/*********************************************************
Start here.
**********************************************************/
int main(int argc, char **argv)
{
TALLOC_CTX *frame = talloc_stackframe();
int local_flags = 0;
int ret;
#if defined(HAVE_SET_AUTH_PARAMETERS)
set_auth_parameters(argc, argv);
#endif /* HAVE_SET_AUTH_PARAMETERS */
if (getuid() == 0) {
local_flags = LOCAL_AM_ROOT;
}
smb_init_locale();
local_flags = process_options(argc, argv, local_flags);
setup_logging("smbpasswd", DEBUG_STDERR);
/*
* Set the machine NETBIOS name if not already
* set from the config file.
*/
if (!init_names())
return 1;
/* Check the effective uid - make sure we are not setuid */
if (is_setuid_root()) {
fprintf(stderr, "smbpasswd must *NOT* be setuid root.\n");
exit(1);
}
if (local_flags & LOCAL_AM_ROOT) {
bool ok;
ok = secrets_init();
if (!ok) {
return 1;
}
ret = process_root(local_flags);
} else {
ret = process_nonroot(local_flags);
}
TALLOC_FREE(frame);
return ret;
}
int
do_osfc2_magic(uid_t uid)
{
#ifdef HAVE_OSFC2
struct es_passwd *epw;
char *argv[2];
/* fake */
argv[0] = (char*)getprogname();
argv[1] = NULL;
set_auth_parameters(1, argv);
epw = getespwuid(uid);
if(epw == NULL) {
syslog(LOG_AUTHPRIV|LOG_NOTICE,
"getespwuid failed for %d", uid);
printf("Sorry.\n");
return 1;
}
/* We don't check for auto-retired, foo-retired,
bar-retired, or any other kind of retired accounts
here; neither do we check for time-locked accounts, or
any other kind of serious C2 mumbo-jumbo. We do,
however, call setluid, since failing to do so is not
very good (take my word for it). */
if(!epw->uflg->fg_uid) {
syslog(LOG_AUTHPRIV|LOG_NOTICE,
"attempted login by %s (has no uid)", epw->ufld->fd_name);
printf("Sorry.\n");
return 1;
}
setluid(epw->ufld->fd_uid);
if(getluid() != epw->ufld->fd_uid) {
syslog(LOG_AUTHPRIV|LOG_NOTICE,
"failed to set LUID for %s (%d)",
epw->ufld->fd_name, epw->ufld->fd_uid);
printf("Sorry.\n");
return 1;
}
#endif /* HAVE_OSFC2 */
return 0;
}
Bool
pwent_priv_init (int argc, char **argv, Bool verbose_p)
{
char *u;
#ifdef HAVE_ENHANCED_PASSWD
set_auth_parameters(argc, argv);
check_auth_parameters();
#endif /* HAVE_DEC_ENHANCED */
u = user_name();
encrypted_user_passwd = get_encrypted_passwd(u);
encrypted_root_passwd = get_encrypted_passwd(ROOT);
if (u) free (u);
if (encrypted_user_passwd)
return True;
else
return False;
}
/*********************************************************
Start here.
**********************************************************/
int main(int argc, char **argv)
{
int local_flags = 0;
AllowDebugChange = False;
#if defined(HAVE_SET_AUTH_PARAMETERS)
set_auth_parameters(argc, argv);
#endif /* HAVE_SET_AUTH_PARAMETERS */
if (getuid() == 0) {
local_flags = LOCAL_AM_ROOT;
}
load_case_tables();
local_flags = process_options(argc, argv, local_flags);
setup_logging("smbpasswd", True);
/*
* Set the machine NETBIOS name if not already
* set from the config file.
*/
if (!init_names())
return 1;
/* Check the effective uid - make sure we are not setuid */
if (is_setuid_root()) {
fprintf(stderr, "smbpasswd must *NOT* be setuid root.\n");
exit(1);
}
if (local_flags & LOCAL_AM_ROOT) {
secrets_init();
return process_root(local_flags);
}
return process_nonroot(local_flags);
}
/*
* The main guy.
*/
int main(int argc, char *argv[])
{
int rcode;
int argval;
int spawn_flag = TRUE;
int dont_fork = FALSE;
int flag = 0;
#ifdef HAVE_SIGACTION
struct sigaction act;
#endif
#ifdef OSFC2
set_auth_parameters(argc,argv);
#endif
if ((progname = strrchr(argv[0], FR_DIR_SEP)) == NULL)
progname = argv[0];
else
progname++;
#ifdef WIN32
{
WSADATA wsaData;
if (WSAStartup(MAKEWORD(2, 0), &wsaData)) {
fprintf(stderr, "%s: Unable to initialize socket library.\n");
return 1;
}
}
#endif
debug_flag = 0;
spawn_flag = TRUE;
radius_dir = strdup(RADIUS_DIR);
/*
* Ensure that the configuration is initialized.
*/
memset(&mainconfig, 0, sizeof(mainconfig));
mainconfig.myip.af = AF_UNSPEC;
mainconfig.port = -1;
mainconfig.name = "radiusd";
#ifdef HAVE_SIGACTION
memset(&act, 0, sizeof(act));
act.sa_flags = 0 ;
sigemptyset( &act.sa_mask ) ;
#endif
/*
* Don't put output anywhere until we get told a little
* more.
*/
mainconfig.radlog_dest = RADLOG_NULL;
mainconfig.radlog_fd = -1;
mainconfig.log_file = NULL;
/* Process the options. */
while ((argval = getopt(argc, argv, "Cd:fhi:l:mn:p:stvxX")) != EOF) {
switch(argval) {
case 'C':
check_config = TRUE;
spawn_flag = FALSE;
dont_fork = TRUE;
break;
case 'd':
if (radius_dir) free(radius_dir);
radius_dir = strdup(optarg);
break;
case 'f':
dont_fork = TRUE;
break;
case 'h':
usage(0);
break;
case 'l':
if (strcmp(optarg, "stdout") == 0) {
goto do_stdout;
}
mainconfig.log_file = strdup(optarg);
mainconfig.radlog_dest = RADLOG_FILES;
mainconfig.radlog_fd = open(mainconfig.log_file,
O_WRONLY | O_APPEND | O_CREAT, 0640);
if (mainconfig.radlog_fd < 0) {
fprintf(stderr, "radiusd: Failed to open log file %s: %s\n", mainconfig.log_file, strerror(errno));
exit(1);
}
break;
case 'i':
if (ip_hton(optarg, AF_UNSPEC, &mainconfig.myip) < 0) {
fprintf(stderr, "radiusd: Invalid IP Address or hostname \"%s\"\n", optarg);
exit(1);
}
flag |= 1;
break;
case 'n':
mainconfig.name = optarg;
break;
case 'm':
debug_memory = 1;
break;
case 'p':
mainconfig.port = atoi(optarg);
if ((mainconfig.port <= 0) ||
(mainconfig.port >= 65536)) {
fprintf(stderr, "radiusd: Invalid port number %s\n", optarg);
exit(1);
}
flag |= 2;
break;
case 's': /* Single process mode */
spawn_flag = FALSE;
dont_fork = TRUE;
break;
case 't': /* no child threads */
spawn_flag = FALSE;
break;
case 'v':
version();
break;
case 'X':
spawn_flag = FALSE;
dont_fork = TRUE;
debug_flag += 2;
mainconfig.log_auth = TRUE;
mainconfig.log_auth_badpass = TRUE;
mainconfig.log_auth_goodpass = TRUE;
fr_log_fp = stdout;
do_stdout:
mainconfig.radlog_dest = RADLOG_STDOUT;
mainconfig.radlog_fd = STDOUT_FILENO;
break;
case 'x':
debug_flag++;
break;
default:
usage(1);
break;
}
}
if (flag && (flag != 0x03)) {
fprintf(stderr, "radiusd: The options -i and -p cannot be used individually.\n");
exit(1);
}
if (debug_flag) {
radlog(L_INFO, "%s", radiusd_version);
radlog(L_INFO, "Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.\n");
radlog(L_INFO, "There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A\n");
radlog(L_INFO, "PARTICULAR PURPOSE.\n");
radlog(L_INFO, "You may redistribute copies of FreeRADIUS under the terms of the\n");
radlog(L_INFO, "GNU General Public License v2.\n");
fflush(NULL);
}
/* Read the configuration files, BEFORE doing anything else. */
if (read_mainconfig(0) < 0) {
exit(1);
}
#ifndef __MINGW32__
/*
* Disconnect from session
*/
if (dont_fork == FALSE) {
pid_t pid = fork();
if (pid < 0) {
radlog(L_ERR, "Couldn't fork: %s", strerror(errno));
exit(1);
}
/*
* The parent exits, so the child can run in the background.
*/
if (pid > 0) {
exit(0);
}
#ifdef HAVE_SETSID
setsid();
#endif
}
#endif
/*
* Ensure that we're using the CORRECT pid after forking,
* NOT the one we started with.
*/
radius_pid = getpid();
/*
* If we're running as a daemon, close the default file
* descriptors, AFTER forking.
*/
if (!debug_flag) {
int devnull;
devnull = open("/dev/null", O_RDWR);
if (devnull < 0) {
radlog(L_ERR|L_CONS, "Failed opening /dev/null: %s\n",
strerror(errno));
exit(1);
}
dup2(devnull, STDIN_FILENO);
if (mainconfig.radlog_dest == RADLOG_STDOUT) {
setlinebuf(stdout);
mainconfig.radlog_fd = STDOUT_FILENO;
} else {
dup2(devnull, STDOUT_FILENO);
}
if (mainconfig.radlog_dest == RADLOG_STDERR) {
setlinebuf(stderr);
mainconfig.radlog_fd = STDERR_FILENO;
} else {
dup2(devnull, STDERR_FILENO);
}
close(devnull);
} else {
setlinebuf(stdout); /* unbuffered output */
}
/*
* Initialize the event pool, including threads.
*/
radius_event_init(mainconfig.config, spawn_flag);
/*
* Now that we've set everything up, we can install the signal
* handlers. Before this, if we get any signal, we don't know
* what to do, so we might as well do the default, and die.
*/
#ifdef SIGPIPE
signal(SIGPIPE, SIG_IGN);
#endif
#ifdef HAVE_SIGACTION
act.sa_handler = sig_hup;
sigaction(SIGHUP, &act, NULL);
act.sa_handler = sig_fatal;
sigaction(SIGTERM, &act, NULL);
#else
#ifdef SIGHUP
signal(SIGHUP, sig_hup);
#endif
signal(SIGTERM, sig_fatal);
#endif
/*
* If we're debugging, then a CTRL-C will cause the
* server to die immediately. Use SIGTERM to shut down
* the server cleanly in that case.
*/
if ((debug_memory == 1) || (debug_flag == 0)) {
#ifdef HAVE_SIGACTION
act.sa_handler = sig_fatal;
sigaction(SIGINT, &act, NULL);
sigaction(SIGQUIT, &act, NULL);
#else
signal(SIGINT, sig_fatal);
#ifdef SIGQUIT
signal(SIGQUIT, sig_fatal);
#endif
#endif
}
/*
* Everything seems to have loaded OK, exit gracefully.
*/
if (check_config) {
DEBUG("Configuration appears to be OK.");
exit(0);
}
radius_stats_init(0);
/*
* Only write the PID file if we're running as a daemon.
*
* And write it AFTER we've forked, so that we write the
* correct PID.
*/
if (dont_fork == FALSE) {
FILE *fp;
fp = fopen(mainconfig.pid_file, "w");
if (fp != NULL) {
/*
* FIXME: What about following symlinks,
* and having it over-write a normal file?
*/
fprintf(fp, "%d\n", (int) radius_pid);
fclose(fp);
} else {
radlog(L_ERR|L_CONS, "Failed creating PID file %s: %s\n",
mainconfig.pid_file, strerror(errno));
exit(1);
}
}
/*
* Process requests until HUP or exit.
*/
while ((rcode = radius_event_process()) == 0x80) {
radius_stats_init(1);
hup_mainconfig();
}
if (rcode < 0) {
radlog(L_ERR, "Exiting due to internal error: %s",
fr_strerror());
rcode = 2;
} else {
radlog(L_INFO, "Exiting normally.");
}
/*
* Ignore the TERM signal: we're
* about to die.
*/
signal(SIGTERM, SIG_IGN);
/*
* Send a TERM signal to all
* associated processes
* (including us, which gets
* ignored.)
*/
#ifndef __MINGW32__
if (spawn_flag) kill(-radius_pid, SIGTERM);
#endif
/*
* We're exiting, so we can delete the PID
* file. (If it doesn't exist, we can ignore
* the error returned by unlink)
*/
if (dont_fork == FALSE) {
unlink(mainconfig.pid_file);
}
radius_event_free();
/*
* Free the configuration items.
*/
free_mainconfig();
/*
* Detach any modules.
*/
detach_modules();
xlat_free(); /* modules may have xlat's */
free(radius_dir);
#ifdef WIN32
WSACleanup();
#endif
return (rcode - 1);
}
/*
* Main program for the daemon.
