void ns_os_inituserinfo (const char *username)
{
char strbuf[ISC_STRERRORSIZE];
if (username == NULL)
return;
if (all_digits (username))
runas_pw = getpwuid ((uid_t) atoi (username));
else
runas_pw = getpwnam (username);
endpwent ();
if (runas_pw == NULL)
ns_main_earlyfatal ("user '%s' unknown", username);
if (getuid () == 0)
{
if (initgroups (runas_pw->pw_name, runas_pw->pw_gid) < 0)
{
isc__strerror (errno, strbuf, sizeof (strbuf));
ns_main_earlyfatal ("initgroups(): %s", strbuf);
}
}
}
void
ns_os_chroot(const char *root) {
char strbuf[ISC_STRERRORSIZE];
#ifdef HAVE_LIBSCF
ns_smf_chroot = 0;
#endif
if (root != NULL) {
#ifdef HAVE_CHROOT
if (chroot(root) < 0) {
isc__strerror(errno, strbuf, sizeof(strbuf));
ns_main_earlyfatal("chroot(): %s", strbuf);
}
#else
ns_main_earlyfatal("chroot(): disabled");
#endif
if (chdir("/") < 0) {
isc__strerror(errno, strbuf, sizeof(strbuf));
ns_main_earlyfatal("chdir(/): %s", strbuf);
}
#ifdef HAVE_LIBSCF
/* Set ns_smf_chroot flag on successful chroot. */
ns_smf_chroot = 1;
#endif
}
}
static int
parse_int(char *arg, const char *desc) {
char *endp;
int tmp;
long int ltmp;
ltmp = strtol(arg, &endp, 10);
tmp = (int) ltmp;
if (*endp != '\0')
ns_main_earlyfatal("%s '%s' must be numeric", desc, arg);
if (tmp < 0 || tmp != ltmp)
ns_main_earlyfatal("%s '%s' out of range", desc, arg);
return (tmp);
}
static void
set_flags(const char *arg, struct flag_def *defs, unsigned int *ret) {
isc_boolean_t clear = ISC_FALSE;
for (;;) {
const struct flag_def *def;
const char *end = strchr(arg, ',');
int arglen;
if (end == NULL)
end = arg + strlen(arg);
arglen = (int)(end - arg);
for (def = defs; def->name != NULL; def++) {
if (arglen == (int)strlen(def->name) &&
memcmp(arg, def->name, arglen) == 0) {
if (def->value == 0)
clear = ISC_TRUE;
*ret |= def->value;
goto found;
}
}
ns_main_earlyfatal("unrecognized flag '%.*s'", arglen, arg);
found:
if (clear || (*end == '\0'))
break;
arg = end + 1;
}
if (clear)
*ret = 0;
}
void ns_os_changeuser (void)
{
char strbuf[ISC_STRERRORSIZE];
if (runas_pw == NULL || done_setuid)
return;
done_setuid = ISC_TRUE;
#ifdef HAVE_LINUXTHREADS
#ifdef HAVE_LINUX_CAPABILITY_H
if (!non_root_caps)
ns_main_earlyfatal ("-u with Linux threads not supported: "
"requires kernel support for " "prctl(PR_SET_KEEPCAPS)");
#else
ns_main_earlyfatal ("-u with Linux threads not supported: "
"no capabilities support or capabilities " "disabled at build time");
#endif
#endif
if (setgid (runas_pw->pw_gid) < 0)
{
isc__strerror (errno, strbuf, sizeof (strbuf));
ns_main_earlyfatal ("setgid(): %s", strbuf);
}
if (setuid (runas_pw->pw_uid) < 0)
{
isc__strerror (errno, strbuf, sizeof (strbuf));
ns_main_earlyfatal ("setuid(): %s", strbuf);
}
#if defined(HAVE_SYS_PRCTL_H) && defined(PR_SET_DUMPABLE)
/*
* Restore the ability of named to drop core after the setuid()
* call has disabled it.
*/
if (prctl (PR_SET_DUMPABLE, 1, 0, 0, 0) < 0)
{
isc__strerror (errno, strbuf, sizeof (strbuf));
ns_main_earlywarning ("prctl(PR_SET_DUMPABLE) failed: %s", strbuf);
}
#endif
#if defined(HAVE_LINUX_CAPABILITY_H) && !defined(HAVE_LINUXTHREADS)
linux_minprivs ();
#endif
}
isc_boolean_t
ns_os_issingleton(const char *filename) {
char strbuf[ISC_STRERRORSIZE];
struct flock lock;
if (singletonfd != -1)
return (ISC_TRUE);
if (strcasecmp(filename, "none") == 0)
return (ISC_TRUE);
/*
* Make the containing directory if it doesn't exist.
*/
lockfile = strdup(filename);
if (lockfile == NULL) {
isc__strerror(errno, strbuf, sizeof(strbuf));
ns_main_earlyfatal("couldn't allocate memory for '%s': %s",
filename, strbuf);
} else {
int ret = mkdirpath(lockfile, ns_main_earlywarning);
if (ret == -1) {
ns_main_earlywarning("couldn't create '%s'", filename);
cleanup_lockfile();
return (ISC_FALSE);
}
}
/*
* ns_os_openfile() uses safeopen() which removes any existing
* files. We can't use that here.
*/
singletonfd = open(filename, O_WRONLY | O_CREAT,
S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
if (singletonfd == -1) {
cleanup_lockfile();
return (ISC_FALSE);
}
memset(&lock, 0, sizeof(lock));
lock.l_type = F_WRLCK;
lock.l_whence = SEEK_SET;
lock.l_start = 0;
lock.l_len = 1;
/* Non-blocking (does not wait for lock) */
if (fcntl(singletonfd, F_SETLK, &lock) == -1) {
close(singletonfd);
singletonfd = -1;
return (ISC_FALSE);
}
return (ISC_TRUE);
}
void
ns_os_started(void) {
char buf = 0;
/*
* Signal to the parent that we started successfully.
