ntpd.c revision 316068
1/* 2 * ntpd.c - main program for the fixed point NTP daemon 3 */ 4 5#ifdef HAVE_CONFIG_H 6# include <config.h> 7#endif 8 9#include "ntp_machine.h" 10#include "ntpd.h" 11#include "ntp_io.h" 12#include "ntp_stdlib.h" 13#include <ntp_random.h> 14 15#include "ntp_config.h" 16#include "ntp_syslog.h" 17#include "ntp_assert.h" 18#include "isc/error.h" 19#include "isc/strerror.h" 20#include "isc/formatcheck.h" 21#include "iosignal.h" 22 23#ifdef SIM 24# include "ntpsim.h" 25#endif 26 27#include "ntp_libopts.h" 28#include "ntpd-opts.h" 29 30/* there's a short treatise below what the thread stuff is for. 31 * [Bug 2954] enable the threading warm-up only for Linux. 32 */ 33#if defined(HAVE_PTHREADS) && HAVE_PTHREADS && !defined(NO_THREADS) 34# ifdef HAVE_PTHREAD_H 35# include <pthread.h> 36# endif 37# if defined(linux) 38# define NEED_PTHREAD_WARMUP 39# endif 40#endif 41 42#ifdef HAVE_UNISTD_H 43# include <unistd.h> 44#endif 45#ifdef HAVE_SYS_STAT_H 46# include <sys/stat.h> 47#endif 48#include <stdio.h> 49#ifdef HAVE_SYS_PARAM_H 50# include <sys/param.h> 51#endif 52#ifdef HAVE_SYS_SIGNAL_H 53# include <sys/signal.h> 54#else 55# include <signal.h> 56#endif 57#ifdef HAVE_SYS_IOCTL_H 58# include <sys/ioctl.h> 59#endif /* HAVE_SYS_IOCTL_H */ 60#if defined(HAVE_RTPRIO) 61# ifdef HAVE_SYS_LOCK_H 62# include <sys/lock.h> 63# endif 64# include <sys/rtprio.h> 65#else 66# ifdef HAVE_PLOCK 67# ifdef HAVE_SYS_LOCK_H 68# include <sys/lock.h> 69# endif 70# endif 71#endif 72#if defined(HAVE_SCHED_SETSCHEDULER) 73# ifdef HAVE_SCHED_H 74# include <sched.h> 75# else 76# ifdef HAVE_SYS_SCHED_H 77# include <sys/sched.h> 78# endif 79# endif 80#endif 81#if defined(HAVE_SYS_MMAN_H) 82# include <sys/mman.h> 83#endif 84 85#ifdef HAVE_TERMIOS_H 86# include <termios.h> 87#endif 88 89#ifdef SYS_DOMAINOS 90# include <apollo/base.h> 91#endif /* SYS_DOMAINOS */ 92 93 94#include "recvbuff.h" 95#include "ntp_cmdargs.h" 96 97#if 0 /* HMS: I don't think we need this. 961223 */ 98#ifdef LOCK_PROCESS 99# ifdef SYS_SOLARIS 100# include <sys/mman.h> 101# else 102# include <sys/lock.h> 103# endif 104#endif 105#endif 106 107#ifdef _AIX 108# include <ulimit.h> 109#endif /* _AIX */ 110 111#ifdef SCO5_CLOCK 112# include <sys/ci/ciioctl.h> 113#endif 114 115#ifdef HAVE_DROPROOT 116# include <ctype.h> 117# include <grp.h> 118# include <pwd.h> 119#ifdef HAVE_LINUX_CAPABILITIES 120# include <sys/capability.h> 121# include <sys/prctl.h> 122#endif /* HAVE_LINUX_CAPABILITIES */ 123#if defined(HAVE_PRIV_H) && defined(HAVE_SOLARIS_PRIVS) 124# include <priv.h> 125#endif /* HAVE_PRIV_H */ 126#endif /* HAVE_DROPROOT */ 127 128#if defined (LIBSECCOMP) && (KERN_SECCOMP) 129/* # include <sys/types.h> */ 130# include <sys/resource.h> 131# include <seccomp.h> 132#endif /* LIBSECCOMP and KERN_SECCOMP */ 133 134#ifdef HAVE_DNSREGISTRATION 135# include <dns_sd.h> 136DNSServiceRef mdns; 137#endif 138 139#ifdef HAVE_SETPGRP_0 140# define ntp_setpgrp(x, y) setpgrp() 141#else 142# define ntp_setpgrp(x, y) setpgrp(x, y) 143#endif 144 145#ifdef HAVE_SOLARIS_PRIVS 146# define LOWPRIVS "basic,sys_time,net_privaddr,proc_setid,!proc_info,!proc_session,!proc_exec" 147static priv_set_t *lowprivs = NULL; 148static priv_set_t *highprivs = NULL; 149#endif /* HAVE_SOLARIS_PRIVS */ 150/* 151 * Scheduling priority we run at 152 */ 153#define NTPD_PRIO (-12) 154 155int priority_done = 2; /* 0 - Set priority */ 156 /* 1 - priority is OK where it is */ 157 /* 2 - Don't set priority */ 158 /* 1 and 2 are pretty much the same */ 159 160int listen_to_virtual_ips = TRUE; 161 162/* 163 * No-fork flag. If set, we do not become a background daemon. 