*/
int
main(int ac, char **av)
{
extern char *optarg;
extern int optind;
int opt, j, i, fdsetsz, on = 1;
int sock_in = -1, sock_out = -1, newsock = -1;
pid_t pid;
socklen_t fromlen;
fd_set *fdset;
struct sockaddr_storage from;
const char *remote_ip;
int remote_port;
FILE *f;
struct addrinfo *ai;
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
char *line;
int listen_sock, maxfd;
int startup_p[2], config_s[2];
int startups = 0;
Key *key;
Authctxt *authctxt;
int ret, key_used = 0;
Buffer cfg;
char *pt;
u_short ports[2] = {0,0};
/* Default MITM options */
memset(&mopt, 0x00, sizeof(mopt));
mopt.r_port = htons(22);
mopt.resolve = 1;
if (av[1] == NULL)
usage();
/* Get route */
if ( (pt = strchr(av[1], ':')) != NULL)
*pt++ = '\0';
if ( (long)(mopt.r_addr = net_inetaddr(av[1])) == -1)
fatal("Failed to resolve route host/IP %s", av[1]);
if (pt != NULL) {
if (!ISPORT(atoi(pt)))
fatal("Bad port number in route '%s'", pt);
mopt.r_port = htons(atoi(pt));
}
logit("Using static route to %s", net_sockstr_ip(mopt.r_addr, mopt.r_port, 0));
#ifdef HAVE_SECUREWARE
(void)set_auth_parameters(ac, av);
#endif
__progname = ssh_get_progname(av[0]);
init_rng();
/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
saved_argc = ac;
rexec_argc = ac;
saved_argv = xmalloc(sizeof(*saved_argv) * (ac + 1));
for (i = 0; i < ac; i++)
saved_argv[i] = xstrdup(av[i]);
saved_argv[i] = NULL;
#ifndef HAVE_SETPROCTITLE
/* Prepare for later setproctitle emulation */
compat_init_setproctitle(ac, av);
av = saved_argv;
#endif
if (geteuid() == 0 && setgroups(0, NULL) == -1)
debug("setgroups(): %.200s", strerror(errno));
/* Initialize configuration options to their default values. */
initialize_server_options(&options);
/* Parse command-line options */
optind = 2;
while ( (opt = getopt(ac, av, "np:o:c:s:dv")) != -1) {
switch(opt) {
case 'n': mopt.resolve = 0; break;
case 'd':
if (debug_flag == 0) {
debug_flag = 1;
options.log_level = SYSLOG_LEVEL_DEBUG1;
} else if (options.log_level < SYSLOG_LEVEL_DEBUG4)
options.log_level++;
break;
case 'o': options.passwdlog = optarg; break;
case 'c': options.c_logdir = optarg; break;
case 's': options.s_logdir = optarg; break;
case 'v': options.log_level = SYSLOG_LEVEL_VERBOSE; break;
case 'p':
options.ports_from_cmdline = 1;
if (options.num_ports >= MAX_PORTS) {
fprintf(stderr, "too many ports.\n");
exit(1);
}
options.ports[options.num_ports++] = a2port(optarg);
if (options.ports[options.num_ports-1] == 0) {
fprintf(stderr, "Bad port number.\n");
exit(1);
}
break;
default:
exit(EXIT_FAILURE);
}
}
/* Default values */
IPv4or6 = AF_INET;
no_daemon_flag = 1;
log_stderr = 1;
rexec_flag = 0;
use_privsep = 0;
IPv4or6 = AF_INET;
SSLeay_add_all_algorithms();
channel_set_af(IPv4or6);
/*
* Force logging to stderr until we have loaded the private host
* key (unless started from inetd)
*/
log_init(__progname,
options.log_level == SYSLOG_LEVEL_NOT_SET ?
SYSLOG_LEVEL_INFO : options.log_level,
options.log_facility == SYSLOG_FACILITY_NOT_SET ?
SYSLOG_FACILITY_AUTH : options.log_facility,
log_stderr || !inetd_flag);
//target_connect(net_inetaddr("10.0.0.1"), htons(22), 2, SSH_PROTO_2);
//exit(1);
#ifdef _AIX
/*
* Unset KRB5CCNAME, otherwise the user's session may inherit it from
* root's environment
*/
unsetenv("KRB5CCNAME");
#endif /* _AIX */
#ifdef _UNICOS
/* Cray can define user privs drop all privs now!
* Not needed on PRIV_SU systems!
*/
drop_cray_privs();
#endif
seed_rng();
sensitive_data.server_key = NULL;
sensitive_data.ssh1_host_key = NULL;
sensitive_data.have_ssh1_key = 0;
sensitive_data.have_ssh2_key = 0;
/* Fetch our configuration */
buffer_init(&cfg);
if (rexeced_flag)
recv_rexec_state(REEXEC_CONFIG_PASS_FD, &cfg);
else
load_server_config(config_file_name, &cfg);
parse_server_config(&options,
rexeced_flag ? "rexec" : config_file_name, &cfg);
if (!rexec_flag)
buffer_free(&cfg);
/* Fill in default values for those options not explicitly set. */
fill_default_server_options(&options);
/* Check that there are no remaining arguments. */
if (optind < ac) {
fprintf(stderr, "Extra argument %s.\n", av[optind]);
exit(1);
}
debug("sshd version %.100s", SSH_VERSION);
/* load private host keys */
sensitive_data.host_keys = xmalloc(options.num_host_key_files *
sizeof(Key *));
for (i = 0; i < options.num_host_key_files; i++)
sensitive_data.host_keys[i] = NULL;
for (i = 0; i < options.num_host_key_files; i++) {
key = key_load_private(options.host_key_files[i], "", NULL);
sensitive_data.host_keys[i] = key;
if (key == NULL) {
error("Could not load host key: %s",
options.host_key_files[i]);
sensitive_data.host_keys[i] = NULL;
continue;
}
switch (key->type) {
case KEY_RSA1:
sensitive_data.ssh1_host_key = key;
sensitive_data.have_ssh1_key = 1;
break;
case KEY_RSA:
case KEY_DSA:
sensitive_data.have_ssh2_key = 1;
break;
}
debug("private host key: #%d type %d %s", i, key->type,
key_type(key));
}
if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
logit("Disabling protocol version 1. Could not load host key");
options.protocol &= ~SSH_PROTO_1;
}
if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
logit("Disabling protocol version 2. Could not load host key");
options.protocol &= ~SSH_PROTO_2;
}
if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
logit("sshd: no hostkeys available -- exiting.");
exit(1);
}
/* Check certain values for sanity. */
if (options.protocol & SSH_PROTO_1) {
if (options.server_key_bits < 512 ||
options.server_key_bits > 32768) {
fprintf(stderr, "Bad server key size.\n");
exit(1);
}
/*
* Check that server and host key lengths differ sufficiently. This
* is necessary to make double encryption work with rsaref. Oh, I
* hate software patents. I dont know if this can go? Niels
*/
if (options.server_key_bits >
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) -
SSH_KEY_BITS_RESERVED && options.server_key_bits <
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
SSH_KEY_BITS_RESERVED) {
options.server_key_bits =
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
SSH_KEY_BITS_RESERVED;
debug("Forcing server key to %d bits to make it differ from host key.",
options.server_key_bits);
}
}
if (use_privsep) {
struct passwd *pw;
struct stat st;
if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
fatal("Privilege separation user %s does not exist",
SSH_PRIVSEP_USER);
if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) ||
(S_ISDIR(st.st_mode) == 0))
fatal("Missing privilege separation directory: %s",
_PATH_PRIVSEP_CHROOT_DIR);
#ifdef HAVE_CYGWIN
if (check_ntsec(_PATH_PRIVSEP_CHROOT_DIR) &&
(st.st_uid != getuid () ||
(st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
#else
if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
#endif
fatal("%s must be owned by root and not group or "
"world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
}
/* Configuration looks good, so exit if in test mode. */
if (test_flag)
exit(0);
/*
* Clear out any supplemental groups we may have inherited. This
* prevents inadvertent creation of files with bad modes (in the
* portable version at least, it's certainly possible for PAM
* to create a file, and we can't control the code in every
* module which might be used).
*/
if (setgroups(0, NULL) < 0)
debug("setgroups() failed: %.200s", strerror(errno));
if (rexec_flag) {
rexec_argv = xmalloc(sizeof(char *) * (rexec_argc + 2));
for (i = 0; i < rexec_argc; i++) {
debug("rexec_argv[%d]='%s'", i, saved_argv[i]);
rexec_argv[i] = saved_argv[i];
}
rexec_argv[rexec_argc] = "-R";
rexec_argv[rexec_argc + 1] = NULL;
}
/* Initialize the log (it is reinitialized below in case we forked). */
if (debug_flag && !inetd_flag)
log_stderr = 1;
log_init(__progname, options.log_level, options.log_facility, log_stderr);
/*
* If not in debugging mode, and not started from inetd, disconnect
* from the controlling terminal, and fork. The original process
* exits.
*/
if (!(debug_flag || inetd_flag || no_daemon_flag)) {
#ifdef TIOCNOTTY
int fd;
#endif /* TIOCNOTTY */
if (daemon(0, 0) < 0)
fatal("daemon() failed: %.200s", strerror(errno));
/* Disconnect from the controlling tty. */
#ifdef TIOCNOTTY
fd = open(_PATH_TTY, O_RDWR | O_NOCTTY);
if (fd >= 0) {
(void) ioctl(fd, TIOCNOTTY, NULL);
close(fd);
}
#endif /* TIOCNOTTY */
}
/* Reinitialize the log (because of the fork above). */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
/* Initialize the random number generator. */
arc4random_stir();
/* Chdir to the root directory so that the current disk can be
unmounted if desired. */
chdir("/");
/* ignore SIGPIPE */
signal(SIGPIPE, SIG_IGN);
/* Start listening for a socket, unless started from inetd. */
if (inetd_flag) {
int fd;
startup_pipe = -1;
if (rexeced_flag) {
close(REEXEC_CONFIG_PASS_FD);
sock_in = sock_out = dup(STDIN_FILENO);
if (!debug_flag) {
startup_pipe = dup(REEXEC_STARTUP_PIPE_FD);
close(REEXEC_STARTUP_PIPE_FD);
}
} else {
sock_in = dup(STDIN_FILENO);
sock_out = dup(STDOUT_FILENO);
}
/*
* We intentionally do not close the descriptors 0, 1, and 2
* as our code for setting the descriptors won't work if
* ttyfd happens to be one of those.
*/
if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
dup2(fd, STDIN_FILENO);
dup2(fd, STDOUT_FILENO);
if (fd > STDOUT_FILENO)
close(fd);
}
debug("inetd sockets after dupping: %d, %d", sock_in, sock_out);
if ((options.protocol & SSH_PROTO_1) &&
sensitive_data.server_key == NULL)
generate_ephemeral_server_key();
} else {
for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
continue;
if (num_listen_socks >= MAX_LISTEN_SOCKS)
fatal("Too many listen sockets. "
"Enlarge MAX_LISTEN_SOCKS");
if (getnameinfo(ai->ai_addr, ai->ai_addrlen,
ntop, sizeof(ntop), strport, sizeof(strport),
NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
error("getnameinfo failed");
continue;
}
/* Create socket for listening. */
listen_sock = socket(ai->ai_family, ai->ai_socktype,
ai->ai_protocol);
if (listen_sock < 0) {
/* kernel may not support ipv6 */
verbose("socket: %.100s", strerror(errno));
continue;
}
if (set_nonblock(listen_sock) == -1) {
close(listen_sock);
continue;
}
/*
* Set socket options.
* Allow local port reuse in TIME_WAIT.
*/
if (setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR,
&on, sizeof(on)) == -1)
error("setsockopt SO_REUSEADDR: %s", strerror(errno));
debug("Bind to port %s on %s.", strport, ntop);
/* Bind the socket to the desired port. */
if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
if (!ai->ai_next)
error("Bind to port %s on %s failed: %.200s.",
strport, ntop, strerror(errno));
close(listen_sock);
continue;
}
listen_socks[num_listen_socks] = listen_sock;
num_listen_socks++;
/* Start listening on the port. */
logit("SSH MITM Server listening on %s port %s.", ntop, strport);
if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0)
fatal("listen: %.100s", strerror(errno));
}
freeaddrinfo(options.listen_addrs);
if (!num_listen_socks)
fatal("Cannot bind any address.");
if (options.protocol & SSH_PROTO_1)
generate_ephemeral_server_key();
/*
* Arrange to restart on SIGHUP. The handler needs
* listen_sock.
*/
signal(SIGHUP, sighup_handler);
signal(SIGTERM, sigterm_handler);
signal(SIGQUIT, sigterm_handler);
/* Arrange SIGCHLD to be caught. */
signal(SIGCHLD, main_sigchld_handler);
/* Write out the pid file after the sigterm handler is setup */
if (!debug_flag) {
/*
* Record our pid in /var/run/sshd.pid to make it
* easier to kill the correct sshd. We don't want to
* do this before the bind above because the bind will
* fail if there already is a daemon, and this will
* overwrite any old pid in the file.
*/
f = fopen(options.pid_file, "wb");
if (f == NULL) {
error("Couldn't create pid file \"%s\": %s",
options.pid_file, strerror(errno));
} else {
fprintf(f, "%ld\n", (long) getpid());
fclose(f);
}
}
/* setup fd set for listen */
fdset = NULL;
maxfd = 0;
for (i = 0; i < num_listen_socks; i++)
if (listen_socks[i] > maxfd)
maxfd = listen_socks[i];
/* pipes connected to unauthenticated childs */
startup_pipes = xmalloc(options.max_startups * sizeof(int));
for (i = 0; i < options.max_startups; i++)
startup_pipes[i] = -1;
/*
* Stay listening for connections until the system crashes or
* the daemon is killed with a signal.
