void ns_os_changeuser(void) { char strbuf[ISC_STRERRORSIZE]; if (runas_pw == NULL || done_setuid) return; done_setuid = ISC_TRUE; #ifdef HAVE_LINUXTHREADS #ifdef HAVE_LINUX_CAPABILITY_H if (!non_root_caps) ns_main_earlyfatal("-u with Linux threads not supported: " "requires kernel support for " "prctl(PR_SET_KEEPCAPS)"); #else ns_main_earlyfatal("-u with Linux threads not supported: " "no capabilities support or capabilities " "disabled at build time"); #endif #endif if (setgid(runas_pw->pw_gid) < 0) { isc__strerror(errno, strbuf, sizeof(strbuf)); ns_main_earlyfatal("setgid(): %s", strbuf); } if (setuid(runas_pw->pw_uid) < 0) { isc__strerror(errno, strbuf, sizeof(strbuf)); ns_main_earlyfatal("setuid(): %s", strbuf); } #if defined(HAVE_SYS_PRCTL_H) && defined(PR_SET_DUMPABLE) /* * Restore the ability of named to drop core after the setuid() * call has disabled it. */ if (prctl(PR_SET_DUMPABLE,1,0,0,0) < 0) { isc__strerror(errno, strbuf, sizeof(strbuf)); ns_main_earlywarning("prctl(PR_SET_DUMPABLE) failed: %s", strbuf); } #endif #if defined(HAVE_LINUX_CAPABILITY_H) && !defined(HAVE_LINUXTHREADS) linux_minprivs(); #endif }
static void setperms (uid_t uid, gid_t gid) { char strbuf[ISC_STRERRORSIZE]; #if !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID) gid_t oldgid, tmpg; #endif #if !defined(HAVE_SETEUID) && defined(HAVE_SETRESUID) uid_t olduid, tmpu; #endif #if defined(HAVE_SETEGID) if (getegid () != gid && setegid (gid) == -1) { isc__strerror (errno, strbuf, sizeof (strbuf)); ns_main_earlywarning ("unable to set effective gid to %ld: %s", (long) gid, strbuf); } #elif defined(HAVE_SETRESGID) if (getresgid (&tmpg, &oldgid, &tmpg) == -1 || oldgid != gid) { if (setresgid (-1, gid, -1) == -1) { isc__strerror (errno, strbuf, sizeof (strbuf)); ns_main_earlywarning ("unable to set effective " "gid to %d: %s", gid, strbuf); } } #endif #if defined(HAVE_SETEUID) if (geteuid () != uid && seteuid (uid) == -1) { isc__strerror (errno, strbuf, sizeof (strbuf)); ns_main_earlywarning ("unable to set effective uid to %ld: %s", (long) uid, strbuf); } #elif defined(HAVE_SETRESUID) if (getresuid (&tmpu, &olduid, &tmpu) == -1 || olduid != uid) { if (setresuid (-1, uid, -1) == -1) { isc__strerror (errno, strbuf, sizeof (strbuf)); ns_main_earlywarning ("unable to set effective " "uid to %d: %s", uid, strbuf); } } #endif }
void ns_os_writepidfile (const char *filename, isc_boolean_t first_time) { FILE *lockfile; pid_t pid; char strbuf[ISC_STRERRORSIZE]; void (*report) (const char *, ...); /* * The caller must ensure any required synchronization. */ report = first_time ? ns_main_earlyfatal : ns_main_earlywarning; cleanup_pidfile (); if (filename == NULL) return; pidfile = strdup (filename); if (pidfile == NULL) { isc__strerror (errno, strbuf, sizeof (strbuf)); (*report) ("couldn't strdup() '%s': %s", filename, strbuf); return; } lockfile = ns_os_openfile (filename, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH, first_time); if (lockfile == NULL) { cleanup_pidfile (); return; } #ifdef HAVE_LINUXTHREADS pid = mainpid; #else pid = getpid (); #endif if (fprintf (lockfile, "%ld\n", (long) pid) < 0) { (*report) ("fprintf() to pid file '%s' failed", filename); (void) fclose (lockfile); cleanup_pidfile (); return; } if (fflush (lockfile) == EOF) { (*report) ("fflush() to pid file '%s' failed", filename); (void) fclose (lockfile); cleanup_pidfile (); return; } (void) fclose (lockfile); }
isc_boolean_t ns_os_issingleton(const char *filename) { char strbuf[ISC_STRERRORSIZE]; struct flock lock; if (singletonfd != -1) return (ISC_TRUE); if (strcasecmp(filename, "none") == 0) return (ISC_TRUE); /* * Make the containing directory if it doesn't exist. */ lockfile = strdup(filename); if (lockfile == NULL) { isc__strerror(errno, strbuf, sizeof(strbuf)); ns_main_earlyfatal("couldn't allocate memory for '%s': %s", filename, strbuf); } else { int ret = mkdirpath(lockfile, ns_main_earlywarning); if (ret == -1) { ns_main_earlywarning("couldn't create '%s'", filename); cleanup_lockfile(); return (ISC_FALSE); } } /* * ns_os_openfile() uses safeopen() which removes any existing * files. We can't use that here. */ singletonfd = open(filename, O_WRONLY | O_CREAT, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); if (singletonfd == -1) { cleanup_lockfile(); return (ISC_FALSE); } memset(&lock, 0, sizeof(lock)); lock.l_type = F_WRLCK; lock.l_whence = SEEK_SET; lock.l_start = 0; lock.l_len = 1; /* Non-blocking (does not wait for lock) */ if (fcntl(singletonfd, F_SETLK, &lock) == -1) { close(singletonfd); singletonfd = -1; return (ISC_FALSE); } return (ISC_TRUE); }
char * ntp_strerror( int code ) { static char msgbuf[128]; isc__strerror(code, msgbuf, sizeof(msgbuf)); return msgbuf; }
