9 #include <sys/socket.h>
10 #include <arpa/inet.h>
17 /* XXX should be from autoconf */
18 static char *configfile="/etc/secnet/secnet.conf";
19 static char *sites_key="sites";
20 bool_t just_check_config=False;
21 static char *userid=NULL;
23 bool_t background=True;
24 static char *pidfile=NULL;
25 bool_t require_root_privileges=False;
26 string_t require_root_privileges_explanation=NULL;
28 static pid_t secnet_pid;
31 extern uint32_t message_level;
32 extern bool_t secnet_is_daemon;
33 extern struct log_if *system_log;
36 extern void start_signal_handling(void);
38 /* Structures dealing with poll() call */
39 struct poll_interest {
40 beforepoll_fn *before;
46 struct poll_interest *next;
48 static struct poll_interest *reg=NULL;
49 static uint32_t total_nfds=10;
51 static bool_t finished=False;
53 /* Parse the command line options */
54 static void parse_options(int argc, char **argv)
60 static struct option long_options[] = {
61 {"verbose", 0, 0, 'v'},
62 {"nowarnings", 0, 0, 'w'},
65 {"nodetach", 0, 0, 'n'},
66 {"silent", 0, 0, 'f'},
69 {"config", 1, 0, 'c'},
70 {"just-check-config", 0, 0, 'j'},
71 {"sites-key", 1, 0, 's'},
75 c=getopt_long(argc, argv, "vwdnjc:ft:s:",
76 long_options, &option_index);
84 "Usage: secnet [OPTION]...\n\n"
85 " -f, --silent, --quiet suppress error messages\n"
86 " -w, --nowarnings suppress warnings\n"
87 " -v, --verbose output extra diagnostics\n"
88 " -c, --config=filename specify a configuration file\n"
89 " -j, --just-check-config stop after reading "
90 "configuration file\n"
91 " -s, --sites-key=name configuration key that "
92 "specifies active sites\n"
93 " -n, --nodetach do not run in background\n"
94 " -d, --debug=item,... set debug options\n"
95 " --help display this help and exit\n"
96 " --version output version information "
104 fprintf(stderr,"%s\n",version);
109 message_level|=M_INFO|M_NOTICE|M_WARNING|M_ERR|M_SECURITY|
114 message_level&=(~M_WARNING);
118 message_level|=M_DEBUG_CONFIG|M_DEBUG_PHASE|M_DEBUG;
122 message_level=M_FATAL;
131 configfile=safe_strdup(optarg,"config_filename");
133 fatal("secnet: no config filename specified");
137 just_check_config=True;
142 sites_key=safe_strdup(optarg,"sites-key");
144 fatal("secnet: no sites key specified");
151 Message(M_ERR,"secnet: Unknown getopt code %c\n",c);
155 if (argc-optind != 0) {
156 Message(M_ERR,"secnet: You gave extra command line parameters, "
157 "which were ignored.\n");
161 static void setup(dict_t *config)
170 l=dict_lookup(config,"system");
172 if (!l || list_elem(l,0)->type!=t_dict) {
173 fatal("configuration does not include a \"system\" dictionary\n");
175 system=list_elem(l,0)->data.dict;
176 loc=list_elem(l,0)->loc;
178 /* Arrange systemwide log facility */
179 l=dict_lookup(system,"log");
181 fatal("configuration does not include a system/log facility\n");
183 system_log=init_log(l);
185 /* Who are we supposed to run as? */
186 userid=dict_read_string(system,"userid",False,"system",loc);
190 if (pw && strcmp(pw->pw_name,userid)==0) {
197 fatal("userid \"%s\" not found\n",userid);
202 pidfile=dict_read_string(system,"pidfile",False,"system",loc);
204 /* Check whether we need root privileges */
205 if (require_root_privileges && uid!=0) {
206 fatal("the following configured feature (\"%s\") requires "
207 "that secnet retain root privileges while running.\n",
208 require_root_privileges_explanation);
211 /* Go along site list, starting sites */
212 l=dict_lookup(config,sites_key);
214 Message(M_WARNING,"secnet: configuration key \"%s\" is missing; no "