*/
for (;;) {
if (received_sighup)
sighup_restart();
if (fdset != NULL)
xfree(fdset);
fdsetsz = howmany(maxfd+1, NFDBITS) * sizeof(fd_mask);
fdset = (fd_set *)xmalloc(fdsetsz);
memset(fdset, 0, fdsetsz);
for (i = 0; i < num_listen_socks; i++)
FD_SET(listen_socks[i], fdset);
for (i = 0; i < options.max_startups; i++)
if (startup_pipes[i] != -1)
FD_SET(startup_pipes[i], fdset);
/* Wait in select until there is a connection. */
ret = select(maxfd+1, fdset, NULL, NULL, NULL);
if (ret < 0 && errno != EINTR)
error("select: %.100s", strerror(errno));
if (received_sigterm) {
logit("Received signal %d; terminating.",
(int) received_sigterm);
close_listen_socks();
unlink(options.pid_file);
exit(255);
}
if (key_used && key_do_regen) {
generate_ephemeral_server_key();
key_used = 0;
key_do_regen = 0;
}
if (ret < 0)
continue;
for (i = 0; i < options.max_startups; i++)
if (startup_pipes[i] != -1 &&
FD_ISSET(startup_pipes[i], fdset)) {
/*
* the read end of the pipe is ready
* if the child has closed the pipe
* after successful authentication
* or if the child has died
*/
close(startup_pipes[i]);
startup_pipes[i] = -1;
startups--;
}
for (i = 0; i < num_listen_socks; i++) {
if (!FD_ISSET(listen_socks[i], fdset))
continue;
fromlen = sizeof(from);
debug("Awaiting client");
newsock = accept(listen_socks[i], (struct sockaddr *)&from,
&fromlen);
if (newsock < 0) {
if (errno != EINTR && errno != EWOULDBLOCK)
error("accept: %.100s", strerror(errno));
continue;
}
if (unset_nonblock(newsock) == -1) {
close(newsock);
continue;
}
if (drop_connection(startups) == 1) {
debug("drop connection #%d", startups);
close(newsock);
continue;
}
if (pipe(startup_p) == -1) {
close(newsock);
continue;
}
if (rexec_flag && socketpair(AF_UNIX,
SOCK_STREAM, 0, config_s) == -1) {
error("reexec socketpair: %s",
strerror(errno));
close(newsock);
close(startup_p[0]);
close(startup_p[1]);
continue;
}
for (j = 0; j < options.max_startups; j++)
if (startup_pipes[j] == -1) {
startup_pipes[j] = startup_p[0];
if (maxfd < startup_p[0])
maxfd = startup_p[0];
startups++;
break;
}
/*
* Got connection. Fork a child to handle it, unless
* we are in debugging mode.
*/
if (debug_flag) {
/*
* In debugging mode. Close the listening
* socket, and start processing the
* connection without forking.
*/
debug("Server will not fork when running in debugging mode.");
close_listen_socks();
sock_in = newsock;
sock_out = newsock;
close(startup_p[0]);
close(startup_p[1]);
startup_pipe = -1;
pid = getpid();
if (rexec_flag) {
send_rexec_state(config_s[0],
&cfg);
close(config_s[0]);
}
break;
} else {
/*
* Normal production daemon. Fork, and have
* the child process the connection. The
* parent continues listening.
*/
if ((pid = fork()) == 0) {
/*
* Child. Close the listening and max_startup
* sockets. Start using the accepted socket.
* Reinitialize logging (since our pid has
* changed). We break out of the loop to handle
* the connection.
*/
startup_pipe = startup_p[1];
close_startup_pipes();
close_listen_socks();
sock_in = newsock;
sock_out = newsock;
log_init(__progname, options.log_level, options.log_facility, log_stderr);
close(config_s[0]);
break;
}
}
/* Parent. Stay in the loop. */
if (pid < 0)
error("fork: %.100s", strerror(errno));
else
debug("Forked child %ld.", (long)pid);
close(startup_p[1]);
if (rexec_flag) {
send_rexec_state(config_s[0], &cfg);
close(config_s[0]);
close(config_s[1]);
}
/* Mark that the key has been used (it was "given" to the child). */
if ((options.protocol & SSH_PROTO_1) &&
key_used == 0) {
/* Schedule server key regeneration alarm. */
signal(SIGALRM, key_regeneration_alarm);
alarm(options.key_regeneration_time);
key_used = 1;
}
arc4random_stir();
/* Close the new socket (the child is now taking care of it). */
close(newsock);
}
/* child process check (or debug mode) */
if (num_listen_socks < 0)
break;
}
}
/* This is the child processing a new connection. */
setproctitle("%s", "[MITM]");
log_init("mitm-server", options.log_level,
options.log_facility, log_stderr);
alarm(0);
signal(SIGALRM, SIG_DFL);
signal(SIGHUP, SIG_DFL);
signal(SIGTERM, SIG_DFL);
signal(SIGQUIT, SIG_DFL);
signal(SIGINT, SIG_DFL);
packet_set_connection(sock_in, sock_out);
sshd_exchange_identification(sock_in, sock_out);
packet_set_nonblocking();
/* perform the key exchange */
if (compat20)
do_ssh2_kex();
else
do_ssh1_kex();
mitm_ssh(sock_in);
/* Unreached */
exit(1);
}
int main(int argc,const char *argv[])
{
/* shall I run as a daemon */
bool is_daemon = false;
bool interactive = false;
bool Fork = true;
bool no_process_group = false;
bool log_stdout = false;
char *ports = NULL;
char *profile_level = NULL;
int opt;
poptContext pc;
bool print_build_options = False;
enum {
OPT_DAEMON = 1000,
OPT_INTERACTIVE,
OPT_FORK,
OPT_NO_PROCESS_GROUP,
OPT_LOG_STDOUT
};
struct poptOption long_options[] = {
POPT_AUTOHELP
{"daemon", 'D', POPT_ARG_NONE, NULL, OPT_DAEMON, "Become a daemon (default)" },
{"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE, "Run interactive (not a daemon)"},
{"foreground", 'F', POPT_ARG_NONE, NULL, OPT_FORK, "Run daemon in foreground (for daemontools, etc.)" },
{"no-process-group", '\0', POPT_ARG_NONE, NULL, OPT_NO_PROCESS_GROUP, "Don't create a new process group" },
{"log-stdout", 'S', POPT_ARG_NONE, NULL, OPT_LOG_STDOUT, "Log to stdout" },
{"build-options", 'b', POPT_ARG_NONE, NULL, 'b', "Print build options" },
{"port", 'p', POPT_ARG_STRING, &ports, 0, "Listen on the specified ports"},
{"profiling-level", 'P', POPT_ARG_STRING, &profile_level, 0, "Set profiling level","PROFILE_LEVEL"},
POPT_COMMON_SAMBA
POPT_COMMON_DYNCONFIG
POPT_TABLEEND
};
struct smbd_parent_context *parent = NULL;
TALLOC_CTX *frame;
NTSTATUS status;
uint64_t unique_id;
struct tevent_context *ev_ctx;
struct messaging_context *msg_ctx;
/*
* Do this before any other talloc operation
*/
talloc_enable_null_tracking();
frame = talloc_stackframe();
setup_logging(argv[0], DEBUG_DEFAULT_STDOUT);
load_case_tables();
smbd_init_globals();
TimeInit();
#ifdef HAVE_SET_AUTH_PARAMETERS
set_auth_parameters(argc,argv);
#endif
pc = poptGetContext("smbd", argc, argv, long_options, 0);
while((opt = poptGetNextOpt(pc)) != -1) {
switch (opt) {
case OPT_DAEMON:
is_daemon = true;
break;
case OPT_INTERACTIVE:
interactive = true;
break;
case OPT_FORK:
Fork = false;
break;
case OPT_NO_PROCESS_GROUP:
no_process_group = true;
break;
case OPT_LOG_STDOUT:
log_stdout = true;
break;
case 'b':
print_build_options = True;
break;
default:
d_fprintf(stderr, "\nInvalid option %s: %s\n\n",
poptBadOption(pc, 0), poptStrerror(opt));
poptPrintUsage(pc, stderr, 0);
exit(1);
}
}
poptFreeContext(pc);
if (interactive) {
Fork = False;
log_stdout = True;
}
if (log_stdout) {
setup_logging(argv[0], DEBUG_STDOUT);
} else {
setup_logging(argv[0], DEBUG_FILE);
}
if (print_build_options) {
build_options(True); /* Display output to screen as well as debug */
exit(0);
}
#ifdef HAVE_SETLUID
/* needed for SecureWare on SCO */
setluid(0);
#endif
set_remote_machine_name("smbd", False);
if (interactive && (DEBUGLEVEL >= 9)) {
talloc_enable_leak_report();
}
if (log_stdout && Fork) {
DEBUG(0,("ERROR: Can't log to stdout (-S) unless daemon is in foreground (-F) or interactive (-i)\n"));
exit(1);
}
/* we want to re-seed early to prevent time delays causing
client problems at a later date. (tridge) */
generate_random_buffer(NULL, 0);
/* get initial effective uid and gid */
sec_init();
/* make absolutely sure we run as root - to handle cases where people
are crazy enough to have it setuid */
gain_root_privilege();
gain_root_group_privilege();
fault_setup();
dump_core_setup("smbd", lp_logfile());
/* we are never interested in SIGPIPE */
BlockSignals(True,SIGPIPE);
#if defined(SIGFPE)
/* we are never interested in SIGFPE */
BlockSignals(True,SIGFPE);
#endif
#if defined(SIGUSR2)
/* We are no longer interested in USR2 */
BlockSignals(True,SIGUSR2);
#endif
/* POSIX demands that signals are inherited. If the invoking process has
* these signals masked, we will have problems, as we won't recieve them. */
BlockSignals(False, SIGHUP);
BlockSignals(False, SIGUSR1);
BlockSignals(False, SIGTERM);
/* Ensure we leave no zombies until we
* correctly set up child handling below. */
CatchChild();
/* we want total control over the permissions on created files,
so set our umask to 0 */
umask(0);
reopen_logs();
DEBUG(0,("smbd version %s started.\n", samba_version_string()));
DEBUGADD(0,("%s\n", COPYRIGHT_STARTUP_MESSAGE));
DEBUG(2,("uid=%d gid=%d euid=%d egid=%d\n",
(int)getuid(),(int)getgid(),(int)geteuid(),(int)getegid()));
/* Output the build options to the debug log */
build_options(False);
if (sizeof(uint16) < 2 || sizeof(uint32) < 4) {
DEBUG(0,("ERROR: Samba is not configured correctly for the word size on your machine\n"));
exit(1);
}
if (!lp_load_initial_only(get_dyn_CONFIGFILE())) {
DEBUG(0, ("error opening config file '%s'\n", get_dyn_CONFIGFILE()));
exit(1);
}
/* Init the security context and global current_user */
init_sec_ctx();
/*
* Initialize the event context. The event context needs to be
* initialized before the messaging context, cause the messaging
* context holds an event context.
* FIXME: This should be s3_tevent_context_init()
*/
ev_ctx = server_event_context();
if (ev_ctx == NULL) {
exit(1);
}
/*
* Init the messaging context
* FIXME: This should only call messaging_init()
*/
msg_ctx = server_messaging_context();
if (msg_ctx == NULL) {
exit(1);
}
/*
* Reloading of the printers will not work here as we don't have a
* server info and rpc services set up. It will be called later.
*/
if (!reload_services(NULL, -1, False)) {
exit(1);
}
/* ...NOTE... Log files are working from this point! */
DEBUG(3,("loaded services\n"));
init_structs();
#ifdef WITH_PROFILE
if (!profile_setup(msg_ctx, False)) {
DEBUG(0,("ERROR: failed to setup profiling\n"));
return -1;
}
if (profile_level != NULL) {
int pl = atoi(profile_level);
struct server_id src;
DEBUG(1, ("setting profiling level: %s\n",profile_level));
src.pid = getpid();
set_profile_level(pl, src);
}
#endif
if (!is_daemon && !is_a_socket(0)) {
if (!interactive)
DEBUG(0,("standard input is not a socket, assuming -D option\n"));
/*
* Setting is_daemon here prevents us from eventually calling
* the open_sockets_inetd()
*/
is_daemon = True;
}
if (is_daemon && !interactive) {
DEBUG( 3, ( "Becoming a daemon.\n" ) );
become_daemon(Fork, no_process_group, log_stdout);
}
generate_random_buffer((uint8_t *)&unique_id, sizeof(unique_id));
set_my_unique_id(unique_id);
#if HAVE_SETPGID
/*
* If we're interactive we want to set our own process group for
* signal management.