164 */ 165int nofork; /* Fork by default */ 166 167#ifdef HAVE_DNSREGISTRATION 168/* 169 * mDNS registration flag. If set, we attempt to register with the mDNS system, but only 170 * after we have synched the first time. If the attempt fails, then try again once per 171 * minute for up to 5 times. After all, we may be starting before mDNS. 172 */ 173int mdnsreg = FALSE; 174int mdnstries = 5; 175#endif /* HAVE_DNSREGISTRATION */ 176 177#ifdef HAVE_DROPROOT 178int droproot; 179int root_dropped; 180char *user; /* User to switch to */ 181char *group; /* group to switch to */ 182const char *chrootdir; /* directory to chroot to */ 183uid_t sw_uid; 184gid_t sw_gid; 185char *endp; 186struct group *gr; 187struct passwd *pw; 188#endif /* HAVE_DROPROOT */ 189 190#ifdef HAVE_WORKING_FORK 191int waitsync_fd_to_close = -1; /* -w/--wait-sync */ 192#endif 193 194/* 195 * Version declaration 196 */ 197extern const char *Version; 198 199char const *progname; 200 201int was_alarmed; 202 203#ifdef DECL_SYSCALL 204/* 205 * We put this here, since the argument profile is syscall-specific 206 */ 207extern int syscall (int, ...); 208#endif /* DECL_SYSCALL */ 209 210 211#if !defined(SIM) && defined(SIGDIE1) 212static volatile int signalled = 0; 213static volatile int signo = 0; 214 215/* In an ideal world, 'finish_safe()' would declared as noreturn... */ 216static void finish_safe (int); 217static RETSIGTYPE finish (int); 218#endif 219 220#if !defined(SIM) && defined(HAVE_WORKING_FORK) 221static int wait_child_sync_if (int, long); 222#endif 223 224#if !defined(SIM) && !defined(SYS_WINNT) 225# ifdef DEBUG 226static RETSIGTYPE moredebug (int); 227static RETSIGTYPE lessdebug (int); 228# else /* !DEBUG follows */ 229static RETSIGTYPE no_debug (int); 230# endif /* !DEBUG */ 231#endif /* !SIM && !SYS_WINNT */ 232 233#ifndef WORK_FORK 234int saved_argc; 235char ** saved_argv; 236#endif 237 238#ifndef SIM 239int ntpdmain (int, char **); 240static void set_process_priority (void); 241static void assertion_failed (const char *, int, 242 isc_assertiontype_t, 243 const char *) 244 __attribute__ ((__noreturn__)); 245static void library_fatal_error (const char *, int, 246 const char *, va_list) 247 ISC_FORMAT_PRINTF(3, 0); 248static void library_unexpected_error(const char *, int, 249 const char *, va_list) 250 ISC_FORMAT_PRINTF(3, 0); 251#endif /* !SIM */ 252 253 254/* Bug2332 unearthed a problem in the interaction of reduced user 255 * privileges, the limits on memory usage and some versions of the 256 * pthread library on Linux systems. The 'pthread_cancel()' function and 257 * likely some others need to track the stack of the thread involved, 258 * and uses a function that comes from GCC (--> libgcc_s.so) to do 259 * this. Unfortunately the developers of glibc decided to load the 260 * library on demand, which speeds up program start but can cause 261 * trouble here: Due to all the things NTPD does to limit its resource 262 * usage, this deferred load of libgcc_s does not always work once the 263 * restrictions are in effect. 