*/
if (dfd[0] != -1 && dfd[1] != -1) {
if (write(dfd[1], &buf, 1) != 1)
ns_main_earlyfatal("unable to signal parent that we "
"otherwise started successfully.");
close(dfd[1]);
dfd[0] = dfd[1] = -1;
}
}
/*
* Initialize the Service by registering it.
*/
void
ntservice_init(void) {
if (!foreground) {
/* Register handler with the SCM */
hServiceStatus = RegisterServiceCtrlHandler(BIND_SERVICE_NAME,
(LPHANDLER_FUNCTION)ServiceControl);
if (!hServiceStatus) {
ns_main_earlyfatal(
"could not register service control handler");
UpdateSCM(SERVICE_STOPPED);
exit(1);
}
UpdateSCM(SERVICE_RUNNING);
} else {
strcpy(ConsoleTitle, "BIND Version ");
strcat(ConsoleTitle, VERSION);
SetConsoleTitle(ConsoleTitle);
}
}
static void
linux_keepcaps(void) {
char strbuf[ISC_STRERRORSIZE];
/*%
* Ask the kernel to allow us to keep our capabilities after we
* setuid().
*/
if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0) {
if (errno != EINVAL) {
isc__strerror(errno, strbuf, sizeof(strbuf));
ns_main_earlyfatal("prctl() failed: %s", strbuf);
}
} else {
non_root_caps = ISC_TRUE;
if (getuid() != 0)
non_root = ISC_TRUE;
}
}
static void
linux_setcaps(unsigned int caps) {
struct __user_cap_header_struct caphead;
struct __user_cap_data_struct cap;
char strbuf[ISC_STRERRORSIZE];
if ((getuid() != 0 && !non_root_caps) || non_root)
return;
memset(&caphead, 0, sizeof(caphead));
caphead.version = _LINUX_CAPABILITY_VERSION;
caphead.pid = 0;
memset(&cap, 0, sizeof(cap));
cap.effective = caps;
cap.permitted = caps;
cap.inheritable = 0;
if (syscall(SYS_capset, &caphead, &cap) < 0) {
isc__strerror(errno, strbuf, sizeof(strbuf));
ns_main_earlyfatal("capset failed: %s:"
" please ensure that the capset kernel"
" module is loaded. see insmod(8)",
strbuf);
}
}
static void
setup(void) {
isc_result_t result;
isc_resourcevalue_t old_openfiles;
#ifdef HAVE_LIBSCF
char *instance = NULL;
#endif
/*
* Get the user and group information before changing the root
* directory, so the administrator does not need to keep a copy
* of the user and group databases in the chroot'ed environment.
*/
ns_os_inituserinfo(ns_g_username);
/*
* Initialize time conversion information
*/
ns_os_tzset();
ns_os_opendevnull();
#ifdef HAVE_LIBSCF
/* Check if named is under smf control, before chroot. */
result = ns_smf_get_instance(&instance, 0, ns_g_mctx);
/* We don't care about instance, just check if we got one. */
if (result == ISC_R_SUCCESS)
ns_smf_got_instance = 1;
else
ns_smf_got_instance = 0;
if (instance != NULL)
isc_mem_free(ns_g_mctx, instance);
#endif /* HAVE_LIBSCF */
#ifdef PATH_RANDOMDEV
/*
* Initialize system's random device as fallback entropy source
* if running chroot'ed.
*/
if (ns_g_chrootdir != NULL) {
result = isc_entropy_create(ns_g_mctx, &ns_g_fallbackentropy);
if (result != ISC_R_SUCCESS)
ns_main_earlyfatal("isc_entropy_create() failed: %s",
isc_result_totext(result));
result = isc_entropy_createfilesource(ns_g_fallbackentropy,
PATH_RANDOMDEV);
if (result != ISC_R_SUCCESS) {
ns_main_earlywarning("could not open pre-chroot "
"entropy source %s: %s",
PATH_RANDOMDEV,
isc_result_totext(result));
isc_entropy_detach(&ns_g_fallbackentropy);
}
}
#endif
#ifdef ISC_PLATFORM_USETHREADS
/*
* Check for the number of cpu's before ns_os_chroot().
*/
ns_g_cpus_detected = isc_os_ncpus();
#endif
ns_os_chroot(ns_g_chrootdir);
/*
* For operating systems which have a capability mechanism, now
* is the time to switch to minimal privs and change our user id.
* On traditional UNIX systems, this call will be a no-op, and we
* will change the user ID after reading the config file the first
* time. (We need to read the config file to know which possibly
* privileged ports to bind() to.)
*/
ns_os_minprivs();
result = ns_log_init(ISC_TF(ns_g_username != NULL));
if (result != ISC_R_SUCCESS)
ns_main_earlyfatal("ns_log_init() failed: %s",
isc_result_totext(result));
/*
* Now is the time to daemonize (if we're not running in the
* foreground). We waited until now because we wanted to get
* a valid logging context setup. We cannot daemonize any later,
* because calling create_managers() will create threads, which
* would be lost after fork().
*/
if (!ns_g_foreground)
ns_os_daemonize();
/*
* We call isc_app_start() here as some versions of FreeBSD's fork()
* destroys all the signal handling it sets up.
*/
result = isc_app_start();
if (result != ISC_R_SUCCESS)
ns_main_earlyfatal("isc_app_start() failed: %s",
isc_result_totext(result));
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
ISC_LOG_NOTICE, "starting %s %s%s%s <id:%s>%s",
ns_g_product, ns_g_version,
*ns_g_description ? " " : "", ns_g_description,
ns_g_srcid, saved_command_line);
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
ISC_LOG_NOTICE, "running on %s", ns_os_uname());
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
ISC_LOG_NOTICE, "built with %s", ns_g_configargs);
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
ISC_LOG_NOTICE,
"----------------------------------------------------");
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
ISC_LOG_NOTICE,
"BIND 9 is maintained by Internet Systems Consortium,");
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
ISC_LOG_NOTICE,
"Inc. (ISC), a non-profit 501(c)(3) public-benefit ");
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
ISC_LOG_NOTICE,
"corporation. Support and training for BIND 9 are ");
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
ISC_LOG_NOTICE,
"available at https://www.isc.org/support");
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
ISC_LOG_NOTICE,
"----------------------------------------------------");
dump_symboltable();
/*
* Get the initial resource limits.