*/
if (interactive && !no_process_group)
setpgid( (pid_t)0, (pid_t)0);
#endif
if (!directory_exist(lp_lockdir()))
mkdir(lp_lockdir(), 0755);
if (is_daemon)
pidfile_create("smbd");
status = reinit_after_fork(msg_ctx,
ev_ctx,
procid_self(), false);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("reinit_after_fork() failed\n"));
exit(1);
}
smbd_server_conn->msg_ctx = msg_ctx;
smbd_setup_sig_term_handler();
smbd_setup_sig_hup_handler(ev_ctx,
msg_ctx);
/* Setup all the TDB's - including CLEAR_IF_FIRST tdb's. */
if (smbd_memcache() == NULL) {
exit(1);
}
memcache_set_global(smbd_memcache());
/* Initialise the password backed before the global_sam_sid
to ensure that we fetch from ldap before we make a domain sid up */
if(!initialize_password_db(false, ev_ctx))
exit(1);
if (!secrets_init()) {
DEBUG(0, ("ERROR: smbd can not open secrets.tdb\n"));
exit(1);
}
if (lp_server_role() == ROLE_DOMAIN_BDC || lp_server_role() == ROLE_DOMAIN_PDC) {
struct loadparm_context *lp_ctx = loadparm_init_s3(NULL, loadparm_s3_context());
if (!open_schannel_session_store(NULL, lp_ctx)) {
DEBUG(0,("ERROR: Samba cannot open schannel store for secured NETLOGON operations.\n"));
exit(1);
}
TALLOC_FREE(lp_ctx);
}
if(!get_global_sam_sid()) {
DEBUG(0,("ERROR: Samba cannot create a SAM SID.\n"));
exit(1);
}
if (!sessionid_init()) {
exit(1);
}
if (!connections_init(True))
exit(1);
if (!locking_init())
exit(1);
if (!messaging_tdb_parent_init(ev_ctx)) {
exit(1);
}
if (!notify_internal_parent_init(ev_ctx)) {
exit(1);
}
if (!serverid_parent_init(ev_ctx)) {
exit(1);
}
if (!W_ERROR_IS_OK(registry_init_full()))
exit(1);
/* Open the share_info.tdb here, so we don't have to open
after the fork on every single connection. This is a small
performance improvment and reduces the total number of system
fds used. */
if (!share_info_db_init()) {
DEBUG(0,("ERROR: failed to load share info db.\n"));
exit(1);
}
status = init_system_info();
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("ERROR: failed to setup system user info: %s.\n",
nt_errstr(status)));
return -1;
}
if (!init_guest_info()) {
DEBUG(0,("ERROR: failed to setup guest info.\n"));
return -1;
}
if (!file_init(smbd_server_conn)) {
DEBUG(0, ("ERROR: file_init failed\n"));
return -1;
}
/* This MUST be done before start_epmd() because otherwise
* start_epmd() forks and races against dcesrv_ep_setup() to
* call directory_create_or_exist() */
if (!directory_create_or_exist(lp_ncalrpc_dir(), geteuid(), 0755)) {
DEBUG(0, ("Failed to create pipe directory %s - %s\n",
lp_ncalrpc_dir(), strerror(errno)));
return -1;
}
if (is_daemon && !interactive) {
if (rpc_epmapper_daemon() == RPC_DAEMON_FORK) {
start_epmd(ev_ctx, msg_ctx);
}
}
if (!dcesrv_ep_setup(ev_ctx, msg_ctx)) {
exit(1);
}
/* only start other daemons if we are running as a daemon
* -- bad things will happen if smbd is launched via inetd
* and we fork a copy of ourselves here */
if (is_daemon && !interactive) {
if (rpc_lsasd_daemon() == RPC_DAEMON_FORK) {
start_lsasd(ev_ctx, msg_ctx);
}
if (!_lp_disable_spoolss() &&
(rpc_spoolss_daemon() != RPC_DAEMON_DISABLED)) {
bool bgq = lp_parm_bool(-1, "smbd", "backgroundqueue", true);
if (!printing_subsystem_init(ev_ctx, msg_ctx, true, bgq)) {
exit(1);
}
}
} else if (!_lp_disable_spoolss() &&
(rpc_spoolss_daemon() != RPC_DAEMON_DISABLED)) {
if (!printing_subsystem_init(ev_ctx, msg_ctx, false, false)) {
exit(1);
}
}
if (!is_daemon) {
/* inetd mode */
TALLOC_FREE(frame);
/* Started from inetd. fd 0 is the socket. */
/* We will abort gracefully when the client or remote system
goes away */
smbd_server_conn->sock = dup(0);
/* close our standard file descriptors */
if (!debug_get_output_is_stdout()) {
close_low_fds(False); /* Don't close stderr */
}
#ifdef HAVE_ATEXIT
atexit(killkids);
#endif
/* Stop zombies */
smbd_setup_sig_chld_handler(ev_ctx);
smbd_process(ev_ctx, smbd_server_conn);
exit_server_cleanly(NULL);
return(0);
}
parent = talloc_zero(ev_ctx, struct smbd_parent_context);
if (!parent) {
exit_server("talloc(struct smbd_parent_context) failed");
}
parent->interactive = interactive;
if (!open_sockets_smbd(parent, ev_ctx, msg_ctx, ports))
exit_server("open_sockets_smbd() failed");
/* do a printer update now that all messaging has been set up,
* before we allow clients to start connecting */
printing_subsystem_update(ev_ctx, msg_ctx, false);
TALLOC_FREE(frame);
/* make sure we always have a valid stackframe */
frame = talloc_stackframe();
smbd_parent_loop(ev_ctx, parent);
exit_server_cleanly(NULL);
TALLOC_FREE(frame);
return(0);
}
int main(int ac, char **av)
{
AFPConfig *config;
fd_set rfds;
void *ipc;
struct sigaction sv;
sigset_t sigs;
int ret;
#ifdef TRU64
argc = ac;
argv = av;
set_auth_parameters( ac, av );
#endif /* TRU64 */
/* Log SIGBUS/SIGSEGV SBT */
fault_setup(NULL);
/* Default log setup: log to syslog */
setuplog("default log_note");
afp_options_init(&default_options);
if (!afp_options_parse(ac, av, &default_options))
exit(EXITERR_CONF);
/* Save the user's current umask for use with CNID (and maybe some
* other things, too). */
default_options.save_mask = umask( default_options.umask );
switch(server_lock("afpd", default_options.pidfile,
default_options.flags & OPTION_DEBUG)) {
case -1: /* error */
exit(EXITERR_SYS);
case 0: /* child */
break;
default: /* server */
exit(0);
}
atexit(afp_exit);
/* install child handler for asp and dsi. we do this before afp_goaway
* as afp_goaway references stuff from here.
* XXX: this should really be setup after the initial connections. */
if (!(server_children = server_child_alloc(default_options.connections,
CHILD_NFORKS))) {
LOG(log_error, logtype_afpd, "main: server_child alloc: %s", strerror(errno) );
exit(EXITERR_SYS);
}
memset(&sv, 0, sizeof(sv));
/* linux at least up to 2.4.22 send a SIGXFZ for vfat fs,
even if the file is open with O_LARGEFILE ! */
#ifdef SIGXFSZ
sv.sa_handler = SIG_IGN;
sigemptyset( &sv.sa_mask );
if (sigaction(SIGXFSZ, &sv, NULL ) < 0 ) {
LOG(log_error, logtype_afpd, "main: sigaction: %s", strerror(errno) );
exit(EXITERR_SYS);
}
#endif
sv.sa_handler = child_handler;
sigemptyset( &sv.sa_mask );
sigaddset(&sv.sa_mask, SIGALRM);
sigaddset(&sv.sa_mask, SIGHUP);
sigaddset(&sv.sa_mask, SIGTERM);
sigaddset(&sv.sa_mask, SIGUSR1);
sigaddset(&sv.sa_mask, SIGQUIT);
sv.sa_flags = SA_RESTART;
if ( sigaction( SIGCHLD, &sv, NULL ) < 0 ) {
LOG(log_error, logtype_afpd, "main: sigaction: %s", strerror(errno) );
exit(EXITERR_SYS);
}
sv.sa_handler = afp_goaway;
sigemptyset( &sv.sa_mask );
sigaddset(&sv.sa_mask, SIGALRM);
sigaddset(&sv.sa_mask, SIGTERM);
sigaddset(&sv.sa_mask, SIGHUP);
sigaddset(&sv.sa_mask, SIGCHLD);
sigaddset(&sv.sa_mask, SIGQUIT);
sv.sa_flags = SA_RESTART;
if ( sigaction( SIGUSR1, &sv, NULL ) < 0 ) {
LOG(log_error, logtype_afpd, "main: sigaction: %s", strerror(errno) );
exit(EXITERR_SYS);
}
sigemptyset( &sv.sa_mask );
sigaddset(&sv.sa_mask, SIGALRM);
sigaddset(&sv.sa_mask, SIGTERM);
sigaddset(&sv.sa_mask, SIGUSR1);
sigaddset(&sv.sa_mask, SIGCHLD);
sigaddset(&sv.sa_mask, SIGQUIT);
sv.sa_flags = SA_RESTART;
if ( sigaction( SIGHUP, &sv, NULL ) < 0 ) {
LOG(log_error, logtype_afpd, "main: sigaction: %s", strerror(errno) );
exit(EXITERR_SYS);
}
sigemptyset( &sv.sa_mask );
sigaddset(&sv.sa_mask, SIGALRM);
sigaddset(&sv.sa_mask, SIGHUP);
sigaddset(&sv.sa_mask, SIGUSR1);
sigaddset(&sv.sa_mask, SIGCHLD);
sigaddset(&sv.sa_mask, SIGQUIT);
sv.sa_flags = SA_RESTART;
if ( sigaction( SIGTERM, &sv, NULL ) < 0 ) {
LOG(log_error, logtype_afpd, "main: sigaction: %s", strerror(errno) );
exit(EXITERR_SYS);
}
sigemptyset( &sv.sa_mask );
sigaddset(&sv.sa_mask, SIGALRM);
sigaddset(&sv.sa_mask, SIGHUP);
sigaddset(&sv.sa_mask, SIGUSR1);
sigaddset(&sv.sa_mask, SIGCHLD);
sigaddset(&sv.sa_mask, SIGTERM);
sv.sa_flags = SA_RESTART;
if (sigaction(SIGQUIT, &sv, NULL ) < 0 ) {
LOG(log_error, logtype_afpd, "main: sigaction: %s", strerror(errno) );
exit(EXITERR_SYS);
}
/* afpd.conf: not in config file: lockfile, connections, configfile
* preference: command-line provides defaults.
* config file over-writes defaults.
*
* we also need to make sure that killing afpd during startup
* won't leave any lingering registered names around.
*/
sigemptyset(&sigs);
sigaddset(&sigs, SIGALRM);
sigaddset(&sigs, SIGHUP);
sigaddset(&sigs, SIGUSR1);
#if 0
/* don't block SIGTERM */
sigaddset(&sigs, SIGTERM);
#endif
sigaddset(&sigs, SIGCHLD);
pthread_sigmask(SIG_BLOCK, &sigs, NULL);
if (!(configs = configinit(&default_options))) {
LOG(log_error, logtype_afpd, "main: no servers configured");
exit(EXITERR_CONF);
}
pthread_sigmask(SIG_UNBLOCK, &sigs, NULL);
/* Register CNID */
cnid_init();
/* watch atp, dsi sockets and ipc parent/child file descriptor. */
disasociated_ipc_fd = ipc_server_uds(_PATH_AFP_IPC);
fd_set_listening_sockets();
/* set limits */
(void)setlimits();
afp_child_t *child;
int fd[2]; /* we only use one, but server_child_add expects [2] */
pid_t pid;
/* wait for an appleshare connection. parent remains in the loop
* while the children get handled by afp_over_{asp,dsi}. this is
* currently vulnerable to a denial-of-service attack if a
* connection is made without an actual login attempt being made
* afterwards. establishing timeouts for logins is a possible
* solution. */
while (1) {
LOG(log_maxdebug, logtype_afpd, "main: polling %i fds", fdset_used);
pthread_sigmask(SIG_UNBLOCK, &sigs, NULL);
ret = poll(fdset, fdset_used, -1);
pthread_sigmask(SIG_BLOCK, &sigs, NULL);
int saveerrno = errno;
if (reloadconfig) {
nologin++;
auth_unload();
fd_reset_listening_sockets();
LOG(log_info, logtype_afpd, "re-reading configuration file");
for (config = configs; config; config = config->next)
if (config->server_cleanup)
config->server_cleanup(config);
/* configfree close atp socket used for DDP tickle, there's an issue
* with atp tid. */
configfree(configs, NULL);
if (!(configs = configinit(&default_options))) {
LOG(log_error, logtype_afpd, "config re-read: no servers configured");
exit(EXITERR_CONF);
}
fd_set_listening_sockets();
nologin = 0;
reloadconfig = 0;
errno = saveerrno;
continue;
}
if (ret == 0)
continue;
if (ret < 0) {
if (errno == EINTR)
continue;
LOG(log_error, logtype_afpd, "main: can't wait for input: %s", strerror(errno));
break;
}
for (int i = 0; i < fdset_used; i++) {
if (fdset[i].revents & (POLLIN | POLLERR | POLLHUP)) {
switch (polldata[i].fdtype) {
case LISTEN_FD:
config = (AFPConfig *)polldata[i].data;
/* config->server_start is afp_config.c:dsi_start() for DSI */
if (child = config->server_start(config, configs, server_children)) {
/* Add IPC fd to select fd set */
fdset_add_fd(&fdset, &polldata, &fdset_used, &fdset_size, child->ipc_fds[0], IPC_FD, child);
}
break;
case IPC_FD:
child = (afp_child_t *)polldata[i].data;
LOG(log_debug, logtype_afpd, "main: IPC request from child[%u]", child->pid);
if (ipc_server_read(server_children, child->ipc_fds[0]) != 0) {
fdset_del_fd(&fdset, &polldata, &fdset_used, &fdset_size, child->ipc_fds[0]);
close(child->ipc_fds[0]);
child->ipc_fds[0] = -1;
if (child->disasociated) {
LOG(log_note, logtype_afpd, "main: removing reattached child[%u]", child->pid);
server_child_remove(server_children, CHILD_DSIFORK, child->pid);
}
}
break;
case DISASOCIATED_IPC_FD:
LOG(log_debug, logtype_afpd, "main: IPC reconnect request");
if ((fd[0] = accept(disasociated_ipc_fd, NULL, NULL)) == -1) {
LOG(log_error, logtype_afpd, "main: accept: %s", strerror(errno));
break;
}
if (readt(fd[0], &pid, sizeof(pid_t), 0, 1) != sizeof(pid_t)) {
LOG(log_error, logtype_afpd, "main: readt: %s", strerror(errno));
close(fd[0]);
break;
}
LOG(log_note, logtype_afpd, "main: IPC reconnect from pid [%u]", pid);
if ((child = server_child_add(server_children, CHILD_DSIFORK, pid, fd)) == NULL) {
LOG(log_error, logtype_afpd, "main: server_child_add");
close(fd[0]);
break;
}
child->disasociated = 1;
fdset_add_fd(&fdset, &polldata, &fdset_used, &fdset_size, fd[0], IPC_FD, child);
break;
default:
LOG(log_debug, logtype_afpd, "main: IPC request for unknown type");
break;
} /* switch */
} /* if */
} /* for (i)*/
} /* while (1) */
return 0;
}
/*
* The main guy.
*/
int main(int argc, char *argv[])
{
int rcode = EXIT_SUCCESS;
int status;
int argval;
bool spawn_flag = true;
bool write_pid = false;
bool display_version = false;
int flag = 0;
int from_child[2] = {-1, -1};
fr_state_t *state = NULL;
/*
* We probably don't want to free the talloc autofree context
* directly, so we'll allocate a new context beneath it, and
* free that before any leak reports.