static isc_result_t try_proto(int domain) { SOCKET s; isc_result_t result = ISC_R_SUCCESS; char strbuf[ISC_STRERRORSIZE]; int errval; s = socket(domain, SOCK_STREAM, 0); if (s == INVALID_SOCKET) { errval = WSAGetLastError(); switch (errval) { case WSAEAFNOSUPPORT: case WSAEPROTONOSUPPORT: case WSAEINVAL: return (ISC_R_NOTFOUND); default: isc__strerror(errval, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, "socket() %s failed", strbuf); return (ISC_R_UNEXPECTED); } } #ifdef ISC_PLATFORM_HAVEIPV6 #ifdef WANT_IPV6 #ifdef ISC_PLATFORM_HAVEIN6PKTINFO if (domain == PF_INET6) { struct sockaddr_in6 sin6; unsigned int len; /* * Check to see if IPv6 is broken, as is common on Linux. */ len = sizeof(sin6); if (getsockname(s, (struct sockaddr *)&sin6, (void *)&len) < 0) { result = ISC_R_NOTFOUND; } else { if (len == sizeof(struct sockaddr_in6)) result = ISC_R_SUCCESS; else { result = ISC_R_NOTFOUND; } } } #endif #endif #endif closesocket(s); return (result); }
isc_result_t isc_app_reload(void) { isc_boolean_t want_kill = ISC_TRUE; char strbuf[ISC_STRERRORSIZE]; LOCK(&lock); REQUIRE(running); /* * Don't send the reload signal if we're shutting down. */ if (shutdown_requested) want_kill = ISC_FALSE; UNLOCK(&lock); if (want_kill) { #ifdef HAVE_LINUXTHREADS int result; result = pthread_kill(main_thread, SIGHUP); if (result != 0) { isc__strerror(result, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, "isc_app_reload() pthread_kill: %s", strbuf); return (ISC_R_UNEXPECTED); } #else if (kill(getpid(), SIGHUP) < 0) { isc__strerror(errno, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, "isc_app_reload() kill: %s", strbuf); return (ISC_R_UNEXPECTED); } #endif } return (ISC_R_SUCCESS); }
/* * Connect to a UNIX domain socket. */ static int ux_socket_connect (const char *path) { int fd = -1; #ifdef ISC_PLATFORM_HAVESYSUNH struct sockaddr_un addr; REQUIRE (path != NULL); if (strlen (path) > sizeof (addr.sun_path)) { ssu_e_log (3, "ssu_external: socket path '%s' " "longer than system maximum %u", path, sizeof (addr.sun_path)); return (-1); } memset (&addr, 0, sizeof (addr)); addr.sun_family = AF_UNIX; strncpy (addr.sun_path, path, sizeof (addr.sun_path)); fd = socket (AF_UNIX, SOCK_STREAM, 0); if (fd == -1) { char strbuf[ISC_STRERRORSIZE]; isc__strerror (errno, strbuf, sizeof (strbuf)); ssu_e_log (3, "ssu_external: unable to create socket - %s", strbuf); return (-1); } if (connect (fd, (struct sockaddr *) &addr, sizeof (addr)) == -1) { char strbuf[ISC_STRERRORSIZE]; isc__strerror (errno, strbuf, sizeof (strbuf)); ssu_e_log (3, "ssu_external: unable to connect to " "socket '%s' - %s", path, strbuf); close (fd); return (-1); } #endif return (fd); }
void ns_os_chroot(const char *root) { char strbuf[ISC_STRERRORSIZE]; #ifdef HAVE_LIBSCF ns_smf_chroot = 0; #endif if (root != NULL) { if (chroot(root) < 0) { isc__strerror(errno, strbuf, sizeof(strbuf)); ns_main_earlyfatal("chroot(): %s", strbuf); } if (chdir("/") < 0) { isc__strerror(errno, strbuf, sizeof(strbuf)); ns_main_earlyfatal("chdir(/): %s", strbuf); } #ifdef HAVE_LIBSCF /* Set ns_smf_chroot flag on successful chroot. */ ns_smf_chroot = 1; #endif } }
isc_result_t isc_time_nowplusinterval(isc_time_t *t, const isc_interval_t *i) { struct timeval tv; char strbuf[ISC_STRERRORSIZE]; REQUIRE(t != NULL); REQUIRE(i != NULL); INSIST(i->nanoseconds < NS_PER_S); if (gettimeofday(&tv, NULL) == -1) { isc__strerror(errno, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, "%s", strbuf); return (ISC_R_UNEXPECTED); } /* * Does POSIX guarantee the signedness of tv_sec and tv_usec? If not, * then this test will generate warnings for platforms on which it is * unsigned. In any event, the chances of any of these problems * happening are pretty much zero, but since the libisc library ensures * certain things to be true ... */ #if ISC_FIX_TV_USEC fix_tv_usec(&tv); if (tv.tv_sec < 0) return (ISC_R_UNEXPECTED); #else if (tv.tv_sec < 0 || tv.tv_usec < 0 || tv.tv_usec >= US_PER_S) return (ISC_R_UNEXPECTED); #endif /* * Ensure the resulting seconds value fits in the size of an * unsigned int. (It is written this way as a slight optimization; * note that even if both values == INT_MAX, then when added * and getting another 1 added below the result is UINT_MAX.) */ if ((tv.tv_sec > INT_MAX || i->seconds > INT_MAX) && ((long long)tv.tv_sec + i->seconds > UINT_MAX)) return (ISC_R_RANGE); t->seconds = tv.tv_sec + i->seconds; t->nanoseconds = tv.tv_usec * NS_PER_US + i->nanoseconds; if (t->nanoseconds > NS_PER_S) { t->seconds++; t->nanoseconds -= NS_PER_S; } return (ISC_R_SUCCESS); }