*/
(void)isc_resource_getlimit(isc_resource_stacksize,
&ns_g_initstacksize);
(void)isc_resource_getlimit(isc_resource_datasize,
&ns_g_initdatasize);
(void)isc_resource_getlimit(isc_resource_coresize,
&ns_g_initcoresize);
(void)isc_resource_getlimit(isc_resource_openfiles,
&ns_g_initopenfiles);
/*
* System resources cannot effectively be tuned on some systems.
* Raise the limit in such cases for safety.
*/
old_openfiles = ns_g_initopenfiles;
ns_os_adjustnofile();
(void)isc_resource_getlimit(isc_resource_openfiles,
&ns_g_initopenfiles);
if (old_openfiles != ns_g_initopenfiles) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_MAIN, ISC_LOG_NOTICE,
"adjusted limit on open files from "
"%" ISC_PRINT_QUADFORMAT "u to "
"%" ISC_PRINT_QUADFORMAT "u",
old_openfiles, ns_g_initopenfiles);
}
/*
* If the named configuration filename is relative, prepend the current
* directory's name before possibly changing to another directory.
*/
if (! isc_file_isabsolute(ns_g_conffile)) {
result = isc_file_absolutepath(ns_g_conffile,
absolute_conffile,
sizeof(absolute_conffile));
if (result != ISC_R_SUCCESS)
ns_main_earlyfatal("could not construct absolute path "
"of configuration file: %s",
isc_result_totext(result));
ns_g_conffile = absolute_conffile;
}
/*
* Record the server's startup time.
*/
result = isc_time_now(&ns_g_boottime);
if (result != ISC_R_SUCCESS)
ns_main_earlyfatal("isc_time_now() failed: %s",
isc_result_totext(result));
result = create_managers();
if (result != ISC_R_SUCCESS)
ns_main_earlyfatal("create_managers() failed: %s",
isc_result_totext(result));
ns_builtin_init();
/*
* Add calls to register sdb drivers here.
*/
/* xxdb_init(); */
#ifdef ISC_DLZ_DLOPEN
/*
* Register the DLZ "dlopen" driver.
*/
result = dlz_dlopen_init(ns_g_mctx);
if (result != ISC_R_SUCCESS)
ns_main_earlyfatal("dlz_dlopen_init() failed: %s",
isc_result_totext(result));
#endif
#if CONTRIB_DLZ
/*
* Register any other contributed DLZ drivers.
*/
result = dlz_drivers_init();
if (result != ISC_R_SUCCESS)
ns_main_earlyfatal("dlz_drivers_init() failed: %s",
isc_result_totext(result));
#endif
ns_server_create(ns_g_mctx, &ns_g_server);
#ifdef HAVE_LIBSECCOMP
setup_seccomp();
#endif /* HAVE_LIBSECCOMP */
}
static void
parse_command_line(int argc, char *argv[]) {
int ch;
int port;
const char *p;
save_command_line(argc, argv);
/*
* NS_MAIN_ARGS is defined in main.h, so that it can be used
* both by named and by ntservice hooks.
*/
isc_commandline_errprint = ISC_FALSE;
while ((ch = isc_commandline_parse(argc, argv, NS_MAIN_ARGS)) != -1) {
switch (ch) {
case '4':
if (ns_g_disable4)
ns_main_earlyfatal("cannot specify -4 and -6");
if (isc_net_probeipv4() != ISC_R_SUCCESS)
ns_main_earlyfatal("IPv4 not supported by OS");
isc_net_disableipv6();
ns_g_disable6 = ISC_TRUE;
break;
case '6':
if (ns_g_disable6)
ns_main_earlyfatal("cannot specify -4 and -6");
if (isc_net_probeipv6() != ISC_R_SUCCESS)
ns_main_earlyfatal("IPv6 not supported by OS");
isc_net_disableipv4();
ns_g_disable4 = ISC_TRUE;
break;
case 'c':
ns_g_conffile = isc_commandline_argument;
lwresd_g_conffile = isc_commandline_argument;
if (lwresd_g_useresolvconf)
ns_main_earlyfatal("cannot specify -c and -C");
ns_g_conffileset = ISC_TRUE;
break;
case 'C':
lwresd_g_resolvconffile = isc_commandline_argument;
if (ns_g_conffileset)
ns_main_earlyfatal("cannot specify -c and -C");
lwresd_g_useresolvconf = ISC_TRUE;
break;
case 'd':
ns_g_debuglevel = parse_int(isc_commandline_argument,
"debug level");
break;
case 'D':
/* Descriptive comment for 'ps'. */
break;
case 'E':
ns_g_engine = isc_commandline_argument;
break;
case 'f':
ns_g_foreground = ISC_TRUE;
break;
case 'g':
ns_g_foreground = ISC_TRUE;
ns_g_logstderr = ISC_TRUE;
break;
/* XXXBEW -i should be removed */
case 'i':
lwresd_g_defaultpidfile = isc_commandline_argument;
break;
case 'l':
ns_g_lwresdonly = ISC_TRUE;
break;
case 'M':
if (strcmp(isc_commandline_argument, "external") == 0)
isc_mem_defaultflags = 0;
break;
case 'm':
set_flags(isc_commandline_argument, mem_debug_flags,
&isc_mem_debugging);
break;
case 'N': /* Deprecated. */
case 'n':
ns_g_cpus = parse_int(isc_commandline_argument,
"number of cpus");
if (ns_g_cpus == 0)
ns_g_cpus = 1;
break;
case 'p':
port = parse_int(isc_commandline_argument, "port");
if (port < 1 || port > 65535)
ns_main_earlyfatal("port '%s' out of range",
isc_commandline_argument);
ns_g_port = port;
break;
/* XXXBEW Should -P be removed? */
case 'P':
port = parse_int(isc_commandline_argument, "port");
if (port < 1 || port > 65535)
ns_main_earlyfatal("port '%s' out of range",
isc_commandline_argument);
lwresd_g_listenport = port;
break;
case 's':
/* XXXRTH temporary syntax */
want_stats = ISC_TRUE;
break;
case 'S':
maxsocks = parse_int(isc_commandline_argument,
"max number of sockets");
break;
case 't':
/* XXXJAB should we make a copy? */
ns_g_chrootdir = isc_commandline_argument;
break;
case 'T': /* NOT DOCUMENTED */
/*
* force the server to behave (or misbehave) in
* specified ways for testing purposes.