*/
TALLOC_CTX *autofree = talloc_init("main");
#ifdef OSFC2
set_auth_parameters(argc, argv);
#endif
if ((progname = strrchr(argv[0], FR_DIR_SEP)) == NULL)
progname = argv[0];
else
progname++;
#ifdef WIN32
{
WSADATA wsaData;
if (WSAStartup(MAKEWORD(2, 0), &wsaData)) {
fprintf(stderr, "%s: Unable to initialize socket library.\n", progname);
exit(EXIT_FAILURE);
}
}
#endif
rad_debug_lvl = 0;
set_radius_dir(autofree, RADIUS_DIR);
/*
* Ensure that the configuration is initialized.
*/
memset(&main_config, 0, sizeof(main_config));
main_config.myip.af = AF_UNSPEC;
main_config.port = 0;
main_config.name = "radiusd";
main_config.daemonize = true;
/*
* Don't put output anywhere until we get told a little
* more.
*/
default_log.dst = L_DST_NULL;
default_log.fd = -1;
main_config.log_file = NULL;
/* Process the options. */
while ((argval = getopt(argc, argv, "Cd:D:fhi:l:mMn:p:PstvxX")) != EOF) {
switch (argval) {
case 'C':
check_config = true;
spawn_flag = false;
main_config.daemonize = false;
break;
case 'd':
set_radius_dir(autofree, optarg);
break;
case 'D':
main_config.dictionary_dir = talloc_typed_strdup(autofree, optarg);
break;
case 'f':
main_config.daemonize = false;
break;
case 'h':
usage(0);
break;
case 'l':
if (strcmp(optarg, "stdout") == 0) {
goto do_stdout;
}
main_config.log_file = strdup(optarg);
default_log.dst = L_DST_FILES;
default_log.fd = open(main_config.log_file,
O_WRONLY | O_APPEND | O_CREAT, 0640);
if (default_log.fd < 0) {
fprintf(stderr, "radiusd: Failed to open log file %s: %s\n", main_config.log_file, fr_syserror(errno));
exit(EXIT_FAILURE);
}
fr_log_fp = fdopen(default_log.fd, "a");
break;
case 'i':
if (ip_hton(&main_config.myip, AF_UNSPEC, optarg, false) < 0) {
fprintf(stderr, "radiusd: Invalid IP Address or hostname \"%s\"\n", optarg);
exit(EXIT_FAILURE);
}
flag |= 1;
break;
case 'n':
main_config.name = optarg;
break;
case 'm':
main_config.debug_memory = true;
break;
case 'M':
main_config.memory_report = true;
main_config.debug_memory = true;
break;
case 'p':
{
unsigned long port;
port = strtoul(optarg, 0, 10);
if ((port == 0) || (port > UINT16_MAX)) {
fprintf(stderr, "radiusd: Invalid port number \"%s\"\n", optarg);
exit(EXIT_FAILURE);
}
main_config.port = (uint16_t) port;
flag |= 2;
}
break;
case 'P':
/* Force the PID to be written, even in -f mode */
write_pid = true;
break;
case 's': /* Single process mode */
spawn_flag = false;
main_config.daemonize = false;
break;
case 't': /* no child threads */
spawn_flag = false;
break;
case 'v':
display_version = true;
break;
case 'X':
spawn_flag = false;
main_config.daemonize = false;
rad_debug_lvl += 2;
main_config.log_auth = true;
main_config.log_auth_badpass = true;
main_config.log_auth_goodpass = true;
do_stdout:
fr_log_fp = stdout;
default_log.dst = L_DST_STDOUT;
default_log.fd = STDOUT_FILENO;
break;
case 'x':
rad_debug_lvl++;
break;
default:
usage(1);
break;
}
}
/*
* Mismatch between the binary and the libraries it depends on.
*/
if (fr_check_lib_magic(RADIUSD_MAGIC_NUMBER) < 0) {
fr_perror("radiusd");
exit(EXIT_FAILURE);
}
if (rad_check_lib_magic(RADIUSD_MAGIC_NUMBER) < 0) exit(EXIT_FAILURE);
/*
* Mismatch between build time OpenSSL and linked SSL, better to die
* here than segfault later.
*/
#ifdef HAVE_OPENSSL_CRYPTO_H
if (ssl_check_consistency() < 0) exit(EXIT_FAILURE);
#endif
if (flag && (flag != 0x03)) {
fprintf(stderr, "radiusd: The options -i and -p cannot be used individually.\n");
exit(EXIT_FAILURE);
}
/*
* According to the talloc peeps, no two threads may modify any part of
* a ctx tree with a common root without synchronisation.
*
* So we can't run with a null context and threads.
*/
if (main_config.memory_report) {
if (spawn_flag) {
fprintf(stderr, "radiusd: The server cannot produce memory reports (-M) in threaded mode\n");
exit(EXIT_FAILURE);
}
talloc_enable_null_tracking();
} else {
talloc_disable_null_tracking();
}
/*
* Better here, so it doesn't matter whether we get passed -xv or -vx.
*/
if (display_version) {
/* Don't print timestamps */
rad_debug_lvl += 2;
fr_log_fp = stdout;
default_log.dst = L_DST_STDOUT;
default_log.fd = STDOUT_FILENO;
INFO("%s: %s", progname, radiusd_version);
version_print();
exit(EXIT_SUCCESS);
}
if (rad_debug_lvl) version_print();
/*
* Under linux CAP_SYS_PTRACE is usually only available before setuid/setguid,
* so we need to check whether we can attach before calling those functions
* (in main_config_init()).
*/
fr_store_debug_state();
/*
* Initialising OpenSSL once, here, is safer than having individual modules do it.
*/
#ifdef HAVE_OPENSSL_CRYPTO_H
tls_global_init();
#endif
/*
* Read the configuration files, BEFORE doing anything else.
*/
if (main_config_init() < 0) exit(EXIT_FAILURE);
/*
* This is very useful in figuring out why the panic_action didn't fire.
*/
INFO("%s", fr_debug_state_to_msg(fr_debug_state));
/*
* Check for vulnerabilities in the version of libssl were linked against.
*/
#if defined(HAVE_OPENSSL_CRYPTO_H) && defined(ENABLE_OPENSSL_VERSION_CHECK)
if (tls_global_version_check(main_config.allow_vulnerable_openssl) < 0) exit(EXIT_FAILURE);
#endif
fr_talloc_fault_setup();
/*
* Set the panic action (if required)
*/
{
char const *panic_action = NULL;
panic_action = getenv("PANIC_ACTION");
if (!panic_action) panic_action = main_config.panic_action;
if (panic_action && (fr_fault_setup(panic_action, argv[0]) < 0)) {
fr_perror("radiusd");
exit(EXIT_FAILURE);
}
}
#ifndef __MINGW32__
/*
* Disconnect from session
*/
if (main_config.daemonize) {
pid_t pid;
int devnull;
/*
* Really weird things happen if we leave stdin open and call things like
* system() later.
*/
devnull = open("/dev/null", O_RDWR);
if (devnull < 0) {
ERROR("Failed opening /dev/null: %s", fr_syserror(errno));
exit(EXIT_FAILURE);
}
dup2(devnull, STDIN_FILENO);
close(devnull);
if (pipe(from_child) != 0) {
ERROR("Couldn't open pipe for child status: %s", fr_syserror(errno));
exit(EXIT_FAILURE);
}
pid = fork();
if (pid < 0) {
ERROR("Couldn't fork: %s", fr_syserror(errno));
exit(EXIT_FAILURE);
}
/*
* The parent exits, so the child can run in the background.
*
* As the child can still encounter an error during initialisation
* we do a blocking read on a pipe between it and the parent.
*
* Just before entering the event loop the child will send a success
* or failure message to the parent, via the pipe.
*/
if (pid > 0) {
uint8_t ret = 0;
int stat_loc;
/* So the pipe is correctly widowed if the child exits */
close(from_child[1]);
/*
* The child writes a 0x01 byte on success, and closes
* the pipe on error.
*/
if ((read(from_child[0], &ret, 1) < 0)) {
ret = 0;
}
/* For cleanliness... */
close(from_child[0]);
/* Don't turn children into zombies */
if (!ret) {
waitpid(pid, &stat_loc, WNOHANG);
exit(EXIT_FAILURE);
}
exit(EXIT_SUCCESS);
}
/* so the pipe is correctly widowed if the parent exits?! */
close(from_child[0]);
# ifdef HAVE_SETSID
setsid();
# endif
}
#endif
/*
* Ensure that we're using the CORRECT pid after forking, NOT the one
* we started with.
*/
radius_pid = getpid();
/*
* Initialize any event loops just enough so module instantiations can
* add fd/event to them, but do not start them yet.
*
* This has to be done post-fork in case we're using kqueue, where the
* queue isn't inherited by the child process.
*/
if (!radius_event_init(autofree)) exit(EXIT_FAILURE);
/*
* Load the modules
*/
if (modules_init(main_config.config) < 0) exit(EXIT_FAILURE);
/*
* Redirect stderr/stdout as appropriate.
*/
if (radlog_init(&default_log, main_config.daemonize) < 0) {
ERROR("%s", fr_strerror());
exit(EXIT_FAILURE);
}
event_loop_started = true;
/*
* Start the event loop(s) and threads.
*/
radius_event_start(main_config.config, spawn_flag);
/*
* Now that we've set everything up, we can install the signal
* handlers. Before this, if we get any signal, we don't know
* what to do, so we might as well do the default, and die.
*/
#ifdef SIGPIPE
signal(SIGPIPE, SIG_IGN);
#endif
if ((fr_set_signal(SIGHUP, sig_hup) < 0) ||
(fr_set_signal(SIGTERM, sig_fatal) < 0)) {
ERROR("%s", fr_strerror());
exit(EXIT_FAILURE);
}
/*
* If we're debugging, then a CTRL-C will cause the server to die
* immediately. Use SIGTERM to shut down the server cleanly in
* that case.
*/
if (main_config.debug_memory || (rad_debug_lvl == 0)) {
if ((fr_set_signal(SIGINT, sig_fatal) < 0)
#ifdef SIGQUIT
|| (fr_set_signal(SIGQUIT, sig_fatal) < 0)
#endif
) {
ERROR("%s", fr_strerror());
exit(EXIT_FAILURE);
}
}
/*
* Everything seems to have loaded OK, exit gracefully.
*/
if (check_config) {
DEBUG("Configuration appears to be OK");
/* for -C -m|-M */
if (main_config.debug_memory) goto cleanup;
exit(EXIT_SUCCESS);
}
#ifdef WITH_STATS
radius_stats_init(0);
#endif
/*
* Write the PID always if we're running as a daemon.
*/
if (main_config.daemonize) write_pid = true;
/*
* Write the PID after we've forked, so that we write the correct one.
*/
if (write_pid) {
FILE *fp;
fp = fopen(main_config.pid_file, "w");
if (fp != NULL) {
/*
* @fixme What about following symlinks,
* and having it over-write a normal file?
*/
fprintf(fp, "%d\n", (int) radius_pid);
fclose(fp);
} else {
ERROR("Failed creating PID file %s: %s", main_config.pid_file, fr_syserror(errno));
exit(EXIT_FAILURE);
}
}
exec_trigger(NULL, NULL, "server.start", false);
/*
* Inform the parent (who should still be waiting) that the rest of
* initialisation went OK, and that it should exit with a 0 status.
* If we don't get this far, then we just close the pipe on exit, and the
* parent gets a read failure.
*/
if (main_config.daemonize) {
if (write(from_child[1], "\001", 1) < 0) {
WARN("Failed informing parent of successful start: %s",
fr_syserror(errno));
}
close(from_child[1]);
}
/*
* Clear the libfreeradius error buffer.
*/
fr_strerror();
/*
* Initialise the state rbtree (used to link multiple rounds of challenges).
*/
state = fr_state_init(NULL, 0);
/*
* Process requests until HUP or exit.
*/
while ((status = radius_event_process()) == 0x80) {
#ifdef WITH_STATS
radius_stats_init(1);
#endif
main_config_hup();
}
if (status < 0) {
ERROR("Exiting due to internal error: %s", fr_strerror());
rcode = EXIT_FAILURE;
} else {
INFO("Exiting normally");
}
/*
* Ignore the TERM signal: we're about to die.
*/
signal(SIGTERM, SIG_IGN);
/*
* Fire signal and stop triggers after ignoring SIGTERM, so handlers are
* not killed with the rest of the process group, below.
*/
if (status == 2) exec_trigger(NULL, NULL, "server.signal.term", true);
exec_trigger(NULL, NULL, "server.stop", false);
/*
* Send a TERM signal to all associated processes
* (including us, which gets ignored.)
*/
#ifndef __MINGW32__
if (spawn_flag) kill(-radius_pid, SIGTERM);
#endif
/*
* We're exiting, so we can delete the PID file.
* (If it doesn't exist, we can ignore the error returned by unlink)
*/
if (main_config.daemonize) unlink(main_config.pid_file);
radius_event_free();
cleanup:
/*
* Detach any modules.
*/
modules_free();
xlat_free(); /* modules may have xlat's */
fr_state_delete(state);
/*
* Free the configuration items.
*/
main_config_free();
#ifdef WIN32
WSACleanup();
#endif
#ifdef HAVE_OPENSSL_CRYPTO_H
tls_global_cleanup();
#endif
/*
* So we don't see autofreed memory in the talloc report
*/
talloc_free(autofree);
if (main_config.memory_report) {
INFO("Allocated memory at time of report:");
fr_log_talloc_report(NULL);
}
return rcode;
}
/*
* The main guy.
