#include <getopt.h>
#include <signal.h>
#include <sys/wait.h>
+#include <pwd.h>
+#include <grp.h>
#include <avahi-common/malloc.h>
#include <avahi-common/timeval.h>
#define IPV4LL_NETWORK 0xA9FE0000L
#define IPV4LL_NETMASK 0xFFFF0000L
#define IPV4LL_HOSTMASK 0x0000FFFFL
+#define IPV4LL_BROADCAST 0xA9FEFFFFL
#define ETHER_ADDRLEN 6
#define ARP_PACKET_SIZE (8+4+4+2*ETHER_ADDRLEN)
static int debug = 0;
static int modify_proc_title = 1;
static int force_bind = 0;
+#ifdef HAVE_CHROOT
+static int no_chroot = 0;
+#endif
+static int no_drop_root = 0;
+static int wrote_pid_file = 0;
static enum {
DAEMON_RUN,
addr = htonl(IPV4LL_NETWORK | (uint32_t) r);
- } while (addr == old_addr);
+ } while (addr == old_addr || !is_ll_address(addr));
return addr;
}
+static int load_address(const char *fn, uint32_t *addr) {
+ FILE *f;
+ unsigned a, b, c, d;
+
+ assert(fn);
+ assert(addr);
+
+ if (!(f = fopen(fn, "r"))) {
+
+ if (errno == ENOENT) {
+ *addr = 0;
+ return 0;
+ }
+
+ daemon_log(LOG_ERR, "fopen() failed: %s", strerror(errno));
+ goto fail;
+ }
+
+ if (fscanf(f, "%u.%u.%u.%u\n", &a, &b, &c, &d) != 4) {
+ daemon_log(LOG_ERR, "Parse failure");
+ goto fail;
+ }
+
+ fclose(f);
+
+ *addr = htonl((a << 24) | (b << 16) | (c << 8) | d);
+ return 0;
+
+fail:
+ if (f)
+ fclose(f);
+
+ return -1;
+}
+
+static int save_address(const char *fn, uint32_t addr) {
+ FILE *f;
+ char buf[32];
+
+ assert(fn);
+
+ if (!(f = fopen(fn, "w"))) {
+ daemon_log(LOG_ERR, "fopen() failed: %s", strerror(errno));
+ goto fail;
+ }
+
+ fprintf(f, "%s\n", inet_ntop(AF_INET, &addr, buf, sizeof (buf)));
+ fclose(f);
+
+ return 0;
+
+fail:
+ if (f)
+ fclose(f);
+
+ return -1;
+}
+
static void* packet_new(const ArpPacketInfo *info, size_t *packet_len) {
uint8_t *r;
n_iteration = 0;
}
- if (modify_proc_title) {
- if (state == STATE_SLEEPING)
- avahi_set_proc_title(argv0, "%s(%s): sleeping", argv0, interface_name);
- else if (state == STATE_ANNOUNCING)
- avahi_set_proc_title(argv0, "%s(%s): announcing %s", argv0, interface_name, inet_ntop(AF_INET, &address, buf, sizeof(buf)));
- else if (state == STATE_RUNNING)
- avahi_set_proc_title(argv0, "%s(%s): bound %s", argv0, interface_name, inet_ntop(AF_INET, &address, buf, sizeof(buf)));
- else
- avahi_set_proc_title(argv0, "%s(%s): probing %s", argv0, interface_name, inet_ntop(AF_INET, &address, buf, sizeof(buf)));
- }
+ if (state == STATE_SLEEPING)
+ avahi_set_proc_title(argv0, "%s: [%s] sleeping", argv0, interface_name);
+ else if (state == STATE_ANNOUNCING)
+ avahi_set_proc_title(argv0, "%s: [%s] announcing %s", argv0, interface_name, inet_ntop(AF_INET, &address, buf, sizeof(buf)));
+ else if (state == STATE_RUNNING)
+ avahi_set_proc_title(argv0, "%s: [%s] bound %s", argv0, interface_name, inet_ntop(AF_INET, &address, buf, sizeof(buf)));