215 "remote sites are defined\n",sites_key);
218 while ((site=list_elem(l, i++))) {
220 if (site->type!=t_closure) {
221 cfgfatal(site->loc,"system","non-closure in site list");
223 if (site->data.closure->type!=CL_SITE) {
224 cfgfatal(site->loc,"system","non-site closure in site list");
226 s=site->data.closure->interface;
227 s->control(s->st,True);
232 void register_for_poll(void *st, beforepoll_fn *before,
233 afterpoll_fn *after, uint32_t max_nfds, string_t desc)
235 struct poll_interest *i;
237 i=safe_malloc(sizeof(*i),"register_for_poll");
241 i->max_nfds=max_nfds;
244 total_nfds+=max_nfds;
250 static void system_phase_hook(void *sst, uint32_t newphase)
252 if (newphase==PHASE_SHUTDOWN && pidfile) {
253 /* Try to unlink the pidfile; don't care if it fails */
258 static void run(void)
260 struct timeval tv_now;
262 struct poll_interest *i;
263 int rv, nfds, remain, idx;
267 fds=alloca(sizeof(*fds)*total_nfds);
269 fatal("run: couldn't alloca\n");
272 Message(M_NOTICE,"%s [%d]: starting\n",version,secnet_pid);
275 if (gettimeofday(&tv_now, NULL)!=0) {
276 fatal_perror("main loop: gettimeofday");
278 now=((uint64_t)tv_now.tv_sec*(uint64_t)1000)+
279 ((uint64_t)tv_now.tv_usec/(uint64_t)1000);
281 for (i=reg; i; i=i->next) {
282 i->after(i->state, fds+idx, i->nfds, &tv_now, &now);
288 for (i=reg; i; i=i->next) {
290 rv=i->before(i->state, fds+idx, &nfds, &timeout, &tv_now, &now);
292 /* XXX we need to handle this properly: increase the
294 fatal("run: beforepoll_fn (%s) returns %d\n",i->desc,rv);
297 fatal("run: beforepoll_fn (%s) set timeout to %d\n",timeout);
305 rv=poll(fds, idx, timeout);
308 fatal_perror("run: poll");
315 static void droppriv(void)
320 add_hook(PHASE_SHUTDOWN,system_phase_hook,NULL);
322 /* Open the pidfile for writing now: we may be unable to do so
323 once we drop privileges. */
325 pf=fopen(pidfile,"w");
327 fatal_perror("cannot open pidfile \"%s\"",pidfile);
330 if (!background && pf) {
331 fprintf(pf,"%d\n",getpid());
335 /* Now drop privileges */
337 if (setuid(uid)!=0) {
338 fatal_perror("can't set uid to \"%s\"",userid);
345 /* Parent process - write pidfile, exit */
346 fprintf(pf,"%d\n",p);
351 /* Child process - all done, just carry on */
353 /* Close stdin, stdout and stderr; we don't need them any more */
354 /* XXX we must leave stderr pointing to something useful -
355 a pipe to a log destination, for example, or just leave
360 secnet_is_daemon=True;
364 fatal_perror("cannot fork");
371 static signal_notify_fn finish,ignore_hup;
372 static void finish(void *st, int signum)
375 Message(M_NOTICE,"%s [%d]: received %s\n",version,secnet_pid,(string_t)st);
377 static void ignore_hup(void *st, int signum)
379 Message(M_INFO,"%s [%d]: received SIGHUP\n",version,secnet_pid);
383 int main(int argc, char **argv)
387 enter_phase(PHASE_GETOPTS);
388 parse_options(argc,argv);
390 enter_phase(PHASE_READCONFIG);
391 config=read_conffile(configfile);
393 enter_phase(PHASE_SETUP);
396 if (just_check_config) {
397 Message(M_INFO,"configuration file check complete\n");
401 enter_phase(PHASE_GETRESOURCES);
402 /* Appropriate phase hooks will have been run */
404 enter_phase(PHASE_DROPPRIV);
407 start_signal_handling();
408 request_signal_notification(SIGTERM,finish,"SIGTERM");
409 if (!background) request_signal_notification(SIGINT,finish,"SIGINT");
410 request_signal_notification(SIGHUP,ignore_hup,NULL);
411 enter_phase(PHASE_RUN);
414 enter_phase(PHASE_SHUTDOWN);
415 Message(M_NOTICE,"%s [%d]: finished\n",version,secnet_pid);