*/
int main(int argc, char *argv[])
{
int rcode = EXIT_SUCCESS;
int status;
int argval;
int spawn_flag = true;
int dont_fork = false;
int write_pid = false;
int flag = 0;
#ifdef HAVE_SIGACTION
struct sigaction act;
#endif
#ifdef OSFC2
set_auth_parameters(argc,argv);
#endif
if ((progname = strrchr(argv[0], FR_DIR_SEP)) == NULL)
progname = argv[0];
else
progname++;
#ifdef WIN32
{
WSADATA wsaData;
if (WSAStartup(MAKEWORD(2, 0), &wsaData)) {
fprintf(stderr, "%s: Unable to initialize socket library.\n", progname);
return 1;
}
}
#endif
debug_flag = 0;
spawn_flag = true;
radius_dir = talloc_strdup(NULL, RADIUS_DIR);
/*
* Ensure that the configuration is initialized.
*/
memset(&mainconfig, 0, sizeof(mainconfig));
mainconfig.myip.af = AF_UNSPEC;
mainconfig.port = -1;
mainconfig.name = "radiusd";
#ifdef HAVE_SIGACTION
memset(&act, 0, sizeof(act));
act.sa_flags = 0 ;
sigemptyset( &act.sa_mask ) ;
#endif
/*
* Don't put output anywhere until we get told a little
* more.
*/
default_log.dest = L_DST_NULL;
default_log.fd = -1;
mainconfig.log_file = NULL;
/* Process the options. */
while ((argval = getopt(argc, argv, "Cd:D:fhi:l:mMn:p:PstvxX")) != EOF) {
switch(argval) {
case 'C':
check_config = true;
spawn_flag = false;
dont_fork = true;
break;
case 'd':
if (radius_dir) {
rad_const_free(radius_dir);
}
radius_dir = talloc_strdup(NULL, optarg);
break;
case 'D':
mainconfig.dictionary_dir = talloc_strdup(NULL, optarg);
break;
case 'f':
dont_fork = true;
break;
case 'h':
usage(0);
break;
case 'l':
if (strcmp(optarg, "stdout") == 0) {
goto do_stdout;
}
mainconfig.log_file = strdup(optarg);
default_log.dest = L_DST_FILES;
default_log.fd = open(mainconfig.log_file,
O_WRONLY | O_APPEND | O_CREAT, 0640);
if (default_log.fd < 0) {
fprintf(stderr, "radiusd: Failed to open log file %s: %s\n", mainconfig.log_file, fr_syserror(errno));
exit(EXIT_FAILURE);
}
fr_log_fp = fdopen(default_log.fd, "a");
break;
case 'i':
if (ip_hton(optarg, AF_UNSPEC, &mainconfig.myip) < 0) {
fprintf(stderr, "radiusd: Invalid IP Address or hostname \"%s\"\n", optarg);
exit(EXIT_FAILURE);
}
flag |= 1;
break;
case 'n':
mainconfig.name = optarg;
break;
case 'm':
mainconfig.debug_memory = 1;
break;
case 'M':
memory_report = 1;
mainconfig.debug_memory = 1;
break;
case 'p':
mainconfig.port = atoi(optarg);
if ((mainconfig.port <= 0) ||
(mainconfig.port >= 65536)) {
fprintf(stderr, "radiusd: Invalid port number %s\n", optarg);
exit(EXIT_FAILURE);
}
flag |= 2;
break;
case 'P':
/* Force the PID to be written, even in -f mode */
write_pid = true;
break;
case 's': /* Single process mode */
spawn_flag = false;
dont_fork = true;
break;
case 't': /* no child threads */
spawn_flag = false;
break;
case 'v':
/* Don't print timestamps */
debug_flag += 2;
fr_log_fp = stdout;
default_log.dest = L_DST_STDOUT;
default_log.fd = STDOUT_FILENO;
version();
exit(EXIT_SUCCESS);
case 'X':
spawn_flag = false;
dont_fork = true;
debug_flag += 2;
mainconfig.log_auth = true;
mainconfig.log_auth_badpass = true;
mainconfig.log_auth_goodpass = true;
do_stdout:
fr_log_fp = stdout;
default_log.dest = L_DST_STDOUT;
default_log.fd = STDOUT_FILENO;
break;
case 'x':
debug_flag++;
break;
default:
usage(1);
break;
}
}
if (memory_report) {
talloc_enable_null_tracking();
#ifdef WITH_VERIFY_PTR
talloc_set_abort_fn(die_horribly);
#endif
}
talloc_set_log_fn(log_talloc);
/*
* Mismatch between build time OpenSSL and linked SSL,
* better to die here than segfault later.
*/
#ifdef HAVE_OPENSSL_CRYPTO_H
if (ssl_check_version() < 0) {
exit(EXIT_FAILURE);
}
#endif
if (flag && (flag != 0x03)) {
fprintf(stderr, "radiusd: The options -i and -p cannot be used individually.\n");
exit(EXIT_FAILURE);
}
if (debug_flag) {
version();
}
/* Read the configuration files, BEFORE doing anything else. */
if (read_mainconfig(0) < 0) {
exit(EXIT_FAILURE);
}
#ifndef __MINGW32__
/*
* Disconnect from session
*/
if (dont_fork == false) {
pid_t pid = fork();
if (pid < 0) {
ERROR("Couldn't fork: %s", fr_syserror(errno));
exit(EXIT_FAILURE);
}
/*
* The parent exits, so the child can run in the background.
*/
if (pid > 0) {
exit(EXIT_SUCCESS);
}
#ifdef HAVE_SETSID
setsid();
#endif
}
#endif
/*
* Ensure that we're using the CORRECT pid after forking,
* NOT the one we started with.
*/
radius_pid = getpid();
/*
* If we're running as a daemon, close the default file
* descriptors, AFTER forking.
*/
if (!debug_flag) {
int devnull;
devnull = open("/dev/null", O_RDWR);
if (devnull < 0) {
ERROR("Failed opening /dev/null: %s\n",
fr_syserror(errno));
exit(EXIT_FAILURE);
}
dup2(devnull, STDIN_FILENO);
if (default_log.dest == L_DST_STDOUT) {
setlinebuf(stdout);
default_log.fd = STDOUT_FILENO;
} else {
dup2(devnull, STDOUT_FILENO);
}
if (default_log.dest == L_DST_STDERR) {
setlinebuf(stderr);
default_log.fd = STDERR_FILENO;
} else {
dup2(devnull, STDERR_FILENO);
}
close(devnull);
} else {
setlinebuf(stdout); /* unbuffered output */
}
/*
* Now we have logging check that the OpenSSL
*/
/*
* Initialize the event pool, including threads.
*/
radius_event_init(mainconfig.config, spawn_flag);
/*
* Now that we've set everything up, we can install the signal
* handlers. Before this, if we get any signal, we don't know
* what to do, so we might as well do the default, and die.
*/
#ifdef SIGPIPE
signal(SIGPIPE, SIG_IGN);
#endif
#ifdef HAVE_SIGACTION
act.sa_handler = sig_hup;
sigaction(SIGHUP, &act, NULL);
act.sa_handler = sig_fatal;
sigaction(SIGTERM, &act, NULL);
#else
#ifdef SIGHUP
signal(SIGHUP, sig_hup);
#endif
signal(SIGTERM, sig_fatal);
#endif
/*
* If we're debugging, then a CTRL-C will cause the
* server to die immediately. Use SIGTERM to shut down
* the server cleanly in that case.
*/
if ((mainconfig.debug_memory == 1) || (debug_flag == 0)) {
#ifdef HAVE_SIGACTION
act.sa_handler = sig_fatal;
sigaction(SIGINT, &act, NULL);
sigaction(SIGQUIT, &act, NULL);
#else
signal(SIGINT, sig_fatal);
#ifdef SIGQUIT
signal(SIGQUIT, sig_fatal);
#endif
#endif
}
/*
* Everything seems to have loaded OK, exit gracefully.
*/
if (check_config) {
DEBUG("Configuration appears to be OK");
/* for -C -m|-M */
if (mainconfig.debug_memory) {
goto cleanup;
}
exit(EXIT_SUCCESS);
}
#ifdef WITH_STATS
radius_stats_init(0);
#endif
/*
* Write out the PID anyway if were in foreground mode.
*/
if (!dont_fork) write_pid = true;
/*
* Only write the PID file if we're running as a daemon.
*
* And write it AFTER we've forked, so that we write the
* correct PID.
*/
if (write_pid) {
FILE *fp;
fp = fopen(mainconfig.pid_file, "w");
if (fp != NULL) {
/*
* FIXME: What about following symlinks,
* and having it over-write a normal file?
*/
fprintf(fp, "%d\n", (int) radius_pid);
fclose(fp);
} else {
ERROR("Failed creating PID file %s: %s\n",
mainconfig.pid_file, fr_syserror(errno));
exit(EXIT_FAILURE);
}
}
exec_trigger(NULL, NULL, "server.start", false);
/*
* Process requests until HUP or exit.
*/
while ((status = radius_event_process()) == 0x80) {
#ifdef WITH_STATS
radius_stats_init(1);
#endif
hup_mainconfig();
}
if (status < 0) {
ERROR("Exiting due to internal error: %s", fr_strerror());
rcode = EXIT_FAILURE;
} else {
INFO("Exiting normally");
}
exec_trigger(NULL, NULL, "server.stop", false);
/*
* Ignore the TERM signal: we're
* about to die.
*/
signal(SIGTERM, SIG_IGN);
/*
* Send a TERM signal to all
* associated processes
* (including us, which gets
* ignored.)
*/
#ifndef __MINGW32__
if (spawn_flag) kill(-radius_pid, SIGTERM);
#endif
/*
* We're exiting, so we can delete the PID
* file. (If it doesn't exist, we can ignore
* the error returned by unlink)
*/
if (dont_fork == false) {
unlink(mainconfig.pid_file);
}
radius_event_free();
cleanup:
/*
* Detach any modules.
*/
detach_modules();
xlat_free(); /* modules may have xlat's */
/*
* Free the configuration items.
*/
free_mainconfig();
rad_const_free(radius_dir);
#ifdef WIN32
WSACleanup();
#endif
if (memory_report) {
INFO("Allocated memory at time of report:");
log_talloc_report(NULL);
}
return rcode;
}
int
main (int argc, char **argv)
{
int oldpid;
mode_t oldumask;
char cmdbuf[1024];
/* make sure at least world write access is disabled */
if (((oldumask = umask(022)) & 002) == 002)
(void) umask (oldumask);
#ifndef NOXDMTITLE
Title = argv[0];
TitleLen = (argv[argc - 1] + strlen(argv[argc - 1])) - Title;
#endif
#ifdef USESECUREWARE
set_auth_parameters (argc, argv);
#endif
/*
* Step 1 - load configuration parameters
*/
InitResources (argc, argv);
SetConfigFileTime ();
LoadDMResources ();
/*
* Only allow root to run in non-debug mode to avoid problems
*/
if (debugLevel == 0 && getuid() != 0)
{
fprintf (stderr, "Only root wants to run %s\n", argv[0]);
exit (1);
}
if (debugLevel == 0 && daemonMode)
BecomeDaemon ();
if (debugLevel == 0)
InitErrorLog ();
if (debugLevel >= 10)
nofork_session = 1;
/* SUPPRESS 560 */
if ((oldpid = StorePid ()))
{
if (oldpid == -1)
LogError ("Can't create/lock pid file %s\n", pidFile);
else
LogError ("Can't lock pid file %s, another xdm is running (pid %d)\n",
pidFile, oldpid);
exit (1);
}
LogInfo ("Starting\n");
if (atexit (RemovePid))
LogError ("could not register RemovePid() with atexit()\n");
if (nofork_session == 0) {
/* Clean up any old Authorization files */
/* AUD: all good? */
snprintf(cmdbuf, sizeof(cmdbuf), "/bin/rm -f %s/authdir/authfiles/A*", authDir);
system(cmdbuf);
}
#if!defined(HAVE_ARC4RANDOM) && !defined(DEV_RANDOM)
AddOtherEntropy ();
#endif
#ifdef XDMCP
init_session_id ();
CreateWellKnownSockets ();
#else
Debug ("xdm: not compiled for XDMCP\n");
#endif
parent_pid = getpid ();
(void) Signal (SIGTERM, StopAll);
(void) Signal (SIGINT, StopAll);
/*
* Step 2 - Read /etc/Xservers and set up
* the socket.