+ else
+ avahi_set_proc_title(argv0, "%s: [%s] probing %s", argv0, interface_name, inet_ntop(AF_INET, &address, buf, sizeof(buf)));
}
static int interface_up(int iface) {
}
int is_ll_address(uint32_t addr) {
- return (ntohl(addr) & IPV4LL_NETMASK) == IPV4LL_NETWORK;
+ return
+ (ntohl(addr) & IPV4LL_NETMASK) == IPV4LL_NETWORK &&
+ ntohl(addr) != IPV4LL_NETWORK &&
+ ntohl(addr) != IPV4LL_BROADCAST;
}
static struct timeval *elapse_time(struct timeval *tv, unsigned msec, unsigned jitter) {
setsid();
- avahi_set_proc_title(argv0, "%s(%s): callout dispatcher", argv0, interface_name);
+ avahi_set_proc_title(argv0, "%s: [%s] callout dispatcher", argv0, interface_name);
close(fds[1]);
if (f)
fclose(f);
+
+#ifdef HAVE_CHROOT
+ /* If the main process is trapped inside a chroot() we have to
+ * remove the PID file for it */
+
+ if (!no_chroot && wrote_pid_file)
+ daemon_pid_file_remove();
+#endif
_exit(r);
}
return 0;
}
+#define set_env(key, value) putenv(avahi_strdup_printf("%s=%s", (key), (value)))
+
+static int drop_privs(void) {
+ struct passwd *pw;
+ struct group * gr;
+ int r;
+ mode_t u;
+
+ /* Get user/group ID */
+
+ if (!no_drop_root) {
+
+ if (!(pw = getpwnam(AVAHI_AUTOIPD_USER))) {
+ daemon_log(LOG_ERR, "Failed to find user '"AVAHI_AUTOIPD_USER"'.");
+ return -1;
+ }
+
+ if (!(gr = getgrnam(AVAHI_AUTOIPD_GROUP))) {
+ daemon_log(LOG_ERR, "Failed to find group '"AVAHI_AUTOIPD_GROUP"'.");
+ return -1;
+ }
+
+ daemon_log(LOG_INFO, "Found user '"AVAHI_AUTOIPD_USER"' (UID %lu) and group '"AVAHI_AUTOIPD_GROUP"' (GID %lu).", (unsigned long) pw->pw_uid, (unsigned long) gr->gr_gid);
+ }
+
+ /* Create directory */
+ u = umask(0000);
+ r = mkdir(AVAHI_IPDATA_DIR, 0755);
+ umask(u);
+
+ if (r < 0 && errno != EEXIST) {
+ daemon_log(LOG_ERR, "mkdir(\""AVAHI_IPDATA_DIR"\"): %s", strerror(errno));
+ return -1;
+ }
+
+ /* Convey working directory */
+
+ if (!no_drop_root) {
+ struct stat st;
+
+ chown(AVAHI_IPDATA_DIR, pw->pw_uid, gr->gr_gid);
+
+ if (stat(AVAHI_IPDATA_DIR, &st) < 0) {
+ daemon_log(LOG_ERR, "stat(): %s\n", strerror(errno));
+ return -1;
+ }
+
+ if (!S_ISDIR(st.st_mode) || st.st_uid != pw->pw_uid || st.st_gid != gr->gr_gid) {
+ daemon_log(LOG_ERR, "Failed to create runtime directory "AVAHI_IPDATA_DIR".");
+ return -1;
+ }
+ }
+
+#ifdef HAVE_CHROOT
+
+ if (!no_chroot) {
+ if (chroot(AVAHI_IPDATA_DIR) < 0) {
+ daemon_log(LOG_ERR, "Failed to chroot(): %s", strerror(errno));
+ return -1;
+ }
+
+ daemon_log(LOG_INFO, "Successfully called chroot().");
+ chdir("/");
+
+ /* Since we are now trapped inside a chroot we cannot remove
+ * the pid file anymore, the helper process will do that for us. */
+ wrote_pid_file = 0;
+ }
+
+#endif
+
+ if (!no_drop_root) {
+
+ if (initgroups(AVAHI_AUTOIPD_USER, gr->gr_gid) != 0) {