*
* clienttest: make clients single shot with their
* own memory context.
* delay=xxxx: delay client responses by xxxx ms to
* simulate remote servers.
* dscp=x: check that dscp values are as
* expected and assert otherwise.
*/
if (!strcmp(isc_commandline_argument, "clienttest"))
ns_g_clienttest = ISC_TRUE;
else if (!strcmp(isc_commandline_argument, "nosoa"))
ns_g_nosoa = ISC_TRUE;
else if (!strcmp(isc_commandline_argument, "noaa"))
ns_g_noaa = ISC_TRUE;
else if (!strcmp(isc_commandline_argument, "maxudp512"))
maxudp = 512;
else if (!strcmp(isc_commandline_argument, "maxudp1460"))
maxudp = 1460;
else if (!strcmp(isc_commandline_argument, "dropedns"))
ns_g_dropedns = ISC_TRUE;
else if (!strcmp(isc_commandline_argument, "noedns"))
ns_g_noedns = ISC_TRUE;
else if (!strncmp(isc_commandline_argument,
"maxudp=", 7))
maxudp = atoi(isc_commandline_argument + 7);
else if (!strncmp(isc_commandline_argument,
"delay=", 6))
ns_g_delay = atoi(isc_commandline_argument + 6);
else if (!strcmp(isc_commandline_argument, "nosyslog"))
ns_g_nosyslog = ISC_TRUE;
else if (!strcmp(isc_commandline_argument, "nonearest"))
ns_g_nonearest = ISC_TRUE;
else if (!strncmp(isc_commandline_argument, "dscp=", 5))
isc_dscp_check_value =
atoi(isc_commandline_argument + 5);
else if (!strncmp(isc_commandline_argument,
"mkeytimers=", 11))
{
p = strtok(isc_commandline_argument + 11, "/");
if (p == NULL)
ns_main_earlyfatal("bad mkeytimer");
dns_zone_mkey_hour = atoi(p);
if (dns_zone_mkey_hour == 0)
ns_main_earlyfatal("bad mkeytimer");
p = strtok(NULL, "/");
if (p == NULL) {
dns_zone_mkey_day =
(24 * dns_zone_mkey_hour);
dns_zone_mkey_month =
(30 * dns_zone_mkey_day);
break;
}
dns_zone_mkey_day = atoi(p);
if (dns_zone_mkey_day < dns_zone_mkey_hour)
ns_main_earlyfatal("bad mkeytimer");
p = strtok(NULL, "/");
if (p == NULL) {
dns_zone_mkey_month =
(30 * dns_zone_mkey_day);
break;
}
dns_zone_mkey_month = atoi(p);
if (dns_zone_mkey_month < dns_zone_mkey_day)
ns_main_earlyfatal("bad mkeytimer");
} else if (!strcmp(isc_commandline_argument, "notcp"))
ns_g_notcp = ISC_TRUE;
else
fprintf(stderr, "unknown -T flag '%s\n",
isc_commandline_argument);
break;
case 'U':
ns_g_udpdisp = parse_int(isc_commandline_argument,
"number of UDP listeners "
"per interface");
break;
case 'u':
ns_g_username = isc_commandline_argument;
break;
case 'v':
printf("%s %s%s%s <id:%s>\n",
ns_g_product, ns_g_version,
(*ns_g_description != '\0') ? " " : "",
ns_g_description, ns_g_srcid);
exit(0);
case 'V':
printf("%s %s%s%s <id:%s>\n", ns_g_product, ns_g_version,
(*ns_g_description != '\0') ? " " : "",
ns_g_description, ns_g_srcid);
printf("running on %s\n", ns_os_uname());
printf("built by %s with %s\n",
ns_g_builder, ns_g_configargs);
#ifdef __clang__
printf("compiled by CLANG %s\n", __VERSION__);
#else
#if defined(__ICC) || defined(__INTEL_COMPILER)
printf("compiled by ICC %s\n", __VERSION__);
#else
#ifdef __GNUC__
printf("compiled by GCC %s\n", __VERSION__);
#endif
#endif
#endif
#ifdef _MSC_VER
printf("compiled by MSVC %d\n", _MSC_VER);
#endif
#ifdef __SUNPRO_C
printf("compiled by Solaris Studio %x\n", __SUNPRO_C);
#endif
#ifdef OPENSSL
printf("compiled with OpenSSL version: %s\n",
OPENSSL_VERSION_TEXT);
printf("linked to OpenSSL version: %s\n",
SSLeay_version(SSLEAY_VERSION));
#endif
#ifdef HAVE_LIBXML2
printf("compiled with libxml2 version: %s\n",
LIBXML_DOTTED_VERSION);
printf("linked to libxml2 version: %s\n",
xmlParserVersion);
#endif
#if defined(HAVE_JSON) && defined(JSON_C_VERSION)
printf("compiled with libjson-c version: %s\n",
JSON_C_VERSION);
printf("linked to libjson-c version: %s\n",
json_c_version());
#endif
exit(0);
case 'F':
/* Reserved for FIPS mode */
/* FALLTHROUGH */
case '?':
usage();
if (isc_commandline_option == '?')
