int main(int argc, char **argv)
{
/* Parse command line arguments. */
int c = 0, li = 0;
int daemonize = 0;
const char *config_fn = CONF_DEFAULT_FILE;
const char *config_db = NULL;
const char *daemon_root = "/";
/* Long options. */
struct option opts[] = {
{"config", required_argument, 0, 'c' },
{"confdb", required_argument, 0, 'C' },
{"daemonize", optional_argument, 0, 'd'},
{"version", no_argument, 0, 'V'},
{"help", no_argument, 0, 'h'},
{0, 0, 0, 0}
};
while ((c = getopt_long(argc, argv, "c:C:dVh", opts, &li)) != -1) {
switch (c) {
case 'c':
config_fn = optarg;
break;
case 'C':
config_db = optarg;
break;
case 'd':
daemonize = 1;
if (optarg) {
daemon_root = optarg;
}
break;
case 'V':
printf("%s, version %s\n", "Knot DNS", PACKAGE_VERSION);
return EXIT_SUCCESS;
case 'h':
case '?':
help();
return EXIT_SUCCESS;
default:
help();
return EXIT_FAILURE;
}
}
/* Check for non-option parameters. */
if (argc - optind > 0) {
help();
return EXIT_FAILURE;
}
/* Now check if we want to daemonize. */
if (daemonize) {
if (make_daemon(1, 0) != 0) {
fprintf(stderr, "Daemonization failed, shutting down...\n");
return EXIT_FAILURE;
}
}
/* Clear file creation mask. */
umask(0);
/* Setup base signal handling. */
setup_signals();
/* Initialize cryptographic backend. */
dnssec_crypto_init();
atexit(dnssec_crypto_cleanup);
/* Initialize pseudorandom number generator. */
srand(time(NULL));
/* POSIX 1003.1e capabilities. */
setup_capabilities();
/* Default logging to std out/err. */
log_init();
/* Open configuration. */
conf_t *new_conf = NULL;
if (config_db == NULL) {
int ret = conf_new(&new_conf, conf_scheme, NULL);
if (ret != KNOT_EOK) {
log_fatal("failed to initialize configuration database "
"(%s)", knot_strerror(ret));
log_close();
return EXIT_FAILURE;
}
/* Import the configuration file. */
ret = conf_import(new_conf, config_fn, true);
if (ret != KNOT_EOK) {
log_fatal("failed to load configuration file (%s)",
knot_strerror(ret));
conf_free(new_conf, false);
log_close();
return EXIT_FAILURE;
}
new_conf->filename = strdup(config_fn);
} else {
/* Open configuration database. */
int ret = conf_new(&new_conf, conf_scheme, config_db);
if (ret != KNOT_EOK) {
log_fatal("failed to open configuration database '%s' "
"(%s)", config_db, knot_strerror(ret));
log_close();
return EXIT_FAILURE;
}
}
/* Run post-open config operations. */
int res = conf_post_open(new_conf);
if (res != KNOT_EOK) {
log_fatal("failed to use configuration (%s)", knot_strerror(res));
conf_free(new_conf, false);
log_close();
return EXIT_FAILURE;
}
conf_update(new_conf);
/* Initialize logging subsystem. */
log_reconfigure(conf(), NULL);
/* Initialize server. */
server_t server;
res = server_init(&server, conf_bg_threads(conf()));
if (res != KNOT_EOK) {
log_fatal("failed to initialize server (%s)", knot_strerror(res));
conf_free(conf(), false);
log_close();
return EXIT_FAILURE;
}
/* Reconfigure server interfaces.