+ daemon_log(LOG_ERR, "Failed to change group list: %s", strerror(errno));
+ return -1;
+ }
+
+#if defined(HAVE_SETRESGID)
+ r = setresgid(gr->gr_gid, gr->gr_gid, gr->gr_gid);
+#elif defined(HAVE_SETEGID)
+ if ((r = setgid(gr->gr_gid)) >= 0)
+ r = setegid(gr->gr_gid);
+#elif defined(HAVE_SETREGID)
+ r = setregid(gr->gr_gid, gr->gr_gid);
+#else
+#error "No API to drop priviliges"
+#endif
+
+ if (r < 0) {
+ daemon_log(LOG_ERR, "Failed to change GID: %s", strerror(errno));
+ return -1;
+ }
+
+#if defined(HAVE_SETRESUID)
+ r = setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid);
+#elif defined(HAVE_SETEUID)
+ if ((r = setuid(pw->pw_uid)) >= 0)
+ r = seteuid(pw->pw_uid);
+#elif defined(HAVE_SETREUID)
+ r = setreuid(pw->pw_uid, pw->pw_uid);
+#else
+#error "No API to drop priviliges"
+#endif
+
+ if (r < 0) {
+ daemon_log(LOG_ERR, "Failed to change UID: %s", strerror(errno));
+ return -1;
+ }
+
+ set_env("USER", pw->pw_name);
+ set_env("LOGNAME", pw->pw_name);
+ set_env("HOME", pw->pw_dir);
+
+ daemon_log(LOG_ERR, "Successfully dropped root privileges.");
+ }
+
+ return 0;
+}
+
static int loop(int iface, uint32_t addr) {
enum {
FD_ARP,
int retval_sent = !daemonize;
State st;
FILE *dispatcher = NULL;
+ char *address_fn = NULL;
+ const char *p;
daemon_signal_init(SIGINT, SIGTERM, SIGCHLD, SIGHUP,0);
if ((iface_fd = iface_init(iface)) < 0)
goto fail;
-/* if (drop_privs() < 0) */
-/* goto fail; */
+ if (drop_privs() < 0)
+ goto fail;
if (force_bind)
st = STATE_START;
else if (iface_get_initial_state(&st) < 0)
goto fail;
+#ifdef HAVE_CHROOT
+ if (!no_chroot)
+ p = "";
+ else
+#endif
+ p = AVAHI_IPDATA_DIR;
+
+ address_fn = avahi_strdup_printf(
+ "%s/%02x:%02x:%02x:%02x:%02x:%02x", p,
+ hw_address[0], hw_address[1],
+ hw_address[2], hw_address[3],
+ hw_address[4], hw_address[5]);
+
+ if (!addr)
+ load_address(address_fn, &addr);
+
if (addr && !is_ll_address(addr)) {
daemon_log(LOG_WARNING, "Requested address %s is not from IPv4LL range 169.254/16, ignoring.", inet_ntop(AF_INET, &addr, buf, sizeof(buf)));
addr = 0;
goto fail;
n_conflict = 0;
-
- if (!retval_sent) {
- daemon_retval_send(0);
- retval_sent = 1;
- }
}
} else if ((state == STATE_ANNOUNCING && event == EVENT_TIMEOUT && n_iteration >= ANNOUNCE_NUM-1)) {
set_state(STATE_RUNNING, 0, addr);
next_wakeup_valid = 0;
+
+ save_address(address_fn, addr);
+ if (!retval_sent) {
+ daemon_retval_send(0);
+ retval_sent = 1;
+ }
+
} else if (event == EVENT_PACKET) {
ArpPacketInfo info;
} else if (state == STATE_WAITING_PROBE || state == STATE_PROBING || state == STATE_WAITING_ANNOUNCE) {
/* Probe conflict */
conflict = info.target_ip_address == addr && memcmp(hw_address, info.sender_hw_address, ETHER_ADDRLEN);
- daemon_log(LOG_INFO, "Recieved conflicting probe ARP packet.");
+
+ if (conflict)