exit(0);
p = strchr(NS_MAIN_ARGS, isc_commandline_option);
if (p == NULL || *++p != ':')
ns_main_earlyfatal("unknown option '-%c'",
isc_commandline_option);
else
ns_main_earlyfatal("option '-%c' requires "
"an argument",
isc_commandline_option);
/* FALLTHROUGH */
default:
ns_main_earlyfatal("parsing options returned %d", ch);
}
}
argc -= isc_commandline_index;
argv += isc_commandline_index;
POST(argv);
if (argc > 0) {
usage();
ns_main_earlyfatal("extra command line arguments");
}
}
static void
parse_command_line(int argc, char *argv[]) {
int ch;
int port;
const char *p;
isc_boolean_t disable6 = ISC_FALSE;
isc_boolean_t disable4 = ISC_FALSE;
save_command_line(argc, argv);
/* PLEASE keep options synchronized when main is hooked! */
#define CMDLINE_FLAGS "46c:C:d:D:E:fFgi:lm:n:N:p:P:sS:t:T:U:u:vVx:"
isc_commandline_errprint = ISC_FALSE;
while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
switch (ch) {
case '4':
if (disable4)
ns_main_earlyfatal("cannot specify -4 and -6");
if (isc_net_probeipv4() != ISC_R_SUCCESS)
ns_main_earlyfatal("IPv4 not supported by OS");
isc_net_disableipv6();
disable6 = ISC_TRUE;
break;
case '6':
if (disable6)
ns_main_earlyfatal("cannot specify -4 and -6");
if (isc_net_probeipv6() != ISC_R_SUCCESS)
ns_main_earlyfatal("IPv6 not supported by OS");
isc_net_disableipv4();
disable4 = ISC_TRUE;
break;
case 'c':
ns_g_conffile = isc_commandline_argument;
lwresd_g_conffile = isc_commandline_argument;
if (lwresd_g_useresolvconf)
ns_main_earlyfatal("cannot specify -c and -C");
ns_g_conffileset = ISC_TRUE;
break;
case 'C':
lwresd_g_resolvconffile = isc_commandline_argument;
if (ns_g_conffileset)
ns_main_earlyfatal("cannot specify -c and -C");
lwresd_g_useresolvconf = ISC_TRUE;
break;
case 'd':
ns_g_debuglevel = parse_int(isc_commandline_argument,
"debug level");
break;
case 'D':
/* Descriptive comment for 'ps'. */
break;
case 'E':
ns_g_engine = isc_commandline_argument;
break;
case 'f':
ns_g_foreground = ISC_TRUE;
break;
case 'g':
ns_g_foreground = ISC_TRUE;
ns_g_logstderr = ISC_TRUE;
break;
/* XXXBEW -i should be removed */
case 'i':
lwresd_g_defaultpidfile = isc_commandline_argument;
break;
case 'l':
ns_g_lwresdonly = ISC_TRUE;
break;
case 'm':
set_flags(isc_commandline_argument, mem_debug_flags,
&isc_mem_debugging);
break;
case 'N': /* Deprecated. */
case 'n':
ns_g_cpus = parse_int(isc_commandline_argument,
"number of cpus");
if (ns_g_cpus == 0)
ns_g_cpus = 1;
break;
case 'p':
port = parse_int(isc_commandline_argument, "port");
if (port < 1 || port > 65535)
ns_main_earlyfatal("port '%s' out of range",
isc_commandline_argument);
ns_g_port = port;
break;
/* XXXBEW Should -P be removed? */
case 'P':
port = parse_int(isc_commandline_argument, "port");
if (port < 1 || port > 65535)
ns_main_earlyfatal("port '%s' out of range",
isc_commandline_argument);
lwresd_g_listenport = port;
break;
case 's':
/* XXXRTH temporary syntax */
want_stats = ISC_TRUE;
break;
case 'S':
maxsocks = parse_int(isc_commandline_argument,
"max number of sockets");
break;
case 't':
/* XXXJAB should we make a copy? */
ns_g_chrootdir = isc_commandline_argument;
break;
case 'T': /* NOT DOCUMENTED */
/*
* force the server to behave (or misbehave) in
* specified ways for testing purposes.
*
* clienttest: make clients single shot with their
* own memory context.
* delay=xxxx: delay client responses by xxxx ms to
* simulate remote servers.
* dscp=x: check that dscp values are as
* expected and assert otherwise.