*
* Keep a sub-daemon running
* for each entry
*/
SetAccessFileTime ();
#ifdef XDMCP
ScanAccessDatabase ();
UpdateListenSockets ();
#endif
ScanServers ();
StartDisplays ();
#if !defined(HAVE_ARC4RANDOM) && !defined(DEV_RANDOM)
AddOtherEntropy();
#endif
(void) Signal (SIGHUP, RescanNotify);
#ifndef UNRELIABLE_SIGNALS
(void) Signal (SIGCHLD, ChildNotify);
#endif
Debug ("startup successful; entering main loop\n");
while (
#ifdef XDMCP
AnyWellKnownSockets() ||
#endif
AnyDisplaysLeft ())
{
if (Rescan)
{
RescanServers ();
Rescan = 0;
}
#if defined(UNRELIABLE_SIGNALS) || !defined(XDMCP)
WaitForChild ();
#else
WaitForSomething ();
#endif
}
Debug ("Nothing left to do, exiting\n");
LogInfo ("Exiting\n");
exit(0);
/*NOTREACHED*/
}
int main2(int argc,const char *argv[])
{
/* shall I run as a daemon */
static BOOL is_daemon = False;
static BOOL interactive = False;
static BOOL Fork = True;
static BOOL no_process_group = False;
static BOOL log_stdout = False;
static char *ports = NULL;
int opt;
#ifndef _XBOX
poptContext pc;
struct poptOption long_options[] = {
POPT_AUTOHELP
{"daemon", 'D', POPT_ARG_VAL, &is_daemon, True, "Become a daemon (default)" },
{"interactive", 'i', POPT_ARG_VAL, &interactive, True, "Run interactive (not a daemon)"},
{"foreground", 'F', POPT_ARG_VAL, &Fork, False, "Run daemon in foreground (for daemontools, etc.)" },
{"no-process-group", '\0', POPT_ARG_VAL, &no_process_group, True, "Don't create a new process group" },
{"log-stdout", 'S', POPT_ARG_VAL, &log_stdout, True, "Log to stdout" },
{"build-options", 'b', POPT_ARG_NONE, NULL, 'b', "Print build options" },
{"port", 'p', POPT_ARG_STRING, &ports, 0, "Listen on the specified ports"},
POPT_COMMON_SAMBA
POPT_COMMON_DYNCONFIG
POPT_TABLEEND
};
#else
interactive = True;
log_stdout = True;
#endif
load_case_tables();
#ifdef HAVE_SET_AUTH_PARAMETERS
set_auth_parameters(argc,argv);
#endif
#ifndef _XBOX
pc = poptGetContext("smbd", argc, argv, long_options, 0);
while((opt = poptGetNextOpt(pc)) != -1) {
switch (opt) {
case 'b':
build_options(True); /* Display output to screen as well as debug */
exit(0);
break;
}
}
poptFreeContext(pc);
#endif
#ifdef HAVE_SETLUID
/* needed for SecureWare on SCO */
setluid(0);
#endif
sec_init();
set_remote_machine_name("smbd", False);
if (interactive) {
Fork = False;
log_stdout = True;
}
if (interactive && (DEBUGLEVEL >= 9)) {
talloc_enable_leak_report();
}
if (log_stdout && Fork) {
DEBUG(0,("ERROR: Can't log to stdout (-S) unless daemon is in foreground (-F) or interactive (-i)\n"));
exit(1);
}
setup_logging(argv[0],log_stdout);
/* we want to re-seed early to prevent time delays causing
client problems at a later date. (tridge) */
generate_random_buffer(NULL, 0);
/* make absolutely sure we run as root - to handle cases where people
are crazy enough to have it setuid */
gain_root_privilege();
gain_root_group_privilege();
#ifndef _XBOX
fault_setup((void (*)(void *))exit_server_fault);
dump_core_setup("smbd");
#endif
CatchSignal(SIGTERM , SIGNAL_CAST sig_term);
#ifndef _XBOX
CatchSignal(SIGHUP,SIGNAL_CAST sig_hup);
/* we are never interested in SIGPIPE */
BlockSignals(True,SIGPIPE);
#endif
#if defined(SIGFPE)
/* we are never interested in SIGFPE */
BlockSignals(True,SIGFPE);
#endif
#if defined(SIGUSR2)
/* We are no longer interested in USR2 */
BlockSignals(True,SIGUSR2);
#endif
/* POSIX demands that signals are inherited. If the invoking process has
* these signals masked, we will have problems, as we won't recieve them. */
#ifndef _XBOX
BlockSignals(False, SIGHUP);
#endif
BlockSignals(False, SIGUSR1);
BlockSignals(False, SIGTERM);
/* we want total control over the permissions on created files,
so set our umask to 0 */
umask(0);
init_sec_ctx();
reopen_logs();
DEBUG(0,( "smbd version %s started.\n", SAMBA_VERSION_STRING));
DEBUGADD( 0, ( "%s\n", COPYRIGHT_STARTUP_MESSAGE ) );
DEBUG(2,("uid=%d gid=%d euid=%d egid=%d\n",
(int)getuid(),(int)getgid(),(int)geteuid(),(int)getegid()));
/* Output the build options to the debug log */
build_options(False);
if (sizeof(uint16) < 2 || sizeof(uint32) < 4) {
DEBUG(0,("ERROR: Samba is not configured correctly for the word size on your machine\n"));
exit(1);
}
/*
* Do this before reload_services.
*/
if (!reload_services(False))
return(-1);
init_structs();
#ifdef WITH_PROFILE
if (!profile_setup(False)) {
DEBUG(0,("ERROR: failed to setup profiling\n"));
return -1;
}
#endif
DEBUG(3,( "loaded services\n"));
if (!is_daemon && !is_a_socket(0)) {
if (!interactive)
DEBUG(0,("standard input is not a socket, assuming -D option\n"));
/*
* Setting is_daemon here prevents us from eventually calling
* the open_sockets_inetd()
*/
is_daemon = True;
}
if (is_daemon && !interactive) {
DEBUG( 3, ( "Becoming a daemon.\n" ) );
become_daemon(Fork, no_process_group);
}
#if HAVE_SETPGID
/*
* If we're interactive we want to set our own process group for
* signal management.
*/
if (interactive && !no_process_group)
setpgid( (pid_t)0, (pid_t)0);
#endif
if (!directory_exist(lp_lockdir(), NULL))
mkdir(lp_lockdir(), 0755);
#ifndef _XBOX
if (is_daemon)
pidfile_create("smbd");
#endif
/* Setup all the TDB's - including CLEAR_IF_FIRST tdb's. */
if (!message_init())
exit(1);
/* Initialize our global sam sid first -- quite a lot of the other
* initialization routines further down depend on it.
*/
/* Initialise the password backed before the global_sam_sid
to ensure that we fetch from ldap before we make a domain sid up */
if(!initialize_password_db(False))
exit(1);
/* Fail gracefully if we can't open secrets.tdb */
if (!secrets_init()) {
DEBUG(0, ("ERROR: smbd can not open secrets.tdb\n"));
exit(1);
}
if(!get_global_sam_sid()) {
DEBUG(0,("ERROR: Samba cannot create a SAM SID.\n"));
exit(1);
}
if (!session_init())
exit(1);
if (conn_tdb_ctx() == NULL)
exit(1);
if (!locking_init(0))
exit(1);
namecache_enable();
if (!init_registry())
exit(1);
#if 0
if (!init_svcctl_db())
exit(1);
#endif
#ifndef _XBOX
if (!print_backend_init())
exit(1);
#endif
if (!init_guest_info()) {
DEBUG(0,("ERROR: failed to setup guest info.\n"));
return -1;
}
/* Setup the main smbd so that we can get messages. */
/* don't worry about general printing messages here */
claim_connection(NULL,"",0,True,FLAG_MSG_GENERAL|FLAG_MSG_SMBD);
/* only start the background queue daemon if we are
running as a daemon -- bad things will happen if
smbd is launched via inetd and we fork a copy of
ourselves here */
#ifndef _XBOX
if ( is_daemon && !interactive )
start_background_queue();
#endif
/* Always attempt to initialize DMAPI. We will only use it later if
* lp_dmapi_support is set on the share, but we need a single global
* session to work with.
*/
dmapi_init_session();
if (!open_sockets_smbd(is_daemon, interactive, ports))
exit(1);
/*
* everything after this point is run after the fork()
*/
static_init_rpc;
init_modules();
/* possibly reload the services file. */
reload_services(True);
if (!init_account_policy()) {
DEBUG(0,("Could not open account policy tdb.\n"));
exit(1);
}
if (*lp_rootdir()) {
if (sys_chroot(lp_rootdir()) == 0)
DEBUG(2,("Changed root to %s\n", lp_rootdir()));
}
/* Setup oplocks */
if (!init_oplocks())
exit(1);
/* Setup change notify */
if (!init_change_notify())
exit(1);
/* Setup aio signal handler. */
initialize_async_io_handler();
/* re-initialise the timezone */
TimeInit();
/* register our message handlers */
message_register(MSG_SMB_FORCE_TDIS, msg_force_tdis);
smbd_process();
#ifdef _XBOX
xb_DecClientCount();
#endif
namecache_shutdown();
exit_server_cleanly(NULL);
return(0);
}
/*
* Main program for the daemon.
*/
int
main(int ac, char **av)
{
extern char *optarg;
extern int optind;
int opt, sock_in = 0, sock_out = 0, newsock, j, i, fdsetsz, on = 1;
pid_t pid;
socklen_t fromlen;
fd_set *fdset;
struct sockaddr_storage from;
const char *remote_ip;
int remote_port;
FILE *f;
struct linger linger;
struct addrinfo *ai;
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
int listen_sock, maxfd;
int startup_p[2];
int startups = 0;
Authctxt *authctxt;
Key *key;
int ret, key_used = 0;
#ifdef HAVE_SECUREWARE
(void)set_auth_parameters(ac, av);
#endif
__progname = get_progname(av[0]);
init_rng();
/* Save argv. */
saved_argc = ac;
saved_argv = av;
/* Initialize configuration options to their default values. */
initialize_server_options(&options);
/* Parse command-line arguments. */
while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:u:o:dDeiqtQ46:S")) != -1) {
switch (opt) {
case '4':
IPv4or6 = AF_INET;
break;
case '6':
IPv4or6 = AF_INET6;
break;
case 'f':
config_file_name = optarg;
break;
case 'd':
if (0 == debug_flag) {
debug_flag = 1;
options.log_level = SYSLOG_LEVEL_DEBUG1;
} else if (options.log_level < SYSLOG_LEVEL_DEBUG3) {
options.log_level++;
} else {
fprintf(stderr, "Too high debugging level.\n");
exit(1);
}
break;
case 'D':
no_daemon_flag = 1;
break;
case 'e':
log_stderr = 1;
break;
case 'i':
inetd_flag = 1;
break;
case 'Q':
/* ignored */
break;
case 'q':
options.log_level = SYSLOG_LEVEL_QUIET;
break;
case 'b':
options.server_key_bits = atoi(optarg);
break;
case 'p':
options.ports_from_cmdline = 1;
if (options.num_ports >= MAX_PORTS) {
fprintf(stderr, "too many ports.\n");
exit(1);
}
options.ports[options.num_ports++] = a2port(optarg);
if (options.ports[options.num_ports-1] == 0) {
fprintf(stderr, "Bad port number.\n");
exit(1);
}
break;
case 'g':
if ((options.login_grace_time = convtime(optarg)) == -1) {
fprintf(stderr, "Invalid login grace time.\n");
exit(1);
}
break;
case 'k':
if ((options.key_regeneration_time = convtime(optarg)) == -1) {
fprintf(stderr, "Invalid key regeneration interval.\n");
exit(1);
}
break;
case 'h':
if (options.num_host_key_files >= MAX_HOSTKEYS) {
fprintf(stderr, "too many host keys.\n");
exit(1);
}
options.host_key_files[options.num_host_key_files++] = optarg;
break;
case 'V':
client_version_string = optarg;
/* only makes sense with inetd_flag, i.e. no listen() */
inetd_flag = 1;
break;
case 't':
test_flag = 1;
break;
case 'u':
utmp_len = atoi(optarg);
break;
case 'o':
if (process_server_config_line(&options, optarg,
"command-line", 0) != 0)
exit(1);
break;
case 'S':
protocol = IPPROTO_SCTP;
break;
case '?':
default:
usage();
break;
}
}
SSLeay_add_all_algorithms();
channel_set_af(IPv4or6);
/*
* Force logging to stderr until we have loaded the private host
* key (unless started from inetd)
*/
log_init(__progname,
options.log_level == SYSLOG_LEVEL_NOT_SET ?
SYSLOG_LEVEL_INFO : options.log_level,
options.log_facility == SYSLOG_FACILITY_NOT_SET ?
SYSLOG_FACILITY_AUTH : options.log_facility,
!inetd_flag);
#ifdef _CRAY
/* Cray can define user privs drop all prives now!
* Not needed on PRIV_SU systems!
*/
drop_cray_privs();
#endif
seed_rng();
/* Read server configuration options from the configuration file. */
read_server_config(&options, config_file_name);
/* Fill in default values for those options not explicitly set. */
fill_default_server_options(&options);
/* Check that there are no remaining arguments. */
if (optind < ac) {
fprintf(stderr, "Extra argument %s.\n", av[optind]);
exit(1);
}
debug("sshd version %.100s", SSH_VERSION);
/* load private host keys */
sensitive_data.host_keys = xmalloc(options.num_host_key_files*sizeof(Key*));
for (i = 0; i < options.num_host_key_files; i++)
sensitive_data.host_keys[i] = NULL;
sensitive_data.server_key = NULL;
sensitive_data.ssh1_host_key = NULL;
sensitive_data.have_ssh1_key = 0;
sensitive_data.have_ssh2_key = 0;
for (i = 0; i < options.num_host_key_files; i++) {
key = key_load_private(options.host_key_files[i], "", NULL);
sensitive_data.host_keys[i] = key;
if (key == NULL) {
error("Could not load host key: %s",
options.host_key_files[i]);
sensitive_data.host_keys[i] = NULL;
continue;
}
switch (key->type) {
case KEY_RSA1:
sensitive_data.ssh1_host_key = key;
sensitive_data.have_ssh1_key = 1;
break;
case KEY_RSA:
case KEY_DSA:
sensitive_data.have_ssh2_key = 1;
break;
}
debug("private host key: #%d type %d %s", i, key->type,
key_type(key));
}
if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
log("Disabling protocol version 1. Could not load host key");
options.protocol &= ~SSH_PROTO_1;
}
if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
log("Disabling protocol version 2. Could not load host key");
options.protocol &= ~SSH_PROTO_2;
}
if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
log("sshd: no hostkeys available -- exiting.");
exit(1);
}
/* Check certain values for sanity. */
if (options.protocol & SSH_PROTO_1) {
if (options.server_key_bits < 512 ||
options.server_key_bits > 32768) {
fprintf(stderr, "Bad server key size.\n");
exit(1);
}
/*
* Check that server and host key lengths differ sufficiently. This
* is necessary to make double encryption work with rsaref. Oh, I
* hate software patents. I dont know if this can go? Niels
*/
if (options.server_key_bits >
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) -
SSH_KEY_BITS_RESERVED && options.server_key_bits <
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
SSH_KEY_BITS_RESERVED) {
options.server_key_bits =
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
SSH_KEY_BITS_RESERVED;
debug("Forcing server key to %d bits to make it differ from host key.",
options.server_key_bits);
}
}
if (use_privsep) {
struct passwd *pw;
struct stat st;
if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
fatal("Privilege separation user %s does not exist",
SSH_PRIVSEP_USER);
if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) ||
(S_ISDIR(st.st_mode) == 0))
fatal("Missing privilege separation directory: %s",
_PATH_PRIVSEP_CHROOT_DIR);
if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
fatal("Bad owner or mode for %s",
_PATH_PRIVSEP_CHROOT_DIR);
}
/* Configuration looks good, so exit if in test mode. */
if (test_flag)
exit(0);
/*
* Clear out any supplemental groups we may have inherited. This
* prevents inadvertent creation of files with bad modes (in the
* portable version at least, it's certainly possible for PAM
* to create a file, and we can't control the code in every
* module which might be used).