* @note This MUST be done before we drop privileges. */
server_reconfigure(conf(), &server);
log_info("configured %zu zones", conf_id_count(conf(), C_ZONE));
/* Alter privileges. */
int uid, gid;
if (conf_user(conf(), &uid, &gid) != KNOT_EOK ||
log_update_privileges(uid, gid) != KNOT_EOK ||
proc_update_privileges(uid, gid) != KNOT_EOK) {
log_fatal("failed to drop privileges");
server_deinit(&server);
conf_free(conf(), false);
log_close();
return EXIT_FAILURE;
}
/* Check and create PID file. */
long pid = (long)getpid();
char *pidfile = NULL;
if (daemonize) {
pidfile = pid_check_and_create();
if (pidfile == NULL) {
server_deinit(&server);
conf_free(conf(), false);
log_close();
return EXIT_FAILURE;
}
log_info("PID stored in '%s'", pidfile);
if (chdir(daemon_root) != 0) {
log_warning("failed to change working directory to %s",
daemon_root);
} else {
log_info("changed directory to %s", daemon_root);
}
}
/* Now we're going multithreaded. */
rcu_register_thread();
/* Populate zone database. */
log_info("loading zones");
server_update_zones(conf(), &server);
/* Check number of loaded zones. */
if (knot_zonedb_size(server.zone_db) == 0) {
log_warning("no zones loaded");
}
/* Start it up. */
log_info("starting server");
conf_val_t async_val = conf_get(conf(), C_SRV, C_ASYNC_START);
res = server_start(&server, conf_bool(&async_val));
if (res != KNOT_EOK) {
log_fatal("failed to start server (%s)", knot_strerror(res));
server_deinit(&server);
rcu_unregister_thread();
pid_cleanup(pidfile);
log_close();
conf_free(conf(), false);
return EXIT_FAILURE;
}
if (daemonize) {
log_info("server started as a daemon, PID %ld", pid);
} else {
log_info("server started in the foreground, PID %ld", pid);
init_signal_started();
}
/* Start the event loop. */
event_loop(&server);
/* Teardown server and configuration. */
server_deinit(&server);
/* Free configuration. */
conf_free(conf(), false);
/* Unhook from RCU. */
rcu_unregister_thread();
/* Cleanup PID file. */
pid_cleanup(pidfile);
log_info("shutting down");
log_close();
return EXIT_SUCCESS;
}
int main(int argc, char *argv[]) {
int rc, sync[2];
pid_t pid = -1;
siginfo_t status;
struct mount *mounts = NULL;
struct netif *netifs = NULL;
struct cgroup *cgroups = NULL;
struct user *users = NULL;
#if HAVE_LIBCAP_NG
struct capability *caps = NULL;
#endif
char *master;
_close_ int master_fd = -1;
char ephemeral_dir[] = "/tmp/pflask-ephemeral-XXXXXX";
int clone_flags = CLONE_NEWNS |
CLONE_NEWIPC |
CLONE_NEWPID |
#ifdef CLONE_NEWCGROUP
CLONE_NEWCGROUP |
#endif
CLONE_NEWUTS;
struct gengetopt_args_info args;
if (cmdline_parser(argc, argv, &args) != 0)
return 1;
for (unsigned int i = 0; i < args.mount_given; i++) {
validate_optlist("--mount", args.mount_arg[i]);
mount_add_from_spec(&mounts, args.mount_arg[i]);
}
for (unsigned int i = 0; i < args.netif_given; i++) {
clone_flags |= CLONE_NEWNET;
if (args.netif_arg != NULL) {
validate_optlist("--netif", args.netif_arg[i]);
netif_add_from_spec(&netifs, args.netif_arg[i]);
}
}
if (args.user_given && !args.user_map_given) {
uid_t uid;
gid_t gid;
clone_flags |= CLONE_NEWUSER;
if (user_get_uid_gid(args.user_arg, &uid, &gid)) {
user_add_map(&users, 'u', uid, uid, 1);
user_add_map(&users, 'g', gid, gid, 1);
}
}
for (unsigned int i = 0; i < args.user_map_given; i++) {
size_t count;
uid_t id, host_id;
char *start = args.user_map_arg[i], *end = NULL;
validate_optlist("--user-map", args.user_map_arg[i]);
clone_flags |= CLONE_NEWUSER;
id = strtoul(start, &end, 10);
if (*end != ':')
fail_printf("Invalid value '%s' for --user-map",
args.user_map_arg[i]);
start = end + 1;
host_id = strtoul(start, &end, 10);
if (*end != ':')
fail_printf("Invalid value '%s' for --user-map",
args.user_map_arg[i]);
start = end + 1;
count = strtoul(start, &end, 10);