isc_result_t isc_interfaceiter_create(isc_mem_t *mctx, isc_interfaceiter_t **iterp) { isc_interfaceiter_t *iter; isc_result_t result; char strbuf[ISC_STRERRORSIZE]; REQUIRE(mctx != NULL); REQUIRE(iterp != NULL); REQUIRE(*iterp == NULL); iter = isc_mem_get(mctx, sizeof(*iter)); if (iter == NULL) return (ISC_R_NOMEMORY); iter->mctx = mctx; iter->buf = NULL; iter->bufsize = 0; iter->ifaddrs = NULL; if (getifaddrs(&iter->ifaddrs) < 0) { isc__strerror(errno, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, isc_msgcat_get(isc_msgcat, ISC_MSGSET_IFITERGETIFADDRS, ISC_MSG_GETIFADDRS, "getting interface " "addresses: getifaddrs: %s"), strbuf); result = ISC_R_UNEXPECTED; goto failure; } /* * A newly created iterator has an undefined position * until isc_interfaceiter_first() is called. */ iter->pos = NULL; iter->result = ISC_R_FAILURE; iter->magic = IFITER_MAGIC; *iterp = iter; return (ISC_R_SUCCESS); failure: if (iter->ifaddrs != NULL) /* just in case */ freeifaddrs(iter->ifaddrs); isc_mem_put(mctx, iter, sizeof(*iter)); return (result); }
isc_result_t isc_condition_waituntil(isc_condition_t *c, isc_mutex_t *m, isc_time_t *t) { int presult; isc_result_t result; struct timespec ts; char strbuf[ISC_STRERRORSIZE]; REQUIRE(c != NULL && m != NULL && t != NULL); /* * POSIX defines a timespec's tv_sec as time_t. */ result = isc_time_secondsastimet(t, &ts.tv_sec); /* * If we have a range error ts.tv_sec is most probably a signed * 32 bit value. Set ts.tv_sec to INT_MAX. This is a kludge. */ if (result == ISC_R_RANGE) ts.tv_sec = INT_MAX; else if (result != ISC_R_SUCCESS) return (result); /*! * POSIX defines a timespec's tv_nsec as long. isc_time_nanoseconds * ensures its return value is < 1 billion, which will fit in a long. */ ts.tv_nsec = (long)isc_time_nanoseconds(t); do { #if ISC_MUTEX_PROFILE presult = pthread_cond_timedwait(c, &m->mutex, &ts); #else presult = pthread_cond_timedwait(c, m, &ts); #endif if (presult == 0) return (ISC_R_SUCCESS); if (presult == ETIMEDOUT) return (ISC_R_TIMEDOUT); } while (presult == EINTR); isc__strerror(presult, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, "pthread_cond_timedwait() %s %s", isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, ISC_MSG_RETURNED, "returned"), strbuf); return (ISC_R_UNEXPECTED); }
static void try_ipv6pktinfo(void) { SOCKET s; int on; char strbuf[ISC_STRERRORSIZE]; isc_result_t result; int optname; result = isc_net_probeipv6(); if (result != ISC_R_SUCCESS) { ipv6pktinfo_result = result; return; } /* we only use this for UDP sockets */ s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_UDP); if (s == INVALID_SOCKET) { isc__strerror(errno, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, "socket() %s: %s", isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, ISC_MSG_FAILED, "failed"), strbuf); ipv6pktinfo_result = ISC_R_UNEXPECTED; return; } #ifdef IPV6_RECVPKTINFO optname = IPV6_RECVPKTINFO; #else optname = IPV6_PKTINFO; #endif on = 1; if (setsockopt(s, IPPROTO_IPV6, optname, (const char *) &on, sizeof(on)) < 0) { ipv6pktinfo_result = ISC_R_NOTFOUND; goto close; } ipv6pktinfo_result = ISC_R_SUCCESS; close: closesocket(s); return; }
/* * Convert a POSIX errno value into an isc_result_t. The * list of supported errno values is not complete; new users * of this function should add any expected errors that are * not already there. */ isc_result_t isc__errno2result(int posixerrno) { char strbuf[ISC_STRERRORSIZE]; switch (posixerrno) { case ENOTDIR: case WSAELOOP: case WSAEINVAL: case EINVAL: /* XXX sometimes this is not for files */ case ENAMETOOLONG: case WSAENAMETOOLONG: case EBADF: case WSAEBADF: return (ISC_R_INVALIDFILE); case ENOENT: return (ISC_R_FILENOTFOUND); case EACCES: case WSAEACCES: case EPERM: return (ISC_R_NOPERM); case EEXIST: return (ISC_R_FILEEXISTS); case EIO: return (ISC_R_IOERROR); case ENOMEM: return (ISC_R_NOMEMORY); case ENFILE: case EMFILE: case WSAEMFILE: return (ISC_R_TOOMANYOPENFILES); default: isc__strerror(posixerrno, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, "unable to convert errno " "to isc_result: %d: %s", posixerrno, strbuf); /* * XXXDCL would be nice if perhaps this function could * return the system's error string, so the caller * might have something more descriptive than "unexpected * error" to log with. */ return (ISC_R_UNEXPECTED); } }
static void linux_keepcaps(void) { char strbuf[ISC_STRERRORSIZE]; /*% * Ask the kernel to allow us to keep our capabilities after we * setuid(). */ if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0) { if (errno != EINVAL) { isc__strerror(errno, strbuf, sizeof(strbuf)); ns_main_earlyfatal("prctl() failed: %s", strbuf); } } else { non_root_caps = ISC_TRUE; if (getuid() != 0) non_root = ISC_TRUE; } }
