X-Git-Url: http://git.meshlink.io/?a=blobdiff_plain;f=avahi-daemon%2Fmain.c;h=f32cbd6db855ac832a58d1ab583f941ebbae88d6;hb=ecdb90c3de218098b6166718eb2872e0badb9c3c;hp=f64524a730e85bcaf1c4289135197b52cd5f2033;hpb=f17d2832301b0f2fcd50fdcc6fec77666178158f;p=catta diff --git a/avahi-daemon/main.c b/avahi-daemon/main.c index f64524a..f32cbd6 100644 --- a/avahi-daemon/main.c +++ b/avahi-daemon/main.c @@ -39,6 +39,7 @@ #include #include #include +#include #include #include @@ -49,15 +50,23 @@ #include #include #include +#include #include #include #include #include +#ifdef ENABLE_CHROOT +#include "chroot.h" +#include "caps.h" +#endif + +#include "setproctitle.h" #include "main.h" #include "simple-protocol.h" #include "static-services.h" +#include "static-hosts.h" #include "ini-file-parser.h" #ifdef HAVE_DBUS @@ -66,6 +75,8 @@ AvahiServer *avahi_server = NULL; AvahiSimplePoll *simple_poll_api = NULL; +static char *argv0 = NULL; +int nss_support = 0; typedef enum { DAEMON_RUN, @@ -82,12 +93,20 @@ typedef struct { int daemonize; int use_syslog; char *config_file; +#ifdef HAVE_DBUS int enable_dbus; int fail_on_missing_dbus; +#endif int drop_root; + int set_rlimits; +#ifdef ENABLE_CHROOT + int use_chroot; +#endif + int modify_proc_title; + + int disable_user_service_publishing; int publish_resolv_conf; char ** publish_dns_servers; - int no_rlimits; int debug; int rlimit_as_set, rlimit_core_set, rlimit_data_set, rlimit_fsize_set, rlimit_nofile_set, rlimit_stack_set; @@ -116,7 +135,7 @@ static int has_prefix(const char *s, const char *prefix) { return strlen(s) >= l && strncmp(s, prefix, l) == 0; } -static int load_resolv_conf(const DaemonConfig *c) { +static int load_resolv_conf(void) { int ret = -1; FILE *f; int i = 0; @@ -124,14 +143,20 @@ static int load_resolv_conf(const DaemonConfig *c) { avahi_strfreev(resolv_conf); resolv_conf = NULL; - if (!(f = fopen(RESOLV_CONF, "r"))) { - avahi_log_warn("Failed to open "RESOLV_CONF"."); +#ifdef ENABLE_CHROOT + f = avahi_chroot_helper_get_file(RESOLV_CONF); +#else + f = fopen(RESOLV_CONF, "r"); +#endif + + if (!f) { + avahi_log_warn("Failed to open "RESOLV_CONF": %s", strerror(errno)); goto finish; } - resolv_conf = avahi_new0(char*, AVAHI_MAX_WIDE_AREA_SERVERS+1); + resolv_conf = avahi_new0(char*, AVAHI_WIDE_AREA_SERVERS_MAX+1); - while (!feof(f) && i < AVAHI_MAX_WIDE_AREA_SERVERS) { + while (!feof(f) && i < AVAHI_WIDE_AREA_SERVERS_MAX) { char ln[128]; char *p; @@ -203,11 +228,16 @@ static void remove_dns_server_entry_groups(void) { } static void update_wide_area_servers(void) { - AvahiAddress a[AVAHI_MAX_WIDE_AREA_SERVERS]; + AvahiAddress a[AVAHI_WIDE_AREA_SERVERS_MAX]; unsigned n = 0; char **p; - for (p = resolv_conf; *p && n < AVAHI_MAX_WIDE_AREA_SERVERS; p++) { + if (!resolv_conf) { + avahi_server_set_wide_area_servers(avahi_server, NULL, 0); + return; + } + + for (p = resolv_conf; *p && n < AVAHI_WIDE_AREA_SERVERS_MAX; p++) { if (!avahi_address_parse(*p, AVAHI_PROTO_UNSPEC, &a[n])) avahi_log_warn("Failed to parse address '%s', ignoring.", *p); else @@ -229,14 +259,18 @@ static void server_callback(AvahiServer *s, AvahiServerState state, void *userda avahi_server = s; #ifdef HAVE_DBUS - if (c->enable_dbus) + if (c->enable_dbus && state != AVAHI_SERVER_INVALID && state != AVAHI_SERVER_FAILURE) dbus_protocol_server_state_changed(state); #endif switch (state) { case AVAHI_SERVER_RUNNING: avahi_log_info("Server startup complete. Host name is %s. Local service cookie is %u.", avahi_server_get_host_name_fqdn(s), avahi_server_get_local_service_cookie(s)); + + avahi_set_proc_title("%s: running [%s]", argv0, avahi_server_get_host_name_fqdn(s)); + static_service_add_to_server(); + static_hosts_add_to_server(); remove_dns_server_entry_groups(); @@ -253,6 +287,7 @@ static void server_callback(AvahiServer *s, AvahiServerState state, void *userda char *n; static_service_remove_from_server(); + static_hosts_remove_from_server(); remove_dns_server_entry_groups(); @@ -260,6 +295,9 @@ static void server_callback(AvahiServer *s, AvahiServerState state, void *userda avahi_log_warn("Host name conflict, retrying with <%s>", n); avahi_server_set_host_name(s, n); avahi_free(n); + + avahi_set_proc_title("%s: collision", argv0); + break; } @@ -270,13 +308,16 @@ static void server_callback(AvahiServer *s, AvahiServerState state, void *userda break; case AVAHI_SERVER_REGISTERING: + avahi_set_proc_title("%s: registering [%s]", argv0, avahi_server_get_host_name_fqdn(s)); + + case AVAHI_SERVER_INVALID: break; } } -static void help(FILE *f, const char *argv0) { +static void help(FILE *f) { fprintf(f, "%s [options]\n" " -h --help Show this help\n" @@ -290,6 +331,10 @@ static void help(FILE *f, const char *argv0) { " "AVAHI_CONFIG_FILE"\n" " --no-rlimits Don't enforce resource limits\n" " --no-drop-root Don't drop privileges\n" +#ifdef ENABLE_CHROOT + " --no-chroot Don't chroot()\n" +#endif + " --no-proc-title Don't modify process title\n" " --debug Increase verbosity\n", argv0); } @@ -301,21 +346,29 @@ static int parse_command_line(DaemonConfig *c, int argc, char *argv[]) { enum { OPTION_NO_RLIMITS = 256, OPTION_NO_DROP_ROOT, +#ifdef ENABLE_CHROOT + OPTION_NO_CHROOT, +#endif + OPTION_NO_PROC_TITLE, OPTION_DEBUG }; static const struct option long_options[] = { - { "help", no_argument, NULL, 'h' }, - { "daemonize", no_argument, NULL, 'D' }, - { "kill", no_argument, NULL, 'k' }, - { "version", no_argument, NULL, 'V' }, - { "file", required_argument, NULL, 'f' }, - { "reload", no_argument, NULL, 'r' }, - { "check", no_argument, NULL, 'c' }, - { "syslog", no_argument, NULL, 's' }, - { "no-rlimits", no_argument, NULL, OPTION_NO_RLIMITS }, - { "no-drop-root", no_argument, NULL, OPTION_NO_DROP_ROOT }, - { "debug", no_argument, NULL, OPTION_DEBUG }, + { "help", no_argument, NULL, 'h' }, + { "daemonize", no_argument, NULL, 'D' }, + { "kill", no_argument, NULL, 'k' }, + { "version", no_argument, NULL, 'V' }, + { "file", required_argument, NULL, 'f' }, + { "reload", no_argument, NULL, 'r' }, + { "check", no_argument, NULL, 'c' }, + { "syslog", no_argument, NULL, 's' }, + { "no-rlimits", no_argument, NULL, OPTION_NO_RLIMITS }, + { "no-drop-root", no_argument, NULL, OPTION_NO_DROP_ROOT }, +#ifdef ENABLE_CHROOT + { "no-chroot", no_argument, NULL, OPTION_NO_CHROOT }, +#endif + { "no-proc-title", no_argument, NULL, OPTION_NO_PROC_TITLE }, + { "debug", no_argument, NULL, OPTION_DEBUG }, { NULL, 0, NULL, 0 } }; @@ -351,11 +404,19 @@ static int parse_command_line(DaemonConfig *c, int argc, char *argv[]) { c->command = DAEMON_CHECK; break; case OPTION_NO_RLIMITS: - c->no_rlimits = 1; + c->set_rlimits = 0; break; case OPTION_NO_DROP_ROOT: c->drop_root = 0; break; +#ifdef ENABLE_CHROOT + case OPTION_NO_CHROOT: + c->use_chroot = 0; + break; +#endif + case OPTION_NO_PROC_TITLE: + c->modify_proc_title = 0; + break; case OPTION_DEBUG: c->debug = 1; break; @@ -402,16 +463,37 @@ static int load_config_file(DaemonConfig *c) { } else if (strcasecmp(p->key, "domain-name") == 0) { avahi_free(c->server_config.domain_name); c->server_config.domain_name = avahi_strdup(p->value); + } else if (strcasecmp(p->key, "browse-domains") == 0) { + char **e, **t; + + e = avahi_split_csv(p->value); + + for (t = e; *t; t++) { + char cleaned[AVAHI_DOMAIN_NAME_MAX]; + + if (!avahi_normalize_name(*t, cleaned, sizeof(cleaned))) { + avahi_log_error("Invalid domain name \"%s\" for key \"%s\" in group \"%s\"\n", *t, p->key, g->name); + avahi_strfreev(e); + goto finish; + } + + c->server_config.browse_domains = avahi_string_list_add(c->server_config.browse_domains, cleaned); + } + + avahi_strfreev(e); } else if (strcasecmp(p->key, "use-ipv4") == 0) c->server_config.use_ipv4 = is_yes(p->value); else if (strcasecmp(p->key, "use-ipv6") == 0) c->server_config.use_ipv6 = is_yes(p->value); else if (strcasecmp(p->key, "check-response-ttl") == 0) c->server_config.check_response_ttl = is_yes(p->value); + else if (strcasecmp(p->key, "allow-point-to-point") == 0) + c->server_config.allow_point_to_point = is_yes(p->value); else if (strcasecmp(p->key, "use-iff-running") == 0) c->server_config.use_iff_running = is_yes(p->value); else if (strcasecmp(p->key, "disallow-other-stacks") == 0) c->server_config.disallow_other_stacks = is_yes(p->value); +#ifdef HAVE_DBUS else if (strcasecmp(p->key, "enable-dbus") == 0) { if (*(p->value) == 'w' || *(p->value) == 'W') { @@ -423,10 +505,8 @@ static int load_config_file(DaemonConfig *c) { } else { c->enable_dbus = 0; } - } else if (strcasecmp(p->key, "drop-root") == 0) - c->drop_root = is_yes(p->value); - else if (strcasecmp(p->key, "add-service-cookie") == 0) - c->server_config.add_service_cookie = is_yes(p->value); + } +#endif else { avahi_log_error("Invalid configuration key \"%s\" in group \"%s\"\n", p->key, g->name); goto finish; @@ -448,9 +528,15 @@ static int load_config_file(DaemonConfig *c) { c->server_config.publish_domain = is_yes(p->value); else if (strcasecmp(p->key, "publish-resolv-conf-dns-servers") == 0) c->publish_resolv_conf = is_yes(p->value); + else if (strcasecmp(p->key, "disable-publishing") == 0) + c->server_config.disable_publishing = is_yes(p->value); + else if (strcasecmp(p->key, "disable-user-service-publishing") == 0) + c->disable_user_service_publishing = is_yes(p->value); + else if (strcasecmp(p->key, "add-service-cookie") == 0) + c->server_config.add_service_cookie = is_yes(p->value); else if (strcasecmp(p->key, "publish-dns-servers") == 0) { avahi_strfreev(c->publish_dns_servers); - c->publish_dns_servers = avahi_split_csv(p->value); + c->publish_dns_servers = avahi_split_csv(p->value); } else { avahi_log_error("Invalid configuration key \"%s\" in group \"%s\"\n", p->key, g->name); goto finish; @@ -555,11 +641,11 @@ static void log_function(AvahiLogLevel level, const char *txt) { daemon_log(log_level_map[level], "%s", txt); } -static void dump(const char *text, void* userdata) { +static void dump(const char *text, AVAHI_GCC_UNUSED void* userdata) { avahi_log_info("%s", text); } -static void signal_callback(AvahiWatch *watch, int fd, AvahiWatchEvent event, void *userdata) { +static void signal_callback(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AVAHI_GCC_UNUSED AvahiWatchEvent event, AVAHI_GCC_UNUSED void *userdata) { int sig; const AvahiPoll *poll_api; @@ -587,13 +673,20 @@ static void signal_callback(AvahiWatch *watch, int fd, AvahiWatchEvent event, vo case SIGHUP: avahi_log_info("Got SIGHUP, reloading."); - static_service_load(); +#ifdef ENABLE_CHROOT + static_service_load(config.use_chroot); + static_hosts_load(config.use_chroot); +#else + static_service_load(0); + static_hosts_load(0); +#endif static_service_add_to_server(); + static_service_remove_from_server(); if (resolv_conf_entry_group) avahi_s_entry_group_reset(resolv_conf_entry_group); - load_resolv_conf(&config); + load_resolv_conf(); update_wide_area_servers(); @@ -613,14 +706,21 @@ static void signal_callback(AvahiWatch *watch, int fd, AvahiWatchEvent event, vo } } +/* Imported from ../avahi-client/nss-check.c */ +int avahi_nss_support(void); + static int run_server(DaemonConfig *c) { int r = -1; int error; - const AvahiPoll *poll_api; - AvahiWatch *sig_watch; + const AvahiPoll *poll_api = NULL; + AvahiWatch *sig_watch = NULL; + int retval_is_sent = 0; assert(c); + if (!(nss_support = avahi_nss_support())) + avahi_log_warn("WARNING: No NSS support for mDNS detected, consider installing nss-mdns!"); + if (!(simple_poll_api = avahi_simple_poll_new())) { avahi_log_error("Failed to create main loop object."); goto finish; @@ -640,9 +740,10 @@ static int run_server(DaemonConfig *c) { if (simple_protocol_setup(poll_api) < 0) goto finish; - if (c->enable_dbus) { + #ifdef HAVE_DBUS - if (dbus_protocol_setup(poll_api) < 0) { + if (c->enable_dbus) { + if (dbus_protocol_setup(poll_api, config.disable_user_service_publishing) < 0) { if (c->fail_on_missing_dbus) goto finish; @@ -650,14 +751,37 @@ static int run_server(DaemonConfig *c) { avahi_log_warn("WARNING: Failed to contact D-BUS daemon, disabling D-BUS support."); c->enable_dbus = 0; } -#else - avahi_log_warn("WARNING: We are configured to enable D-BUS but it was not compiled in."); - c->enable_dbus = 0; + } #endif + +#ifdef ENABLE_CHROOT + + if (config.drop_root && config.use_chroot) { + if (chroot(AVAHI_CONFIG_DIR) < 0) { + avahi_log_error("Failed to chroot(): %s", strerror(errno)); + goto finish; + } + + avahi_log_info("Successfully called chroot()."); + chdir("/"); + + if (avahi_caps_drop_all() < 0) { + avahi_log_error("Failed to drop capabilities."); + goto finish; + } + avahi_log_info("Successfully dropped remaining capabilities."); } - load_resolv_conf(c); - static_service_load(); +#endif + + load_resolv_conf(); +#ifdef ENABLE_CHROOT + static_service_load(config.use_chroot); + static_hosts_load(config.use_chroot); +#else + static_service_load(0); + static_hosts_load(0); +#endif if (!(avahi_server = avahi_server_new(poll_api, &c->server_config, server_callback, c, &error))) { avahi_log_error("Failed to create server: %s", avahi_strerror(error)); @@ -666,8 +790,10 @@ static int run_server(DaemonConfig *c) { update_wide_area_servers(); - if (c->daemonize) + if (c->daemonize) { daemon_retval_send(0); + retval_is_sent = 1; + } for (;;) { if ((r = avahi_simple_poll_iterate(simple_poll_api, -1)) < 0) { @@ -688,11 +814,15 @@ finish: static_service_remove_from_server(); static_service_free_all(); + + static_hosts_remove_from_server(); + static_hosts_free_all(); + remove_dns_server_entry_groups(); simple_protocol_shutdown(); -#ifdef ENABLE_DBUS +#ifdef HAVE_DBUS if (c->enable_dbus) dbus_protocol_shutdown(); #endif @@ -712,7 +842,7 @@ finish: simple_poll_api = NULL; } - if (r != 0 && c->daemonize) + if (!retval_is_sent && c->daemonize) daemon_retval_send(1); return r; @@ -777,7 +907,7 @@ static int drop_root(void) { set_env("USER", pw->pw_name); set_env("LOGNAME", pw->pw_name); set_env("HOME", pw->pw_dir); - + avahi_log_info("Successfully dropped root privileges."); return 0; @@ -842,9 +972,10 @@ static void set_one_rlimit(int resource, rlim_t limit, const char *name) { } static void enforce_rlimits(void) { - +#ifdef RLIMIT_AS if (config.rlimit_as_set) set_one_rlimit(RLIMIT_AS, config.rlimit_as, "RLIMIT_AS"); +#endif if (config.rlimit_core_set) set_one_rlimit(RLIMIT_CORE, config.rlimit_core, "RLIMIT_CORE"); if (config.rlimit_data_set) @@ -860,7 +991,8 @@ static void enforce_rlimits(void) { set_one_rlimit(RLIMIT_NPROC, config.rlimit_nproc, "RLIMIT_NPROC"); #endif -#ifdef RLIMIT_MEMLOCK + /* the sysctl() call from iface-pfroute.c needs locked memory on FreeBSD */ +#if defined(RLIMIT_MEMLOCK) && !defined(__FreeBSD__) /* We don't need locked memory */ set_one_rlimit(RLIMIT_MEMLOCK, 0, "RLIMIT_MEMLOCK"); #endif @@ -888,7 +1020,6 @@ static void init_rand_seed(void) { int main(int argc, char *argv[]) { int r = 255; - const char *argv0; int wrote_pid_file = 0; avahi_set_log_function(log_function); @@ -902,17 +1033,20 @@ int main(int argc, char *argv[]) { #ifdef HAVE_DBUS config.enable_dbus = 1; config.fail_on_missing_dbus = 1; -#else - config.enable_dbus = 0; - config.fail_on_missing_dbus = 0; #endif + config.drop_root = 1; + config.set_rlimits = 1; +#ifdef ENABLE_CHROOT + config.use_chroot = 1; +#endif + config.modify_proc_title = 1; + + config.disable_user_service_publishing = 0; config.publish_dns_servers = NULL; config.publish_resolv_conf = 0; config.use_syslog = 0; - config.no_rlimits = 0; config.debug = 0; - config.rlimit_as_set = 0; config.rlimit_core_set = 0; config.rlimit_data_set = 0; @@ -924,9 +1058,9 @@ int main(int argc, char *argv[]) { #endif if ((argv0 = strrchr(argv[0], '/'))) - argv0++; + argv0 = avahi_strdup(argv0 + 1); else - argv0 = argv[0]; + argv0 = avahi_strdup(argv[0]); daemon_pid_file_ident = (const char *) argv0; daemon_log_ident = (char*) argv0; @@ -935,8 +1069,15 @@ int main(int argc, char *argv[]) { if (parse_command_line(&config, argc, argv) < 0) goto finish; + if (config.modify_proc_title) + avahi_init_proc_title(argc, argv); + +#ifdef ENABLE_CHROOT + config.use_chroot = config.use_chroot && config.drop_root; +#endif + if (config.command == DAEMON_HELP) { - help(stdout, argv0); + help(stdout); r = 0; } else if (config.command == DAEMON_VERSION) { printf("%s "PACKAGE_VERSION"\n", argv0); @@ -985,7 +1126,7 @@ int main(int argc, char *argv[]) { /** Parent **/ if ((ret = daemon_retval_wait(20)) < 0) { - avahi_log_error("Could not recieve return value from daemon process."); + avahi_log_error("Could not receive return value from daemon process."); goto finish; } @@ -1003,8 +1144,20 @@ int main(int argc, char *argv[]) { goto finish; if (config.drop_root) { +#ifdef ENABLE_CHROOT + if (config.use_chroot) + if (avahi_caps_reduce() < 0) + goto finish; +#endif + if (drop_root() < 0) goto finish; + +#ifdef ENABLE_CHROOT + if (config.use_chroot) + if (avahi_caps_reduce2() < 0) + goto finish; +#endif } if (daemon_pid_file_create() < 0) { @@ -1016,12 +1169,21 @@ int main(int argc, char *argv[]) { } else wrote_pid_file = 1; - if (!config.no_rlimits) + if (config.set_rlimits) enforce_rlimits(); chdir("/"); - + +#ifdef ENABLE_CHROOT + if (config.drop_root && config.use_chroot) + if (avahi_chroot_helper_start(argv0) < 0) { + avahi_log_error("failed to start chroot() helper daemon."); + goto finish; + } +#endif avahi_log_info("%s "PACKAGE_VERSION" starting up.", argv0); + + avahi_set_proc_title("%s: starting up", argv0); if (run_server(&config) == 0) r = 0; @@ -1037,8 +1199,19 @@ finish: avahi_strfreev(config.publish_dns_servers); avahi_strfreev(resolv_conf); - if (wrote_pid_file) + if (wrote_pid_file) { +#ifdef ENABLE_CHROOT + avahi_chroot_helper_unlink(pid_file_proc()); +#else daemon_pid_file_remove(); +#endif + } + +#ifdef ENABLE_CHROOT + avahi_chroot_helper_shutdown(); +#endif + + avahi_free(argv0); return r; }