if (*end != '\0')
fail_printf("Invalid value '%s' for --user-map",
args.user_map_arg[i]);
user_add_map(&users, 'u', id, host_id, count);
user_add_map(&users, 'g', id, host_id, count);
}
for (unsigned int i = 0; i < args.cgroup_given; i++)
cgroup_add(&cgroups, args.cgroup_arg[i]);
#if HAVE_LIBCAP_NG
for (unsigned int i = 0; i < args.caps_given; i++)
capability_add(&caps, args.caps_arg[i]);
#endif
if (args.no_userns_flag)
clone_flags &= ~(CLONE_NEWUSER);
if (args.no_mountns_flag)
clone_flags &= ~(CLONE_NEWNS);
if (args.no_netns_flag)
clone_flags &= ~(CLONE_NEWNET);
if (args.no_ipcns_flag)
clone_flags &= ~(CLONE_NEWIPC);
if (args.no_utsns_flag)
clone_flags &= ~(CLONE_NEWUTS);
if (args.no_pidns_flag)
clone_flags &= ~(CLONE_NEWPID);
if (args.attach_given) {
master_fd = recv_pty(args.attach_arg);
fail_if(master_fd < 0, "Invalid PID '%u'", args.attach_arg);
process_pty(master_fd);
return 0;
}
open_master_pty(&master_fd, &master);
if (args.detach_flag)
do_daemonize();
sync_init(sync);
if (args.ephemeral_flag) {
if (!mkdtemp(ephemeral_dir))
sysf_printf("mkdtemp()");
}
pid = do_clone(&clone_flags);
if (!pid) {
closep(&master_fd);
rc = prctl(PR_SET_PDEATHSIG, SIGKILL);
sys_fail_if(rc < 0, "prctl(PR_SET_PDEATHSIG)");
rc = setsid();
sys_fail_if(rc < 0, "setsid()");
sync_barrier_parent(sync, SYNC_START);
sync_close(sync);
open_slave_pty(master);
setup_user(args.user_arg);
if (args.hostname_given) {
rc = sethostname(args.hostname_arg,
strlen(args.hostname_arg));
sys_fail_if(rc < 0, "Error setting hostname");
}
setup_mount(mounts, args.chroot_arg, args.ephemeral_flag ?
ephemeral_dir : NULL);
if (args.chroot_given) {
setup_nodes(args.chroot_arg);
setup_ptmx(args.chroot_arg);
setup_symlinks(args.chroot_arg);
setup_console(args.chroot_arg, master);
do_chroot(args.chroot_arg);
}
if (clone_flags & CLONE_NEWNET)
config_netif();
umask(0022);
#if HAVE_LIBCAP_NG
setup_capabilities(caps);
#endif
if (args.chdir_given) {
rc = chdir(args.chdir_arg);
sys_fail_if(rc < 0, "Error changing cwd");
}
if (args.chroot_given) {
char *term = getenv("TERM");
if (!args.keepenv_flag)
clearenv();
setenv("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
setenv("USER", args.user_arg, 1);
setenv("LOGNAME", args.user_arg, 1);
if (term)
setenv("TERM", term, 1);
}
for (unsigned int i = 0; i < args.setenv_given; i++) {
rc = putenv(strdup(args.setenv_arg[i]));
sys_fail_if(rc != 0, "Error setting environment");
}
setenv("container", "pflask", 1);
if (argc > optind)
rc = execvpe(argv[optind], argv + optind, environ);
else
rc = execle("/bin/bash", "-bash", NULL, environ);
sys_fail_if(rc < 0, "Error executing command");
}
sync_wait_child(sync, SYNC_START);
if (args.chroot_given && (clone_flags & CLONE_NEWUSER))
setup_console_owner(master, users);
setup_cgroup(cgroups, pid);
setup_netif(netifs, pid);
#ifdef HAVE_DBUS
register_machine(pid, args.chroot_given ? args.chroot_arg : "");
#endif
if (clone_flags & CLONE_NEWUSER)
setup_user_map(users, pid);
sync_wake_child(sync, SYNC_DONE);
sync_close(sync);
if (args.detach_flag)
serve_pty(master_fd);
else
process_pty(master_fd);
kill(pid, SIGKILL);
rc = waitid(P_PID, pid, &status, WEXITED);
sys_fail_if(rc < 0, "Error waiting for child");
switch (status.si_code) {
case CLD_EXITED:
if (status.si_status != 0)
err_printf("Child failed with code '%d'",
status.si_status);
else
ok_printf("Child exited");
break;
case CLD_KILLED:
err_printf("Child was terminated by signal '%d'",
status.si_status);
break;
default:
err_printf("Child failed");
break;
}
sync_close(sync);
clean_cgroup(cgroups);
if (args.ephemeral_flag) {
rc = rmdir(ephemeral_dir);
sys_fail_if(rc != 0, "Error deleting ephemeral directory: %s",
ephemeral_dir);
}
cmdline_parser_free(&args);
return status.si_status;
}