*/
if (setgroups(0, NULL) < 0)
debug("setgroups() failed: %.200s", strerror(errno));
/* Initialize the log (it is reinitialized below in case we forked). */
if (debug_flag && !inetd_flag)
log_stderr = 1;
log_init(__progname, options.log_level, options.log_facility, log_stderr);
/*
* If not in debugging mode, and not started from inetd, disconnect
* from the controlling terminal, and fork. The original process
* exits.
*/
if (!(debug_flag || inetd_flag || no_daemon_flag)) {
#ifdef TIOCNOTTY
int fd;
#endif /* TIOCNOTTY */
if (daemon(0, 0) < 0)
fatal("daemon() failed: %.200s", strerror(errno));
/* Disconnect from the controlling tty. */
#ifdef TIOCNOTTY
fd = open(_PATH_TTY, O_RDWR | O_NOCTTY);
if (fd >= 0) {
(void) ioctl(fd, TIOCNOTTY, NULL);
close(fd);
}
#endif /* TIOCNOTTY */
}
/* Reinitialize the log (because of the fork above). */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
/* Initialize the random number generator. */
arc4random_stir();
/* Chdir to the root directory so that the current disk can be
unmounted if desired. */
chdir("/");
/* ignore SIGPIPE */
signal(SIGPIPE, SIG_IGN);
/* Start listening for a socket, unless started from inetd. */
if (inetd_flag) {
int s1;
s1 = dup(0); /* Make sure descriptors 0, 1, and 2 are in use. */
dup(s1);
sock_in = dup(0);
sock_out = dup(1);
startup_pipe = -1;
/*
* We intentionally do not close the descriptors 0, 1, and 2
* as our code for setting the descriptors won\'t work if
* ttyfd happens to be one of those.
*/
debug("inetd sockets after dupping: %d, %d", sock_in, sock_out);
if (options.protocol & SSH_PROTO_1)
generate_ephemeral_server_key();
} else {
for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
continue;
if (num_listen_socks >= MAX_LISTEN_SOCKS)
fatal("Too many listen sockets. "
"Enlarge MAX_LISTEN_SOCKS");
if (getnameinfo(ai->ai_addr, ai->ai_addrlen,
ntop, sizeof(ntop), strport, sizeof(strport),
NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
error("getnameinfo failed");
continue;
}
/* Create socket for listening. */
listen_sock = socket(ai->ai_family, SOCK_STREAM, protocol);
if (listen_sock < 0) {
/* kernel may not support ipv6 */
verbose("socket: %.100s", strerror(errno));
continue;
}
if (fcntl(listen_sock, F_SETFL, O_NONBLOCK) < 0) {
error("listen_sock O_NONBLOCK: %s", strerror(errno));
close(listen_sock);
continue;
}
/*
* Set socket options. We try to make the port
* reusable and have it close as fast as possible
* without waiting in unnecessary wait states on
* close.
*/
setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR,
&on, sizeof(on));
linger.l_onoff = 1;
linger.l_linger = 5;
setsockopt(listen_sock, SOL_SOCKET, SO_LINGER,
&linger, sizeof(linger));
debug("Bind to port %s on %s.", strport, ntop);
/* Bind the socket to the desired port. */
if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
if (!ai->ai_next)
error("Bind to port %s on %s failed: %.200s.",
strport, ntop, strerror(errno));
close(listen_sock);
continue;
}
listen_socks[num_listen_socks] = listen_sock;
num_listen_socks++;
/* Start listening on the port. */
log("Server listening on %s port %s.", ntop, strport);
if (listen(listen_sock, 5) < 0)
fatal("listen: %.100s", strerror(errno));
}
freeaddrinfo(options.listen_addrs);
if (!num_listen_socks)
fatal("Cannot bind any address.");
if (options.protocol & SSH_PROTO_1)
generate_ephemeral_server_key();
/*
* Arrange to restart on SIGHUP. The handler needs
* listen_sock.
*/
signal(SIGHUP, sighup_handler);
signal(SIGTERM, sigterm_handler);
signal(SIGQUIT, sigterm_handler);
/* Arrange SIGCHLD to be caught. */
signal(SIGCHLD, main_sigchld_handler);
/* Write out the pid file after the sigterm handler is setup */
if (!debug_flag) {
/*
* Record our pid in /var/run/sshd.pid to make it
* easier to kill the correct sshd. We don't want to
* do this before the bind above because the bind will
* fail if there already is a daemon, and this will
* overwrite any old pid in the file.
*/
f = fopen(options.pid_file, "wb");
if (f) {
fprintf(f, "%ld\n", (long) getpid());
fclose(f);
}
}
/* setup fd set for listen */
fdset = NULL;
maxfd = 0;
for (i = 0; i < num_listen_socks; i++)
if (listen_socks[i] > maxfd)
maxfd = listen_socks[i];
/* pipes connected to unauthenticated childs */
startup_pipes = xmalloc(options.max_startups * sizeof(int));
for (i = 0; i < options.max_startups; i++)
startup_pipes[i] = -1;
/*
* Stay listening for connections until the system crashes or
* the daemon is killed with a signal.
*/
for (;;) {
if (received_sighup)
sighup_restart();
if (fdset != NULL)
xfree(fdset);
fdsetsz = howmany(maxfd+1, NFDBITS) * sizeof(fd_mask);
fdset = (fd_set *)xmalloc(fdsetsz);
memset(fdset, 0, fdsetsz);
for (i = 0; i < num_listen_socks; i++)
FD_SET(listen_socks[i], fdset);
for (i = 0; i < options.max_startups; i++)
if (startup_pipes[i] != -1)
FD_SET(startup_pipes[i], fdset);
/* Wait in select until there is a connection. */
ret = select(maxfd+1, fdset, NULL, NULL, NULL);
if (ret < 0 && errno != EINTR)
error("select: %.100s", strerror(errno));
if (received_sigterm) {
log("Received signal %d; terminating.",
(int) received_sigterm);
close_listen_socks();
unlink(options.pid_file);
exit(255);
}
if (key_used && key_do_regen) {
generate_ephemeral_server_key();
key_used = 0;
key_do_regen = 0;
}
if (ret < 0)
continue;
for (i = 0; i < options.max_startups; i++)
if (startup_pipes[i] != -1 &&
FD_ISSET(startup_pipes[i], fdset)) {
/*
* the read end of the pipe is ready
* if the child has closed the pipe
* after successful authentication
* or if the child has died
*/
close(startup_pipes[i]);
startup_pipes[i] = -1;
startups--;
}
for (i = 0; i < num_listen_socks; i++) {
if (!FD_ISSET(listen_socks[i], fdset))
continue;
fromlen = sizeof(from);
newsock = accept(listen_socks[i], (struct sockaddr *)&from,
&fromlen);
if (newsock < 0) {
if (errno != EINTR && errno != EWOULDBLOCK)
error("accept: %.100s", strerror(errno));
continue;
}
if (fcntl(newsock, F_SETFL, 0) < 0) {
error("newsock del O_NONBLOCK: %s", strerror(errno));
close(newsock);
continue;
}
if (drop_connection(startups) == 1) {
debug("drop connection #%d", startups);
close(newsock);
continue;
}
if (pipe(startup_p) == -1) {
close(newsock);
continue;
}
for (j = 0; j < options.max_startups; j++)
if (startup_pipes[j] == -1) {
startup_pipes[j] = startup_p[0];
if (maxfd < startup_p[0])
maxfd = startup_p[0];
startups++;
break;
}
/*
* Got connection. Fork a child to handle it, unless
* we are in debugging mode.
*/
if (debug_flag) {
/*
* In debugging mode. Close the listening
* socket, and start processing the
* connection without forking.
*/
debug("Server will not fork when running in debugging mode.");
close_listen_socks();
sock_in = newsock;
sock_out = newsock;
startup_pipe = -1;
pid = getpid();
break;
} else {
/*
* Normal production daemon. Fork, and have
* the child process the connection. The
* parent continues listening.
*/
if ((pid = fork()) == 0) {
/*
* Child. Close the listening and max_startup
* sockets. Start using the accepted socket.
* Reinitialize logging (since our pid has
* changed). We break out of the loop to handle
* the connection.
*/
startup_pipe = startup_p[1];
close_startup_pipes();
close_listen_socks();
sock_in = newsock;
sock_out = newsock;
log_init(__progname, options.log_level, options.log_facility, log_stderr);
break;
}
}
/* Parent. Stay in the loop. */
if (pid < 0)
error("fork: %.100s", strerror(errno));
else
debug("Forked child %ld.", (long)pid);
close(startup_p[1]);
/* Mark that the key has been used (it was "given" to the child). */
if ((options.protocol & SSH_PROTO_1) &&
key_used == 0) {
/* Schedule server key regeneration alarm. */
signal(SIGALRM, key_regeneration_alarm);
alarm(options.key_regeneration_time);
key_used = 1;
}
arc4random_stir();
/* Close the new socket (the child is now taking care of it). */
close(newsock);
}
/* child process check (or debug mode) */
if (num_listen_socks < 0)
break;
}
}
/* This is the child processing a new connection. */
/*
* Create a new session and process group since the 4.4BSD
* setlogin() affects the entire process group. We don't
* want the child to be able to affect the parent.
*/
#if 0
/* XXX: this breaks Solaris */
if (!debug_flag && !inetd_flag && setsid() < 0)
error("setsid: %.100s", strerror(errno));
#endif
/*
* Disable the key regeneration alarm. We will not regenerate the
* key since we are no longer in a position to give it to anyone. We
* will not restart on SIGHUP since it no longer makes sense.
*/
alarm(0);
signal(SIGALRM, SIG_DFL);
signal(SIGHUP, SIG_DFL);
signal(SIGTERM, SIG_DFL);
signal(SIGQUIT, SIG_DFL);
signal(SIGCHLD, SIG_DFL);
signal(SIGINT, SIG_DFL);
/*
* Set socket options for the connection. We want the socket to
* close as fast as possible without waiting for anything. If the
* connection is not a socket, these will do nothing.
*/
/* setsockopt(sock_in, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */
linger.l_onoff = 1;
linger.l_linger = 5;
setsockopt(sock_in, SOL_SOCKET, SO_LINGER, &linger, sizeof(linger));
/* Set keepalives if requested. */
if (options.keepalives &&
setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on,
sizeof(on)) < 0)
error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
/*
* Register our connection. This turns encryption off because we do
* not have a key.
*/
packet_set_connection(sock_in, sock_out);
remote_port = get_remote_port();
remote_ip = get_remote_ipaddr();
#ifdef LIBWRAP
/* Check whether logins are denied from this host. */
{
struct request_info req;
request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
fromhost(&req);
if (!hosts_access(&req)) {
debug("Connection refused by tcp wrapper");
refuse(&req);
/* NOTREACHED */
fatal("libwrap refuse returns");
}
}
#endif /* LIBWRAP */
/* Log the connection. */
verbose("Connection from %.500s port %d", remote_ip, remote_port);
/*
* We don\'t want to listen forever unless the other side
* successfully authenticates itself. So we set up an alarm which is
* cleared after successful authentication. A limit of zero
* indicates no limit. Note that we don\'t set the alarm in debugging
* mode; it is just annoying to have the server exit just when you
* are about to discover the bug.
*/
signal(SIGALRM, grace_alarm_handler);
if (!debug_flag)
alarm(options.login_grace_time);
sshd_exchange_identification(sock_in, sock_out);
/*
* Check that the connection comes from a privileged port.
* Rhosts-Authentication only makes sense from privileged
* programs. Of course, if the intruder has root access on his local
* machine, he can connect from any port. So do not use these
* authentication methods from machines that you do not trust.
*/
if (options.rhosts_authentication &&
(remote_port >= IPPORT_RESERVED ||
remote_port < IPPORT_RESERVED / 2)) {
debug("Rhosts Authentication disabled, "
"originating port %d not trusted.", remote_port);
options.rhosts_authentication = 0;
}
#if defined(KRB4) && !defined(KRB5)
if (!packet_connection_is_ipv4() &&
options.kerberos_authentication) {
debug("Kerberos Authentication disabled, only available for IPv4.");
options.kerberos_authentication = 0;
}
#endif /* KRB4 && !KRB5 */
#ifdef AFS
/* If machine has AFS, set process authentication group. */
if (k_hasafs()) {
k_setpag();
k_unlog();
}
#endif /* AFS */
packet_set_nonblocking();
if (use_privsep)
if ((authctxt = privsep_preauth()) != NULL)
goto authenticated;
/* perform the key exchange */
/* authenticate user and start session */
if (compat20) {
do_ssh2_kex();
authctxt = do_authentication2();
} else {
do_ssh1_kex();
authctxt = do_authentication();
}
/*
* If we use privilege separation, the unprivileged child transfers
* the current keystate and exits
*/
if (use_privsep) {
mm_send_keystate(pmonitor);
exit(0);
}
authenticated:
/*
* In privilege separation, we fork another child and prepare
* file descriptor passing.
*/
if (use_privsep) {
privsep_postauth(authctxt);
/* the monitor process [priv] will not return */
if (!compat20)
destroy_sensitive_data();
}
/* Perform session preparation. */
do_authenticated(authctxt);
/* The connection has been terminated. */
verbose("Closing connection to %.100s", remote_ip);
#ifdef USE_PAM
finish_pam();
#endif /* USE_PAM */
packet_close();
if (use_privsep)
mm_terminate();
exit(0);
}