ISC_APPFUNC_SCOPE isc_result_t isc__app_ctxstart(isc_appctx_t *ctx0) { isc__appctx_t *ctx = (isc__appctx_t *)ctx0; isc_result_t result; REQUIRE(VALID_APPCTX(ctx)); /* * Start an ISC library application. */ #ifdef NEED_PTHREAD_INIT /* * BSDI 3.1 seg faults in pthread_sigmask() if we don't do this. */ presult = pthread_init(); if (presult != 0) { isc__strerror(presult, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, "isc_app_start() pthread_init: %s", strbuf); return (ISC_R_UNEXPECTED); } #endif #ifdef HAVE_LINUXTHREADS main_thread = pthread_self(); #endif result = isc_mutex_init(&ctx->lock); if (result != ISC_R_SUCCESS) return (result); ISC_LIST_INIT(ctx->on_run); ctx->shutdown_requested = ISC_FALSE; ctx->running = ISC_FALSE; ctx->want_shutdown = ISC_FALSE; ctx->want_reload = ISC_FALSE; ctx->blocked = ISC_FALSE; return (ISC_R_SUCCESS); }
isc_result_t isc_time_now(isc_time_t *t) { struct timeval tv; char strbuf[ISC_STRERRORSIZE]; REQUIRE(t != NULL); if (gettimeofday(&tv, NULL) == -1) { isc__strerror(errno, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, "%s", strbuf); return (ISC_R_UNEXPECTED); } /* * Does POSIX guarantee the signedness of tv_sec and tv_usec? If not, * then this test will generate warnings for platforms on which it is * unsigned. In any event, the chances of any of these problems * happening are pretty much zero, but since the libisc library ensures * certain things to be true ... */ #if ISC_FIX_TV_USEC fix_tv_usec(&tv); if (tv.tv_sec < 0) return (ISC_R_UNEXPECTED); #else if (tv.tv_sec < 0 || tv.tv_usec < 0 || tv.tv_usec >= US_PER_S) return (ISC_R_UNEXPECTED); #endif /* * Ensure the tv_sec value fits in t->seconds. */ if (sizeof(tv.tv_sec) > sizeof(t->seconds) && ((tv.tv_sec | (unsigned int)-1) ^ (unsigned int)-1) != 0U) return (ISC_R_RANGE); t->seconds = tv.tv_sec; t->nanoseconds = tv.tv_usec * NS_PER_US; return (ISC_R_SUCCESS); }
static isc_result_t handle_signal(int sig, void (*handler)(int)) { struct sigaction sa; char strbuf[ISC_STRERRORSIZE]; memset(&sa, 0, sizeof(sa)); sa.sa_handler = handler; if (sigfillset(&sa.sa_mask) != 0 || sigaction(sig, &sa, NULL) < 0) { isc__strerror(errno, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, isc_msgcat_get(isc_msgcat, ISC_MSGSET_APP, ISC_MSG_SIGNALSETUP, "handle_signal() %d setup: %s"), sig, strbuf); return (ISC_R_UNEXPECTED); } return (ISC_R_SUCCESS); }
/* * Make a fd non-blocking */ static isc_result_t make_nonblock(int fd) { int ret; int flags; char strbuf[ISC_STRERRORSIZE]; flags = fcntl(fd, F_GETFL, 0); flags |= O_NONBLOCK; ret = fcntl(fd, F_SETFL, flags); if (ret == -1) { isc__strerror(errno, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, "fcntl(%d, F_SETFL, %d): %s", fd, flags, strbuf); return (ISC_R_UNEXPECTED); } return (ISC_R_SUCCESS); }
void ns_os_inituserinfo(const char *username) { char strbuf[ISC_STRERRORSIZE]; if (username == NULL) return; if (all_digits(username)) runas_pw = getpwuid((uid_t)atoi(username)); else runas_pw = getpwnam(username); endpwent(); if (runas_pw == NULL) ns_main_earlyfatal("user '%s' unknown", username); if (getuid() == 0) { if (initgroups(runas_pw->pw_name, runas_pw->pw_gid) < 0) { isc__strerror(errno, strbuf, sizeof(strbuf)); ns_main_earlyfatal("initgroups(): %s", strbuf); } } }
static void linux_setcaps(unsigned int caps) { struct __user_cap_header_struct caphead; struct __user_cap_data_struct cap; char strbuf[ISC_STRERRORSIZE]; if ((getuid() != 0 && !non_root_caps) || non_root) return; memset(&caphead, 0, sizeof(caphead)); caphead.version = _LINUX_CAPABILITY_VERSION; caphead.pid = 0; memset(&cap, 0, sizeof(cap)); cap.effective = caps; cap.permitted = caps; cap.inheritable = 0; if (syscall(SYS_capset, &caphead, &cap) < 0) { isc__strerror(errno, strbuf, sizeof(strbuf)); ns_main_earlyfatal("capset failed: %s:" " please ensure that the capset kernel" " module is loaded. see insmod(8)", strbuf); } }
ISC_APPFUNC_SCOPE isc_result_t isc__app_ctxrun(isc_appctx_t *ctx0) { isc__appctx_t *ctx = (isc__appctx_t *)ctx0; int result; isc_event_t *event, *next_event; isc_task_t *task; #ifdef USE_THREADS_SINGLECTX sigset_t sset; char strbuf[ISC_STRERRORSIZE]; #ifdef HAVE_SIGWAIT int sig; #endif #endif /* USE_THREADS_SINGLECTX */ REQUIRE(VALID_APPCTX(ctx)); #ifdef HAVE_LINUXTHREADS REQUIRE(main_thread == pthread_self()); #endif LOCK(&ctx->lock); if (!ctx->running) { ctx->running = ISC_TRUE; /* * Post any on-run events (in FIFO order). */ for (event = ISC_LIST_HEAD(ctx->on_run); event != NULL; event = next_event) { next_event = ISC_LIST_NEXT(event, ev_link); ISC_LIST_UNLINK(ctx->on_run, event, ev_link); task = event->ev_sender; event->ev_sender = NULL; isc_task_sendanddetach(&task, &event); } } UNLOCK(&ctx->lock); #ifndef HAVE_SIGWAIT /* * Catch SIGHUP. * * We do this here to ensure that the signal handler is installed * (i.e. that it wasn't a "one-shot" handler). */ if (ctx == &isc_g_appctx) { result = handle_signal(SIGHUP, reload_action); if (result != ISC_R_SUCCESS) return (ISC_R_SUCCESS); } #endif #ifdef USE_THREADS_SINGLECTX /* * When we are using multiple contexts, we don't rely on signals. */ if (ctx != &isc_g_appctx) return (ISC_R_SUCCESS); /* * There is no danger if isc_app_shutdown() is called before we wait * for signals. Signals are blocked, so any such signal will simply * be made pending and we will get it when we call sigwait(). */ while (!ctx->want_shutdown) { #ifdef HAVE_SIGWAIT /* * Wait for SIGHUP, SIGINT, or SIGTERM. */ if (sigemptyset(&sset) != 0 || sigaddset(&sset, SIGHUP) != 0 || sigaddset(&sset, SIGINT) != 0 || sigaddset(&sset, SIGTERM) != 0) { isc__strerror(errno, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, "isc_app_run() sigsetops: %s", strbuf); return (ISC_R_UNEXPECTED); } #ifndef HAVE_UNIXWARE_SIGWAIT result = sigwait(&sset, &sig); if (result == 0) { if (sig == SIGINT || sig == SIGTERM) ctx->want_shutdown = ISC_TRUE; else if (sig == SIGHUP) ctx->want_reload = ISC_TRUE; } #else /* Using UnixWare sigwait semantics. */ sig = sigwait(&sset); if (sig >= 0) { if (sig == SIGINT || sig == SIGTERM) ctx->want_shutdown = ISC_TRUE; else if (sig == SIGHUP) ctx->want_reload = ISC_TRUE; } #endif /* HAVE_UNIXWARE_SIGWAIT */ #else /* Don't have sigwait(). */ /* * Listen for all signals. */ if (sigemptyset(&sset) != 0) { isc__strerror(errno, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, "isc_app_run() sigsetops: %s", strbuf); return (ISC_R_UNEXPECTED); } result = sigsuspend(&sset); #endif /* HAVE_SIGWAIT */ if (ctx->want_reload) { ctx->want_reload = ISC_FALSE; return (ISC_R_RELOAD); } if (ctx->want_shutdown && ctx->blocked) exit(1); } #else /* USE_THREADS_SINGLECTX */ (void)isc__taskmgr_dispatch(ctx->taskmgr); result = evloop(ctx); if (result != ISC_R_SUCCESS) return (result); #endif /* USE_THREADS_SINGLECTX */ return (ISC_R_SUCCESS); }
static void linux_setcaps(cap_t caps) { #ifndef HAVE_LIBCAP struct __user_cap_header_struct caphead; struct __user_cap_data_struct cap; #endif char strbuf[ISC_STRERRORSIZE]; if ((getuid() != 0 && !non_root_caps) || non_root) return; #ifndef HAVE_LIBCAP memset(&caphead, 0, sizeof(caphead)); caphead.version = _LINUX_CAPABILITY_VERSION; caphead.pid = 0; memset(&cap, 0, sizeof(cap)); cap.effective = caps; cap.permitted = caps; cap.inheritable = 0; #endif #ifdef HAVE_LIBCAP if (cap_set_proc(caps) < 0) { #else if (syscall(SYS_capset, &caphead, &cap) < 0) { #endif isc__strerror(errno, strbuf, sizeof(strbuf)); ns_main_earlyfatal(SETCAPS_FUNC "failed: %s:" " please ensure that the capset kernel" " module is loaded. see insmod(8)", strbuf); } } #ifdef HAVE_LIBCAP #define SET_CAP(flag) \ do { \ capval = (flag); \ cap_flag_value_t curval; \ err = cap_get_flag(curcaps, capval, CAP_PERMITTED, &curval); \ if (err != -1 && curval) { \ err = cap_set_flag(caps, CAP_EFFECTIVE, 1, &capval, CAP_SET); \ if (err == -1) { \ isc__strerror(errno, strbuf, sizeof(strbuf)); \ ns_main_earlyfatal("cap_set_proc failed: %s", strbuf); \ } \ \ err = cap_set_flag(caps, CAP_PERMITTED, 1, &capval, CAP_SET); \ if (err == -1) { \ isc__strerror(errno, strbuf, sizeof(strbuf)); \ ns_main_earlyfatal("cap_set_proc failed: %s", strbuf); \ } \ } \ } while (0) #define INIT_CAP \ do { \ caps = cap_init(); \ if (caps == NULL) { \ isc__strerror(errno, strbuf, sizeof(strbuf)); \ ns_main_earlyfatal("cap_init failed: %s", strbuf); \ } \ curcaps = cap_get_proc(); \ if (curcaps == NULL) { \ isc__strerror(errno, strbuf, sizeof(strbuf)); \ ns_main_earlyfatal("cap_get_proc failed: %s", strbuf); \ } \ } while (0) #define FREE_CAP \ { \ cap_free(caps); \ cap_free(curcaps); \ } while (0) #else #define SET_CAP(flag) do { caps |= (1 << (flag)); } while (0) #define INIT_CAP do { caps = 0; } while (0) #endif /* HAVE_LIBCAP */ static void linux_initialprivs(void) { cap_t caps; #ifdef HAVE_LIBCAP cap_t curcaps; cap_value_t capval; char strbuf[ISC_STRERRORSIZE]; int err; #endif /*% * We don't need most privileges, so we drop them right away. * Later on linux_minprivs() will be called, which will drop our * capabilities to the minimum needed to run the server. */ INIT_CAP; /* * We need to be able to bind() to privileged ports, notably port 53! */ SET_CAP(CAP_NET_BIND_SERVICE); /* * We need chroot() initially too. */ SET_CAP(CAP_SYS_CHROOT); #if defined(HAVE_SYS_PRCTL_H) || !defined(HAVE_LINUXTHREADS) /* * We can setuid() only if either the kernel supports keeping * capabilities after setuid() (which we don't know until we've * tried) or we're not using threads. If either of these is * true, we want the setuid capability. */ SET_CAP(CAP_SETUID); #endif /* * Since we call initgroups, we need