*/
if (!strcmp(isc_commandline_argument, "clienttest"))
ns_g_clienttest = ISC_TRUE;
else if (!strcmp(isc_commandline_argument, "nosoa"))
ns_g_nosoa = ISC_TRUE;
else if (!strcmp(isc_commandline_argument, "noaa"))
ns_g_noaa = ISC_TRUE;
else if (!strcmp(isc_commandline_argument, "maxudp512"))
maxudp = 512;
else if (!strcmp(isc_commandline_argument, "maxudp1460"))
maxudp = 1460;
else if (!strcmp(isc_commandline_argument, "dropedns"))
ns_g_dropedns = ISC_TRUE;
else if (!strcmp(isc_commandline_argument, "noedns"))
ns_g_noedns = ISC_TRUE;
else if (!strncmp(isc_commandline_argument,
"maxudp=", 7))
maxudp = atoi(isc_commandline_argument + 7);
else if (!strncmp(isc_commandline_argument,
"delay=", 6))
ns_g_delay = atoi(isc_commandline_argument + 6);
else if (!strcmp(isc_commandline_argument, "nosyslog"))
ns_g_nosyslog = ISC_TRUE;
else if (!strcmp(isc_commandline_argument, "nonearest"))
ns_g_nonearest = ISC_TRUE;
else if (!strncmp(isc_commandline_argument, "dscp=", 5))
isc_dscp_check_value =
atoi(isc_commandline_argument + 5);
else
fprintf(stderr, "unknown -T flag '%s\n",
isc_commandline_argument);
break;
case 'U':
ns_g_udpdisp = parse_int(isc_commandline_argument,
"number of UDP listeners "
"per interface");
break;
case 'u':
ns_g_username = isc_commandline_argument;
break;
case 'v':
printf("%s %s", ns_g_product, ns_g_version);
if (*ns_g_description != 0)
printf(" %s", ns_g_description);
printf("\n");
exit(0);
case 'V':
printf("%s %s", ns_g_product, ns_g_version);
if (*ns_g_description != 0)
printf(" %s", ns_g_description);
printf(" <id:%s> built by %s with %s\n", ns_g_srcid,
ns_g_builder, ns_g_configargs);
#ifdef __clang__
printf("compiled by CLANG %s\n", __VERSION__);
#else
#if defined(__ICC) || defined(__INTEL_COMPILER)
printf("compiled by ICC %s\n", __VERSION__);
#else
#ifdef __GNUC__
printf("compiled by GCC %s\n", __VERSION__);
#endif
#endif
#endif
#ifdef _MSC_VER
printf("compiled by MSVC %d\n", _MSC_VER);
#endif
#ifdef __SUNPRO_C
printf("compiled by Solaris Studio %x\n", __SUNPRO_C);
#endif
#ifdef OPENSSL
printf("using OpenSSL version: %s\n",
OPENSSL_VERSION_TEXT);
#endif
#ifdef HAVE_LIBXML2
printf("using libxml2 version: %s\n",
LIBXML_DOTTED_VERSION);
#endif
exit(0);
case 'F':
/* Reserved for FIPS mode */
/* FALLTHROUGH */
case '?':
usage();
if (isc_commandline_option == '?')
exit(0);
p = strchr(CMDLINE_FLAGS, isc_commandline_option);
if (p == NULL || *++p != ':')
ns_main_earlyfatal("unknown option '-%c'",
isc_commandline_option);
else
ns_main_earlyfatal("option '-%c' requires "
"an argument",
isc_commandline_option);
/* FALLTHROUGH */
default:
ns_main_earlyfatal("parsing options returned %d", ch);
}
}
argc -= isc_commandline_index;
argv += isc_commandline_index;
POST(argv);
if (argc > 0) {
usage();
ns_main_earlyfatal("extra command line arguments");
}
}
int
main(int argc, char *argv[]) {
isc_result_t result;
#ifdef HAVE_LIBSCF
char *instance = NULL;
#endif
#ifdef HAVE_GPERFTOOLS_PROFILER
(void) ProfilerStart(NULL);
#endif
/*
* Record version in core image.
* strings named.core | grep "named version:"
*/
strlcat(version,
#if defined(NO_VERSION_DATE) || !defined(__DATE__)
"named version: BIND " VERSION " <" SRCID ">",
#else
"named version: BIND " VERSION " <" SRCID "> (" __DATE__ ")",
#endif
sizeof(version));
result = isc_file_progname(*argv, program_name, sizeof(program_name));
if (result != ISC_R_SUCCESS)
ns_main_earlyfatal("program name too long");
if (strcmp(program_name, "lwresd") == 0)
ns_g_lwresdonly = ISC_TRUE;
if (result != ISC_R_SUCCESS)
ns_main_earlyfatal("failed to build internal symbol table");
isc_assertion_setcallback(assertion_failed);
isc_error_setfatal(library_fatal_error);
isc_error_setunexpected(library_unexpected_error);
ns_os_init(program_name);
dns_result_register();
dst_result_register();
isccc_result_register();
#ifdef PKCS11CRYPTO
pk11_result_register();
#endif
parse_command_line(argc, argv);
pfilter_open();
/*
* Warn about common configuration error.
*/
if (ns_g_chrootdir != NULL) {
int len = strlen(ns_g_chrootdir);
if (strncmp(ns_g_chrootdir, ns_g_conffile, len) == 0 &&
(ns_g_conffile[len] == '/' || ns_g_conffile[len] == '\\'))
ns_main_earlywarning("config filename (-c %s) contains "
"chroot path (-t %s)",
ns_g_conffile, ns_g_chrootdir);
}
result = isc_mem_create(0, 0, &ns_g_mctx);
if (result != ISC_R_SUCCESS)
ns_main_earlyfatal("isc_mem_create() failed: %s",
isc_result_totext(result));
isc_mem_setname(ns_g_mctx, "main", NULL);
setup();
/*
* Start things running and then wait for a shutdown request
* or reload.
*/
do {
result = isc_app_run();
if (result == ISC_R_RELOAD) {
ns_server_reloadwanted(ns_g_server);
} else if (result != ISC_R_SUCCESS) {
UNEXPECTED_ERROR(__FILE__, __LINE__,
"isc_app_run(): %s",
isc_result_totext(result));
/*
* Force exit.
