) {
bb_error_msg("cannot look up hostname for %s", remote_addr);
remote_hostname = remote_addr;
}
}
/* Find out local IP peer connected to.
* Errors ignored (I'm not paranoid enough to imagine kernel
* which doesn't know local IP). */
if (tcp)
getsockname(0, &local.u.sa, &local.len);
/* else: for UDP it is done earlier by parent */
local_addr = xmalloc_sockaddr2dotted(&local.u.sa);
if (option_mask32 & OPT_h) {
local_hostname = preset_local_hostname;
if (!local_hostname) {
free_me2 = local_hostname = xmalloc_sockaddr2host_noport(&local.u.sa);
if (!local_hostname)
bb_error_msg_and_die("cannot look up hostname for %s", local_addr);
}
/* else: local_hostname is not NULL, but is NOT malloced! */
}
}
if (verbose) {
pid = getpid();
if (max_per_host) {
bb_error_msg("concurrency %s %u/%u",
remote_addr,
cur_per_host, max_per_host);
}
bb_error_msg((option_mask32 & OPT_h)
? "start %u %s-%s (%s-%s)"
: "start %u %s-%s",
pid,
local_addr, remote_addr,
local_hostname, remote_hostname);
}
if (!(option_mask32 & OPT_E)) {
/* setup ucspi env */
const char *proto = tcp ? "TCP" : "UDP";
/* Extract "original" destination addr:port
* from Linux firewall. Useful when you redirect
* an outbond connection to local handler, and it needs
* to know where it originally tried to connect */
if (tcp && getsockopt(0, SOL_IP, SO_ORIGINAL_DST, &local.u.sa, &local.len) == 0) {
char *addr = xmalloc_sockaddr2dotted(&local.u.sa);
xsetenv_plain("TCPORIGDSTADDR", addr);
free(addr);
}
xsetenv_plain("PROTO", proto);
xsetenv_proto(proto, "LOCALADDR", local_addr);
xsetenv_proto(proto, "REMOTEADDR", remote_addr);
if (option_mask32 & OPT_h) {
xsetenv_proto(proto, "LOCALHOST", local_hostname);
xsetenv_proto(proto, "REMOTEHOST", remote_hostname);
}
//compat? xsetenv_proto(proto, "REMOTEINFO", "");
/* additional */
if (cur_per_host > 0) /* can not be true for udp */
xsetenv_plain("TCPCONCURRENCY", utoa(cur_per_host));
}
free(local_addr);
free(free_me0);
free(free_me1);
free(free_me2);
}
xdup2(0, 1);
signal(SIGTERM, SIG_DFL);
signal(SIGPIPE, SIG_DFL);
signal(SIGCHLD, SIG_DFL);
sig_unblock(SIGCHLD);
#ifdef SSLSVD
strcpy(id, utoa(pid));
ssl_io(0, argv);
#else
BB_EXECVP(argv[0], argv);
#endif
bb_perror_msg_and_die("exec '%s'", argv[0]);
}
int start_stop_daemon_main(int argc UNUSED_PARAM, char **argv)
{
unsigned opt;
char *signame;
char *startas;
char *chuid;
#ifdef OLDER_VERSION_OF_X
struct stat execstat;
#endif
#if ENABLE_FEATURE_START_STOP_DAEMON_FANCY
// char *retry_arg = NULL;
// int retries = -1;
char *opt_N;
#endif
INIT_G();
#if ENABLE_FEATURE_START_STOP_DAEMON_LONG_OPTIONS
applet_long_options = start_stop_daemon_longopts;
#endif
/* -K or -S is required; they are mutually exclusive */
/* -p is required if -m is given */
/* -xpun (at least one) is required if -K is given */
/* -xa (at least one) is required if -S is given */
/* -q turns off -v */
opt_complementary = "K:S:K--S:S--K:m?p:K?xpun:S?xa"
IF_FEATURE_START_STOP_DAEMON_FANCY("q-v");
opt = getopt32(argv, "KSbqtma:n:s:u:c:x:p:"
IF_FEATURE_START_STOP_DAEMON_FANCY("ovN:R:"),
&startas, &cmdname, &signame, &userspec, &chuid, &execname, &pidfile
IF_FEATURE_START_STOP_DAEMON_FANCY(,&opt_N)
/* We accept and ignore -R <param> / --retry <param> */
IF_FEATURE_START_STOP_DAEMON_FANCY(,NULL)
);
if (opt & OPT_s) {
signal_nr = get_signum(signame);
if (signal_nr < 0) bb_show_usage();
}
if (!(opt & OPT_a))
startas = execname;
if (!execname) /* in case -a is given and -x is not */
execname = startas;
if (execname) {
G.execname_sizeof = strlen(execname) + 1;
G.execname_cmpbuf = xmalloc(G.execname_sizeof + 1);
}
// IF_FEATURE_START_STOP_DAEMON_FANCY(
// if (retry_arg)
// retries = xatoi_positive(retry_arg);
// )
//argc -= optind;
argv += optind;
if (userspec) {
user_id = bb_strtou(userspec, NULL, 10);
if (errno)
user_id = xuname2uid(userspec);
}
/* Both start and stop need to know current processes */
do_procinit();
if (opt & CTX_STOP) {
int i = do_stop();
return (opt & OPT_OKNODO) ? 0 : (i <= 0);
}
if (G.found_procs) {
if (!QUIET)
printf("%s is already running\n%u\n", execname, (unsigned)G.found_procs->pid);
return !(opt & OPT_OKNODO);
}
#ifdef OLDER_VERSION_OF_X
if (execname)
xstat(execname, &execstat);
#endif
*--argv = startas;
if (opt & OPT_BACKGROUND) {
#if BB_MMU
bb_daemonize(DAEMON_DEVNULL_STDIO + DAEMON_CLOSE_EXTRA_FDS);
/* DAEMON_DEVNULL_STDIO is superfluous -
* it's always done by bb_daemonize() */
#else
pid_t pid = xvfork();
if (pid != 0) {
/* parent */
/* why _exit? the child may have changed the stack,
* so "return 0" may do bad things */
_exit(EXIT_SUCCESS);
}
/* Child */
setsid(); /* detach from controlling tty */
/* Redirect stdio to /dev/null, close extra FDs.
* We do not actually daemonize because of DAEMON_ONLY_SANITIZE */
bb_daemonize_or_rexec(DAEMON_DEVNULL_STDIO
+ DAEMON_CLOSE_EXTRA_FDS
+ DAEMON_ONLY_SANITIZE,
NULL /* argv, unused */ );
#endif
}
if (opt & OPT_MAKEPID) {
/* User wants _us_ to make the pidfile */
write_pidfile(pidfile);
}
if (opt & OPT_c) {
struct bb_uidgid_t ugid = { -1, -1 };
parse_chown_usergroup_or_die(&ugid, chuid);
if (ugid.gid != (gid_t) -1) xsetgid(ugid.gid);
if (ugid.uid != (uid_t) -1) xsetuid(ugid.uid);
}
#if ENABLE_FEATURE_START_STOP_DAEMON_FANCY
if (opt & OPT_NICELEVEL) {
/* Set process priority */
int prio = getpriority(PRIO_PROCESS, 0) + xatoi_range(opt_N, INT_MIN/2, INT_MAX/2);
if (setpriority(PRIO_PROCESS, 0, prio) < 0) {
bb_perror_msg_and_die("setpriority(%d)", prio);
}
}
#endif
execvp(startas, argv);
bb_perror_msg_and_die("can't execute '%s'", startas);
}