this. */ SET_CAP(CAP_SETGID); /* * Without this, we run into problems reading a configuration file * owned by a non-root user and non-world-readable on startup. */ SET_CAP(CAP_DAC_READ_SEARCH); /* * XXX We might want to add CAP_SYS_RESOURCE, though it's not * clear it would work right given the way linuxthreads work. * XXXDCL But since we need to be able to set the maximum number * of files, the stack size, data size, and core dump size to * support named.conf options, this is now being added to test. */ SET_CAP(CAP_SYS_RESOURCE); /* * We need to be able to set the ownership of the containing * directory of the pid file when we create it. */ SET_CAP(CAP_CHOWN); linux_setcaps(caps); #ifdef HAVE_LIBCAP FREE_CAP; #endif }
void ns_os_writepidfile(const char *filename, isc_boolean_t first_time) { int fd; FILE *lockfile; size_t len; pid_t pid; char strbuf[ISC_STRERRORSIZE]; void (*report)(const char *, ...); unsigned int mode; char *slash; int n; /* * The caller must ensure any required synchronization. */ report = first_time ? ns_main_earlyfatal : ns_main_earlywarning; cleanup_pidfile(); if (filename == NULL) return; len = strlen(filename); pidfile = malloc(len + 1); if (pidfile == NULL) { isc__strerror(errno, strbuf, sizeof(strbuf)); (*report)("couldn't malloc '%s': %s", filename, strbuf); return; } /* This is safe. */ strcpy(pidfile, filename); /* * Make the containing directory if it doesn't exist. */ slash = strrchr(pidfile, '/'); if (slash != NULL && slash != pidfile) { *slash = '\0'; mode = S_IRUSR | S_IWUSR | S_IXUSR; /* u=rwx */ mode |= S_IRGRP | S_IXGRP; /* g=rx */ mode |= S_IROTH | S_IXOTH; /* o=rx */ n = mkdir(pidfile, mode); if (n == -1 && errno != EEXIST) { isc__strerror(errno, strbuf, sizeof(strbuf)); (*report)("couldn't mkdir %s': %s", filename, strbuf); free(pidfile); pidfile = NULL; return; } *slash = '/'; } fd = safe_open(filename, ISC_FALSE); if (fd < 0) { isc__strerror(errno, strbuf, sizeof(strbuf)); (*report)("couldn't open pid file '%s': %s", filename, strbuf); free(pidfile); pidfile = NULL; return; } lockfile = fdopen(fd, "w"); if (lockfile == NULL) { isc__strerror(errno, strbuf, sizeof(strbuf)); (*report)("could not fdopen() pid file '%s': %s", filename, strbuf); (void)close(fd); cleanup_pidfile(); return; } #ifdef HAVE_LINUXTHREADS pid = mainpid; #else pid = getpid(); #endif if (fprintf(lockfile, "%ld\n", (long)pid) < 0) { (*report)("fprintf() to pid file '%s' failed", filename); (void)fclose(lockfile); cleanup_pidfile(); return; } if (fflush(lockfile) == EOF) { (*report)("fflush() to pid file '%s' failed", filename); (void)fclose(lockfile); cleanup_pidfile(); return; } (void)fclose(lockfile); }
ISC_APPFUNC_SCOPE isc_result_t isc__app_start(void) { isc_result_t result; int presult; sigset_t sset; char strbuf[ISC_STRERRORSIZE]; isc_g_appctx.common.impmagic = APPCTX_MAGIC; isc_g_appctx.common.magic = ISCAPI_APPCTX_MAGIC; isc_g_appctx.common.methods = &appmethods.methods; isc_g_appctx.mctx = NULL; /* The remaining members will be initialized in ctxstart() */ result = isc__app_ctxstart((isc_appctx_t *)&isc_g_appctx); if (result != ISC_R_SUCCESS) return (result); #ifndef HAVE_SIGWAIT /* * Install do-nothing handlers for SIGINT and SIGTERM. * * We install them now because BSDI 3.1 won't block * the default actions, regardless of what we do with * pthread_sigmask(). */ result = handle_signal(SIGINT, exit_action); if (result != ISC_R_SUCCESS) return (result); result = handle_signal(SIGTERM, exit_action); if (result != ISC_R_SUCCESS) return (result); #endif /* * Always ignore SIGPIPE. */ result = handle_signal(SIGPIPE, SIG_IGN); if (result != ISC_R_SUCCESS) return (result); /* * On Solaris 2, delivery of a signal whose action is SIG_IGN * will not cause sigwait() to return. We may have inherited * unexpected actions for SIGHUP, SIGINT, and SIGTERM from our parent * process (e.g, Solaris cron). Set an action of SIG_DFL to make * sure sigwait() works as expected. Only do this for SIGTERM and * SIGINT if we don't have sigwait(), since a different handler is * installed above. */ result = handle_signal(SIGHUP, SIG_DFL); if (result != ISC_R_SUCCESS) return (result); #ifdef HAVE_SIGWAIT result = handle_signal(SIGTERM, SIG_DFL); if (result != ISC_R_SUCCESS) return (result); result = handle_signal(SIGINT, SIG_DFL); if (result != ISC_R_SUCCESS) return (result); #endif #ifdef ISC_PLATFORM_USETHREADS /* * Block SIGHUP, SIGINT, SIGTERM. * * If isc_app_start() is called from the main thread before any other * threads have been created, then the pthread_sigmask() call below * will result in all threads having SIGHUP, SIGINT and SIGTERM * blocked by default, ensuring that only the thread that calls * sigwait() for them will get those signals. */ if (sigemptyset(&sset) != 0 || sigaddset(&sset, SIGHUP) != 0 || sigaddset(&sset, SIGINT) != 0 || sigaddset(&sset, SIGTERM) != 0) { isc__strerror(errno, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, "isc_app_start() sigsetops: %s", strbuf); return (ISC_R_UNEXPECTED); } presult = pthread_sigmask(SIG_BLOCK, &sset, NULL); if (presult != 0) { isc__strerror(presult, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, "isc_app_start() pthread_sigmask: %s", strbuf); return (ISC_R_UNEXPECTED); } #else /* ISC_PLATFORM_USETHREADS */ /* * Unblock SIGHUP, SIGINT, SIGTERM. * * If we're not using threads, we need to make sure that SIGHUP, * SIGINT and SIGTERM are not inherited as blocked from the parent * process. */ if (sigemptyset(&sset) != 0 || sigaddset(&sset, SIGHUP) != 0 || sigaddset(&sset, SIGINT) != 0 || sigaddset(&sset, SIGTERM) != 0) { isc__strerror(errno, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, "isc_app_start() sigsetops: %s", strbuf); return (ISC_R_UNEXPECTED); } presult = sigprocmask(SIG_UNBLOCK, &sset, NULL); if (presult != 0) { isc__strerror(presult, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, "isc_app_start() sigprocmask: %s", strbuf); return (ISC_R_UNEXPECTED); } #endif /* ISC_PLATFORM_USETHREADS */ return (ISC_R_SUCCESS); }
/* * Convert a POSIX errno value into an isc_result_t. The * list of supported errno values is not complete; new users * of this function should add any expected errors that are * not already there. */ isc_result_t isc__errno2resultx (int posixerrno, const char *file, int line) { char strbuf[ISC_STRERRORSIZE]; switch (posixerrno) { case ENOTDIR: case WSAELOOP: case WSAEINVAL: case EINVAL: /* XXX sometimes this is not for files */ case ENAMETOOLONG: case WSAENAMETOOLONG: case EBADF: case WSAEBADF: return (ISC_R_INVALIDFILE); case ENOENT: return (ISC_R_FILENOTFOUND); case EACCES: case WSAEACCES: case EPERM: return (ISC_R_NOPERM); case EEXIST: return (ISC_R_FILEEXISTS); case EIO: return (ISC_R_IOERROR); case ENOMEM: return (ISC_R_NOMEMORY); case ENFILE: case EMFILE: case WSAEMFILE: return (ISC_R_TOOMANYOPENFILES); case ERROR_CANCELLED: return (ISC_R_CANCELED); case ERROR_CONNECTION_REFUSED: case WSAECONNREFUSED: return (ISC_R_CONNREFUSED); case WSAENOTCONN: case ERROR_CONNECTION_INVALID: return (ISC_R_NOTCONNECTED); case ERROR_HOST_UNREACHABLE: case WSAEHOSTUNREACH: return (ISC_R_HOSTUNREACH); case ERROR_NETWORK_UNREACHABLE: case WSAENETUNREACH: return (ISC_R_NETUNREACH); case ERROR_NO_NETWORK: return (ISC_R_NETUNREACH); case ERROR_PORT_UNREACHABLE: return (ISC_R_HOSTUNREACH); case ERROR_SEM_TIMEOUT: return (ISC_R_TIMEDOUT); case WSAECONNRESET: case WSAENETRESET: case WSAECONNABORTED: case WSAEDISCON: case ERROR_OPERATION_ABORTED: case ERROR_CONNECTION_ABORTED: case ERROR_REQUEST_ABORTED: return (ISC_R_CONNECTIONRESET); case WSAEADDRNOTAVAIL: return (ISC_R_ADDRNOTAVAIL); case ERROR_NETNAME_DELETED: case WSAENETDOWN: return (ISC_R_NETUNREACH); case WSAEHOSTDOWN: return (ISC_R_HOSTUNREACH); case WSAENOBUFS: return (ISC_R_NORESOURCES); default: isc__strerror (posixerrno, strbuf, sizeof (strbuf)); UNEXPECTED_ERROR (file, line, "unable to convert errno " "to isc_result: %d: %s", posixerrno, strbuf); /* * XXXDCL would be nice if perhaps this function could * return the system's error string, so the caller * might have something more descriptive than "unexpected * error" to log with. */ return (ISC_R_UNEXPECTED); } }
FILE * ns_os_openfile(const char *filename, mode_t mode, isc_boolean_t switch_user) { char strbuf[ISC_STRERRORSIZE], *f; FILE *fp; int fd; /* * Make the containing directory if it doesn't exist. */ f = strdup(filename); if (f == NULL) { isc__strerror(errno, strbuf, sizeof(strbuf)); ns_main_earlywarning("couldn't strdup() '%s': %s", filename, strbuf); return (NULL); } if (mkdirpath(f, ns_main_earlywarning) == -1) { free(f); return (NULL); } free(f); if (switch_user && runas_pw != NULL) { #ifndef HAVE_LINUXTHREADS gid_t oldgid = getgid(); #endif /* Set UID/GID to the one we'll be running with eventually */ setperms(runas_pw->pw_uid, runas_pw->pw_gid); fd = safe_open(filename, mode, ISC_FALSE); #ifndef HAVE_LINUXTHREADS /* Restore UID/GID to root */ setperms(0, oldgid); #endif /* HAVE_LINUXTHREADS */ if (fd == -1) { #ifndef HAVE_LINUXTHREADS fd = safe_open(filename, mode, ISC_FALSE); if (fd != -1) { ns_main_earlywarning("Required root " "permissions to open " "'%s'.", filename); } else { ns_main_earlywarning("Could not open " "'%s'.", filename); } ns_main_earlywarning("Please check file and " "directory permissions " "or reconfigure the filename."); #else /* HAVE_LINUXTHREADS */ ns_main_earlywarning("Could not open " "'%s'.", filename); ns_main_earlywarning("Please check file and " "directory permissions " "or reconfigure the filename."); #endif /* HAVE_LINUXTHREADS */ } } else { fd = safe_open(filename, mode, ISC_FALSE); } if (fd < 0) { isc__strerror(errno, strbuf, sizeof(strbuf)); ns_main_earlywarning("could not open file '%s': %s", filename, strbuf); return (NULL); } fp = fdopen(fd, "w"); if (fp == NULL) { isc__strerror(errno, strbuf, sizeof(strbuf)); ns_main_earlywarning("could not fdopen() file '%s': %s", filename, strbuf); } return (fp); }