264 * 265 * One way out of this was attempting a forced link against libgcc_s 266 * when possible because it makes the library available immediately 267 * without deferred load. (The symbol resolution would still be dynamic 268 * and on demand, but the code would already be in the process image.) 269 * 270 * This is a tricky thing to do, since it's not necessary everywhere, 271 * not possible everywhere, has shown to break the build of other 272 * programs in the NTP suite and is now generally frowned upon. 273 * 274 * So we take a different approach here: We creat a worker thread that does 275 * actually nothing except waiting for cancellation and cancel it. If 276 * this is done before all the limitations are put in place, the 277 * machinery is pre-heated and all the runtime stuff should be in place 278 * and useable when needed. 279 * 280 * This uses only the standard pthread API and should work with all 281 * implementations of pthreads. It is not necessary everywhere, but it's 282 * cheap enough to go on nearly unnoticed. 283 * 284 * Addendum: Bug 2954 showed that the assumption that this should work 285 * with all OS is wrong -- at least FreeBSD bombs heavily. 286 */ 287#ifdef NEED_PTHREAD_WARMUP 288 289/* simple thread function: sleep until cancelled, just to exercise 290 * thread cancellation. 291 */ 292static void* 293my_pthread_warmup_worker( 294 void *thread_args) 295{ 296 (void)thread_args; 297 for (;;) 298 sleep(10); 299 return NULL; 300} 301 302/* pre-heat threading: create a thread and cancel it, just to exercise 303 * thread cancellation. 304 */ 305static void 306my_pthread_warmup(void) 307{ 308 pthread_t thread; 309 pthread_attr_t thr_attr; 310 int rc; 311 312 pthread_attr_init(&thr_attr); 313#if defined(HAVE_PTHREAD_ATTR_GETSTACKSIZE) && \ 314 defined(HAVE_PTHREAD_ATTR_SETSTACKSIZE) && \ 315 defined(PTHREAD_STACK_MIN) 316 rc = pthread_attr_setstacksize(&thr_attr, PTHREAD_STACK_MIN); 317 if (0 != rc) 318 msyslog(LOG_ERR, 319 "my_pthread_warmup: pthread_attr_setstacksize() -> %s", 320 strerror(rc)); 321#endif 322 rc = pthread_create( 323 &thread, &thr_attr, my_pthread_warmup_worker, NULL); 324 pthread_attr_destroy(&thr_attr); 325 if (0 != rc) { 326 msyslog(LOG_ERR, 327 "my_pthread_warmup: pthread_create() -> %s", 328 strerror(rc)); 329 } else { 330 pthread_cancel(thread); 331 pthread_join(thread, NULL); 332 } 333} 334 335#endif /*defined(NEED_PTHREAD_WARMUP)*/ 336 337#ifdef NEED_EARLY_FORK 338static void 339dummy_callback(void) { return; } 340 341static void 342fork_nonchroot_worker(void) { 343 getaddrinfo_sometime("localhost", "ntp", NULL, INITIAL_DNS_RETRY, 344 (gai_sometime_callback)&dummy_callback, NULL); 345} 346#endif /* NEED_EARLY_FORK */ 347 348void 349parse_cmdline_opts( 350 int * pargc, 351 char ***pargv 352 ) 353{ 354 static int parsed; 355 static int optct; 356 357 if (!parsed) 358 optct = ntpOptionProcess(&ntpdOptions, *pargc, *pargv); 