*/
result = ISC_R_SUCCESS;
}
} while (result != ISC_R_SUCCESS);
#ifdef HAVE_LIBSCF
if (ns_smf_want_disable == 1) {
result = ns_smf_get_instance(&instance, 1, ns_g_mctx);
if (result == ISC_R_SUCCESS && instance != NULL) {
if (smf_disable_instance(instance, 0) != 0)
UNEXPECTED_ERROR(__FILE__, __LINE__,
"smf_disable_instance() "
"failed for %s : %s",
instance,
scf_strerror(scf_error()));
}
if (instance != NULL)
isc_mem_free(ns_g_mctx, instance);
}
#endif /* HAVE_LIBSCF */
cleanup();
if (want_stats) {
isc_mem_stats(ns_g_mctx, stdout);
isc_mutex_stats(stdout);
}
if (ns_g_memstatistics && memstats != NULL) {
FILE *fp = NULL;
result = isc_stdio_open(memstats, "w", &fp);
if (result == ISC_R_SUCCESS) {
isc_mem_stats(ns_g_mctx, fp);
isc_mutex_stats(fp);
isc_stdio_close(fp);
}
}
isc_mem_destroy(&ns_g_mctx);
isc_mem_checkdestroyed(stderr);
ns_main_setmemstats(NULL);
isc_app_finish();
ns_os_closedevnull();
ns_os_shutdown();
#ifdef HAVE_GPERFTOOLS_PROFILER
ProfilerStop();
#endif
return (0);
}
void
ns_os_chroot(const char *root) {
if (root != NULL)
ns_main_earlyfatal("chroot(): isn't supported by Win32 API");
}
static void
parse_command_line(int argc, char *argv[]) {
int ch;
int port;
isc_boolean_t disable6 = ISC_FALSE;
isc_boolean_t disable4 = ISC_FALSE;
save_command_line(argc, argv);
isc_commandline_errprint = ISC_FALSE;
while ((ch = isc_commandline_parse(argc, argv,
"46c:C:d:E:fFgi:lm:n:N:p:P:"
"sS:t:T:u:vVx:")) != -1) {
switch (ch) {
case '4':
if (disable4)
ns_main_earlyfatal("cannot specify -4 and -6");
if (isc_net_probeipv4() != ISC_R_SUCCESS)
ns_main_earlyfatal("IPv4 not supported by OS");
isc_net_disableipv6();
disable6 = ISC_TRUE;
break;
case '6':
if (disable6)
ns_main_earlyfatal("cannot specify -4 and -6");
if (isc_net_probeipv6() != ISC_R_SUCCESS)
ns_main_earlyfatal("IPv6 not supported by OS");
isc_net_disableipv4();
disable4 = ISC_TRUE;
break;
case 'c':
ns_g_conffile = isc_commandline_argument;
lwresd_g_conffile = isc_commandline_argument;
if (lwresd_g_useresolvconf)
ns_main_earlyfatal("cannot specify -c and -C");
ns_g_conffileset = ISC_TRUE;
break;
case 'C':
lwresd_g_resolvconffile = isc_commandline_argument;
if (ns_g_conffileset)
ns_main_earlyfatal("cannot specify -c and -C");
lwresd_g_useresolvconf = ISC_TRUE;
break;
case 'd':
ns_g_debuglevel = parse_int(isc_commandline_argument,
"debug level");
break;
case 'E':
ns_g_engine = isc_commandline_argument;
break;
case 'f':
ns_g_foreground = ISC_TRUE;
break;
case 'g':
ns_g_foreground = ISC_TRUE;
ns_g_logstderr = ISC_TRUE;
break;
/* XXXBEW -i should be removed */
case 'i':
lwresd_g_defaultpidfile = isc_commandline_argument;
break;
case 'l':
ns_g_lwresdonly = ISC_TRUE;
break;
case 'm':
set_flags(isc_commandline_argument, mem_debug_flags,
&isc_mem_debugging);
break;
case 'N': /* Deprecated. */
case 'n':
ns_g_cpus = parse_int(isc_commandline_argument,
"number of cpus");
if (ns_g_cpus == 0)
ns_g_cpus = 1;
break;
case 'p':
port = parse_int(isc_commandline_argument, "port");
if (port < 1 || port > 65535)
ns_main_earlyfatal("port '%s' out of range",
isc_commandline_argument);
ns_g_port = port;
break;
/* XXXBEW Should -P be removed? */
case 'P':
port = parse_int(isc_commandline_argument, "port");
if (port < 1 || port > 65535)
ns_main_earlyfatal("port '%s' out of range",
isc_commandline_argument);
lwresd_g_listenport = port;
break;
case 's':
/* XXXRTH temporary syntax */
want_stats = ISC_TRUE;
break;
case 'S':
maxsocks = parse_int(isc_commandline_argument,
"max number of sockets");
break;
case 't':
/* XXXJAB should we make a copy? */
ns_g_chrootdir = isc_commandline_argument;
break;
case 'T':
/*
* clienttest: make clients single shot with their
* own memory context.
*/
if (!strcmp(isc_commandline_argument, "clienttest"))
ns_g_clienttest = ISC_TRUE;
else if (!strcmp(isc_commandline_argument, "maxudp512"))
maxudp = 512;
else if (!strcmp(isc_commandline_argument, "maxudp1460"))
maxudp = 1460;
else
fprintf(stderr, "unknown -T flag '%s\n",
isc_commandline_argument);
break;
case 'u':
ns_g_username = isc_commandline_argument;
break;
case 'v':
printf("BIND %s\n", ns_g_version);
exit(0);
case 'V':
printf("BIND %s built with %s\n", ns_g_version,
ns_g_configargs);
exit(0);
case 'F':
/* Reserved for FIPS mode */
/* FALLTHROUGH */
case '?':
usage();
if (isc_commandline_option == '?')
exit(0);
ns_main_earlyfatal("unknown option '-%c'",
isc_commandline_option);
/* FALLTHROUGH */
default:
ns_main_earlyfatal("parsing options returned %d", ch);
}
}
argc -= isc_commandline_index;
argv += isc_commandline_index;
if (argc > 0) {
usage();
ns_main_earlyfatal("extra command line arguments");
}
}
void
ns_os_daemonize(void) {
pid_t pid;
char strbuf[ISC_STRERRORSIZE];
if (pipe(dfd) == -1) {
isc__strerror(errno, strbuf, sizeof(strbuf));
ns_main_earlyfatal("pipe(): %s", strbuf);
}
pid = fork();
if (pid == -1) {
isc__strerror(errno, strbuf, sizeof(strbuf));
ns_main_earlyfatal("fork(): %s", strbuf);
}
if (pid != 0) {
int n;
/*
* Wait for the child to finish loading for the first time.
* This would be so much simpler if fork() worked once we
* were multi-threaded.