void ns_os_writepidfile(const char *filename, isc_boolean_t first_time) { int fd; FILE *lockfile; size_t len; pid_t pid; char strbuf[ISC_STRERRORSIZE]; void (*report)(const char *, ...); /* * The caller must ensure any required synchronization. */ report = first_time ? ns_main_earlyfatal : ns_main_earlywarning; cleanup_pidfile(); if (filename == NULL) return; len = strlen(filename); pidfile = malloc(len + 1); if (pidfile == NULL) { isc__strerror(errno, strbuf, sizeof(strbuf)); (*report)("couldn't malloc '%s': %s", filename, strbuf); return; } /* This is safe. */ strcpy(pidfile, filename); fd = safe_open(filename, ISC_FALSE); if (fd < 0) { isc__strerror(errno, strbuf, sizeof(strbuf)); (*report)("couldn't open pid file '%s': %s", filename, strbuf); free(pidfile); pidfile = NULL; return; } lockfile = fdopen(fd, "w"); if (lockfile == NULL) { isc__strerror(errno, strbuf, sizeof(strbuf)); (*report)("could not fdopen() pid file '%s': %s", filename, strbuf); (void)close(fd); cleanup_pidfile(); return; } pid = getpid(); if (fprintf(lockfile, "%ld\n", (long)pid) < 0) { (*report)("fprintf() to pid file '%s' failed", filename); (void)fclose(lockfile); cleanup_pidfile(); return; } if (fflush(lockfile) == EOF) { (*report)("fflush() to pid file '%s' failed", filename); (void)fclose(lockfile); cleanup_pidfile(); return; } (void)fclose(lockfile); }
void ns_os_daemonize(void) { pid_t pid; char strbuf[ISC_STRERRORSIZE]; if (pipe(dfd) == -1) { isc__strerror(errno, strbuf, sizeof(strbuf)); ns_main_earlyfatal("pipe(): %s", strbuf); } pid = fork(); if (pid == -1) { isc__strerror(errno, strbuf, sizeof(strbuf)); ns_main_earlyfatal("fork(): %s", strbuf); } if (pid != 0) { int n; /* * Wait for the child to finish loading for the first time. * This would be so much simpler if fork() worked once we * were multi-threaded. */ (void)close(dfd[1]); do { char buf; n = read(dfd[0], &buf, 1); if (n == 1) _exit(0); } while (n == -1 && errno == EINTR); _exit(1); } (void)close(dfd[0]); /* * We're the child. */ #ifdef HAVE_LINUXTHREADS mainpid = getpid(); #endif if (setsid() == -1) { isc__strerror(errno, strbuf, sizeof(strbuf)); ns_main_earlyfatal("setsid(): %s", strbuf); } /* * Try to set stdin, stdout, and stderr to /dev/null, but press * on even if it fails. * * XXXMLG The close() calls here are unneeded on all but NetBSD, but * are harmless to include everywhere. dup2() is supposed to close * the FD if it is in use, but unproven-pthreads-0.16 is broken * and will end up closing the wrong FD. This will be fixed eventually, * and these calls will be removed. */ if (devnullfd != -1) { if (devnullfd != STDIN_FILENO) { (void)close(STDIN_FILENO); (void)dup2(devnullfd, STDIN_FILENO); } if (devnullfd != STDOUT_FILENO) { (void)close(STDOUT_FILENO); (void)dup2(devnullfd, STDOUT_FILENO); } if (devnullfd != STDERR_FILENO) { (void)close(STDERR_FILENO); (void)dup2(devnullfd, STDERR_FILENO); } } }
static void try_ipv6only(void) { #ifdef IPV6_V6ONLY SOCKET s; int on; char strbuf[ISC_STRERRORSIZE]; #endif isc_result_t result; result = isc_net_probeipv6(); if (result != ISC_R_SUCCESS) { ipv6only_result = result; return; } #ifndef IPV6_V6ONLY ipv6only_result = ISC_R_NOTFOUND; return; #else /* check for TCP sockets */ s = socket(PF_INET6, SOCK_STREAM, 0); if (s == INVALID_SOCKET) { isc__strerror(errno, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, "socket() %s: %s", isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, ISC_MSG_FAILED, "failed"), strbuf); ipv6only_result = ISC_R_UNEXPECTED; return; } on = 1; if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (const char *)&on, sizeof(on)) < 0) { ipv6only_result = ISC_R_NOTFOUND; goto close; } closesocket(s); /* check for UDP sockets */ s = socket(PF_INET6, SOCK_DGRAM, 0); if (s == INVALID_SOCKET) { isc__strerror(errno, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, "socket() %s: %s", isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, ISC_MSG_FAILED, "failed"), strbuf); ipv6only_result = ISC_R_UNEXPECTED; return; } on = 1; if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (const char *)&on, sizeof(on)) < 0) { ipv6only_result = ISC_R_NOTFOUND; goto close; } ipv6only_result = ISC_R_SUCCESS; close: closesocket(s); return; #endif /* IPV6_V6ONLY */ }