+ daemon_log(LOG_INFO, "Recieved conflicting probe ARP packet.");
}
if (conflict) {
if (dispatcher)
fclose(dispatcher);
+
+ if (address_fn)
+ avahi_free(address_fn);
return ret;
}
" 169.254.0.0/16\n"
" -w --wait Wait until an address has been acquired before\n"
" daemonizing\n"
- " --no-proc-title Don't modify process title\n"
- " --force-bind Assign an IPv4LL address even if routable address\n"
+ " --force-bind Assign an IPv4LL address even if a routable address\n"
" is already assigned\n"
+ " --no-drop-root Don't drop privileges\n"
+#ifdef HAVE_CHROOT
+ " --no-chroot Don't chroot()\n"
+#endif
+ " --no-proc-title Don't modify process title\n"
" --debug Increase verbosity\n",
a0);
}
enum {
OPTION_NO_PROC_TITLE = 256,
OPTION_FORCE_BIND,
- OPTION_DEBUG
+ OPTION_DEBUG,
+ OPTION_NO_DROP_ROOT,
+#ifdef HAVE_CHROOT
+ OPTION_NO_CHROOT
+#endif
};
static const struct option long_options[] = {
{ "version", no_argument, NULL, 'V' },
{ "start", required_argument, NULL, 'S' },
{ "wait", no_argument, NULL, 'w' },
- { "no-proc-title", no_argument, NULL, OPTION_NO_PROC_TITLE },
{ "force-bind", no_argument, NULL, OPTION_FORCE_BIND },
+ { "no-drop-root", no_argument, NULL, OPTION_NO_DROP_ROOT },
+#ifdef HAVE_CHROOT
+ { "no-chroot", no_argument, NULL, OPTION_NO_CHROOT },
+#endif
+ { "no-proc-title", no_argument, NULL, OPTION_NO_PROC_TITLE },
{ "debug", no_argument, NULL, OPTION_DEBUG },
{ NULL, 0, NULL, 0 }
};
force_bind = 1;
break;
+ case OPTION_NO_DROP_ROOT:
+ no_drop_root = 1;
+ break;
+
+#ifdef HAVE_CHROOT
+ case OPTION_NO_CHROOT:
+ no_chroot = 1;
+ break;
+#endif
+
default:
- fprintf(stderr, "Invalid command line argument: %c\n", c);
+ fprintf(stderr, "Invalid command line argument: %s\n", argv[optind-1]);
return -1;
}
}
int main(int argc, char*argv[]) {
int r = 1;
- int wrote_pid_file = 0;
char *log_ident = NULL;
- avahi_init_proc_title(argc, argv);
-
signal(SIGPIPE, SIG_IGN);
if ((argv0 = strrchr(argv[0], '/')))
- argv0++;
+ argv0 = avahi_strdup(argv0 + 1);
else
- argv0 = argv[0];
-
- argv0 = avahi_strdup(argv0);
+ argv0 = avahi_strdup(argv[0]);
daemon_log_ident = argv0;
if (parse_command_line(argc, argv) < 0)
goto finish;
+ if (modify_proc_title)
+ avahi_init_proc_title(argc, argv);
+
daemon_log_ident = log_ident = avahi_strdup_printf("%s(%s)", argv0, interface_name);
daemon_pid_file_proc = pid_file_proc;
pid_file_name = avahi_strdup_printf(AVAHI_RUNTIME_DIR"/avahi-autoipd.%s.pid", interface_name);
} else
wrote_pid_file = 1;
- avahi_set_proc_title(argv0, "%s(%s): starting up", argv0, interface_name);
+ avahi_set_proc_title(argv0, "%s: [%s] starting up", argv0, interface_name);
if (loop(ifindex, start_address) < 0)
goto finish;
return r;
}
-
-/* TODO:
-
-- chroot/drop privs/caps
-- store last used address
-- man page
-
-*/
projects / catta / blobdiff