*/
(void)close(dfd[1]);
do {
char buf;
n = read(dfd[0], &buf, 1);
if (n == 1)
_exit(0);
} while (n == -1 && errno == EINTR);
_exit(1);
}
(void)close(dfd[0]);
/*
* We're the child.
*/
#ifdef HAVE_LINUXTHREADS
mainpid = getpid();
#endif
if (setsid() == -1) {
isc__strerror(errno, strbuf, sizeof(strbuf));
ns_main_earlyfatal("setsid(): %s", strbuf);
}
/*
* Try to set stdin, stdout, and stderr to /dev/null, but press
* on even if it fails.
*
* XXXMLG The close() calls here are unneeded on all but NetBSD, but
* are harmless to include everywhere. dup2() is supposed to close
* the FD if it is in use, but unproven-pthreads-0.16 is broken
* and will end up closing the wrong FD. This will be fixed eventually,
* and these calls will be removed.
*/
if (devnullfd != -1) {
if (devnullfd != STDIN_FILENO) {
(void)close(STDIN_FILENO);
(void)dup2(devnullfd, STDIN_FILENO);
}
if (devnullfd != STDOUT_FILENO) {
(void)close(STDOUT_FILENO);
(void)dup2(devnullfd, STDOUT_FILENO);
}
if (devnullfd != STDERR_FILENO) {
(void)close(STDERR_FILENO);
(void)dup2(devnullfd, STDERR_FILENO);
}
}
}
static void
linux_setcaps(cap_t caps) {
#ifndef HAVE_LIBCAP
struct __user_cap_header_struct caphead;
struct __user_cap_data_struct cap;
#endif
char strbuf[ISC_STRERRORSIZE];
if ((getuid() != 0 && !non_root_caps) || non_root)
return;
#ifndef HAVE_LIBCAP
memset(&caphead, 0, sizeof(caphead));
caphead.version = _LINUX_CAPABILITY_VERSION;
caphead.pid = 0;
memset(&cap, 0, sizeof(cap));
cap.effective = caps;
cap.permitted = caps;
cap.inheritable = 0;
#endif
#ifdef HAVE_LIBCAP
if (cap_set_proc(caps) < 0) {
#else
if (syscall(SYS_capset, &caphead, &cap) < 0) {
#endif
isc__strerror(errno, strbuf, sizeof(strbuf));
ns_main_earlyfatal(SETCAPS_FUNC "failed: %s:"
" please ensure that the capset kernel"
" module is loaded. see insmod(8)",
strbuf);
}
}
#ifdef HAVE_LIBCAP
#define SET_CAP(flag) \
do { \
capval = (flag); \
cap_flag_value_t curval; \
err = cap_get_flag(curcaps, capval, CAP_PERMITTED, &curval); \
if (err != -1 && curval) { \
err = cap_set_flag(caps, CAP_EFFECTIVE, 1, &capval, CAP_SET); \
if (err == -1) { \
isc__strerror(errno, strbuf, sizeof(strbuf)); \
ns_main_earlyfatal("cap_set_proc failed: %s", strbuf); \
} \
\
err = cap_set_flag(caps, CAP_PERMITTED, 1, &capval, CAP_SET); \
if (err == -1) { \
isc__strerror(errno, strbuf, sizeof(strbuf)); \
ns_main_earlyfatal("cap_set_proc failed: %s", strbuf); \
} \
} \
} while (0)
#define INIT_CAP \
do { \
caps = cap_init(); \
if (caps == NULL) { \
isc__strerror(errno, strbuf, sizeof(strbuf)); \
ns_main_earlyfatal("cap_init failed: %s", strbuf); \
} \
curcaps = cap_get_proc(); \
if (curcaps == NULL) { \
isc__strerror(errno, strbuf, sizeof(strbuf)); \
ns_main_earlyfatal("cap_get_proc failed: %s", strbuf); \
} \
} while (0)
#define FREE_CAP \
{ \
cap_free(caps); \
cap_free(curcaps); \
} while (0)
#else
#define SET_CAP(flag) do { caps |= (1 << (flag)); } while (0)
#define INIT_CAP do { caps = 0; } while (0)
#endif /* HAVE_LIBCAP */
static void
linux_initialprivs(void) {
cap_t caps;
#ifdef HAVE_LIBCAP
cap_t curcaps;
cap_value_t capval;
char strbuf[ISC_STRERRORSIZE];
int err;
#endif
/*%
* We don't need most privileges, so we drop them right away.
* Later on linux_minprivs() will be called, which will drop our
* capabilities to the minimum needed to run the server.
*/
INIT_CAP;
/*
* We need to be able to bind() to privileged ports, notably port 53!
*/
SET_CAP(CAP_NET_BIND_SERVICE);
/*
* We need chroot() initially too.
*/
SET_CAP(CAP_SYS_CHROOT);
#if defined(HAVE_SYS_PRCTL_H) || !defined(HAVE_LINUXTHREADS)
/*
* We can setuid() only if either the kernel supports keeping
* capabilities after setuid() (which we don't know until we've
* tried) or we're not using threads. If either of these is
* true, we want the setuid capability.
*/
SET_CAP(CAP_SETUID);
#endif
/*
* Since we call initgroups, we need this.
*/
SET_CAP(CAP_SETGID);
/*
* Without this, we run into problems reading a configuration file
* owned by a non-root user and non-world-readable on startup.
*/
SET_CAP(CAP_DAC_READ_SEARCH);
/*
* XXX We might want to add CAP_SYS_RESOURCE, though it's not
* clear it would work right given the way linuxthreads work.
* XXXDCL But since we need to be able to set the maximum number
* of files, the stack size, data size, and core dump size to
* support named.conf options, this is now being added to test.
*/
SET_CAP(CAP_SYS_RESOURCE);
/*
* We need to be able to set the ownership of the containing
* directory of the pid file when we create it.
*/
SET_CAP(CAP_CHOWN);
linux_setcaps(caps);
#ifdef HAVE_LIBCAP
FREE_CAP;
#endif
}