359 360 parsed = 1; 361 362 *pargc -= optct; 363 *pargv += optct; 364} 365 366 367#ifdef SIM 368int 369main( 370 int argc, 371 char *argv[] 372 ) 373{ 374 progname = argv[0]; 375 parse_cmdline_opts(&argc, &argv); 376#ifdef DEBUG 377 debug = OPT_VALUE_SET_DEBUG_LEVEL; 378 DPRINTF(1, ("%s\n", Version)); 379#endif 380 381 return ntpsim(argc, argv); 382} 383#else /* !SIM follows */ 384#ifdef NO_MAIN_ALLOWED 385CALL(ntpd,"ntpd",ntpdmain); 386#else /* !NO_MAIN_ALLOWED follows */ 387#ifndef SYS_WINNT 388int 389main( 390 int argc, 391 char *argv[] 392 ) 393{ 394 return ntpdmain(argc, argv); 395} 396#endif /* !SYS_WINNT */ 397#endif /* !NO_MAIN_ALLOWED */ 398#endif /* !SIM */ 399 400#ifdef _AIX 401/* 402 * OK. AIX is different than solaris in how it implements plock(). 403 * If you do NOT adjust the stack limit, you will get the MAXIMUM 404 * stack size allocated and PINNED with you program. To check the 405 * value, use ulimit -a. 406 * 407 * To fix this, we create an automatic variable and set our stack limit 408 * to that PLUS 32KB of extra space (we need some headroom). 409 * 410 * This subroutine gets the stack address. 411 * 412 * Grover Davidson and Matt Ladendorf 413 * 414 */ 415static char * 416get_aix_stack(void) 417{ 418 char ch; 419 return (&ch); 420} 421 422/* 423 * Signal handler for SIGDANGER. 424 */ 425static void 426catch_danger(int signo) 427{ 428 msyslog(LOG_INFO, "ntpd: setpgid(): %m"); 429 /* Make the system believe we'll free something, but don't do it! */ 430 return; 431} 432#endif /* _AIX */ 433 434/* 435 * Set the process priority 436 */ 437#ifndef SIM 438static void 439set_process_priority(void) 440{ 441 442# ifdef DEBUG 443 if (debug > 1) 444 msyslog(LOG_DEBUG, "set_process_priority: %s: priority_done is <%d>", 445 ((priority_done) 446 ? "Leave priority alone" 447 : "Attempt to set priority" 448 ), 449 priority_done); 450# endif /* DEBUG */ 451 452# if defined(HAVE_SCHED_SETSCHEDULER) 453 if (!priority_done) { 454 extern int config_priority_override, config_priority; 455 int pmax, pmin; 456 struct sched_param sched; 457 458 pmax = sched_get_priority_max(SCHED_FIFO); 459 sched.sched_priority = pmax; 460 if ( config_priority_override ) { 461 pmin = sched_get_priority_min(SCHED_FIFO); 462 if ( config_priority > pmax ) 463 sched.sched_priority = pmax; 464 else if ( config_priority < pmin ) 465 sched.sched_priority = pmin; 466 else 467 sched.sched_priority = config_priority; 468 } 469 if ( sched_setscheduler(0, SCHED_FIFO, &sched) == -1 ) 470 msyslog(LOG_ERR, "sched_setscheduler(): %m"); 471 else 472 ++priority_done; 473 } 474# endif /* HAVE_SCHED_SETSCHEDULER */ 475# ifdef HAVE_RTPRIO 476# ifdef RTP_SET 477 if (!priority_done) { 478 struct rtprio srtp; 479 480 srtp.type = RTP_PRIO_REALTIME; /* was: RTP_PRIO_NORMAL */ 481 srtp.prio = 0; /* 0 (hi) -> RTP_PRIO_MAX (31,lo) */ 482 483 if (rtprio(RTP_SET, getpid(), &srtp) < 0) 484 msyslog(LOG_ERR, "rtprio() error: %m"); 485 else 486 ++priority_done; 487 } 488# else /* !RTP_SET follows */ 489 if (!priority_done) { 490 if (rtprio(0, 120) < 0) 491 msyslog(LOG_ERR, "rtprio() error: %m"); 492 else 493 ++priority_done; 494 } 495# endif /* !RTP_SET */ 496# endif /* HAVE_RTPRIO */ 497# if defined(NTPD_PRIO) && NTPD_PRIO != 0 498# ifdef HAVE_ATT_NICE 499 if (!priority_done) { 500 errno = 0; 501 if (-1 == nice (NTPD_PRIO) && errno != 0) 502 msyslog(LOG_ERR, "nice() error: %m"); 503 else 504 ++priority_done; 505 } 506# endif /* HAVE_ATT_NICE */ 507# ifdef HAVE_BSD_NICE 508 if (!priority_done) { 509 if (-1 == setpriority(PRIO_PROCESS, 0, NTPD_PRIO)) 510 msyslog(LOG_ERR, "setpriority() error: %m"); 511 else 512 ++priority_done; 513 } 514# endif /* HAVE_BSD_NICE */ 515# endif /* NTPD_PRIO && NTPD_PRIO != 0 */ 516 if (!priority_done) 517 msyslog(LOG_ERR, "set_process_priority: No way found to improve our priority"); 518} 519#endif /* !SIM */ 520 521 522/* 523 * Main program. Initialize us, disconnect us from the tty if necessary, 524 * and loop waiting for I/O and/or timer expiries. 525 */ 526#ifndef SIM 527int 528ntpdmain( 529 int argc, 530 char *argv[] 531 ) 532{ 533 l_fp now; 534 struct recvbuf *rbuf; 535 const char * logfilename; 536# ifdef HAVE_UMASK 537 mode_t uv; 538# endif 539# if defined(HAVE_GETUID) && !defined(MPE) /* MPE lacks the concept of root */ 540 uid_t uid; 541# endif 542# if defined(HAVE_WORKING_FORK) 543 long wait_sync = 0; 544 int pipe_fds[2]; 545 int rc; 546 int exit_code; 547# ifdef _AIX 548 struct sigaction sa; 549# endif 550# if !defined(HAVE_SETSID) && !defined (HAVE_SETPGID) && defined(TIOCNOTTY) 551 int fid; 552# endif 553# endif /* HAVE_WORKING_FORK*/ 554# ifdef SCO5_CLOCK 555 int fd; 556 int zero; 557# endif 558 559# ifdef NEED_PTHREAD_WARMUP 560 my_pthread_warmup(); 561# endif 562 563# ifdef HAVE_UMASK 564 uv = umask(0); 565 if (uv) 566 umask(uv); 567 else 568 umask(022); 569# endif 570 saved_argc = argc; 571 saved_argv = argv; 572 progname = argv[0]; 573 initializing = TRUE; /* mark that we are initializing */ 574 parse_cmdline_opts(&argc, &argv); 575# ifdef DEBUG 576 debug = OPT_VALUE_SET_DEBUG_LEVEL; 577# ifdef HAVE_SETLINEBUF 578 setlinebuf(stdout); 579# endif 580# endif 581 582 if (HAVE_OPT(NOFORK) || HAVE_OPT(QUIT) 583# ifdef DEBUG 584 || debug 585# endif 586 || HAVE_OPT(SAVECONFIGQUIT)) 587 nofork = TRUE; 588 589 init_logging(progname, NLOG_SYNCMASK, TRUE); 590 /* honor -l/--logfile option to log to a file */ 591 if (HAVE_OPT(LOGFILE)) { 592 logfilename = OPT_ARG(LOGFILE); 593 syslogit = FALSE; 594 change_logfile(logfilename, FALSE); 595 } else { 596 logfilename = NULL; 597 if (nofork) 598 msyslog_term = TRUE; 599 if (HAVE_OPT(SAVECONFIGQUIT)) 600 syslogit = FALSE; 601 } 602 msyslog(LOG_NOTICE, "%s: Starting", Version); 603 604 { 605 int i; 606 char buf[1024]; /* Secret knowledge of msyslog buf length */ 607 char *cp = buf; 608 609 /* Note that every arg has an initial space character */ 610 snprintf(cp, sizeof(buf), "Command line:"); 611 cp += strlen(cp); 612 613 for (i = 0; i < saved_argc ; ++i) { 614 snprintf(cp, sizeof(buf) - (cp - buf), 615 " %s", saved_argv[i]); 616 cp += strlen(cp); 617 } 618 msyslog(LOG_INFO, "%s", buf); 619 } 620 621 /* 622 * Install trap handlers to log errors and assertion failures. 623 * Default handlers print to stderr which doesn't work if detached. 624 */ 625 isc_assertion_setcallback(assertion_failed); 626 isc_error_setfatal(library_fatal_error); 627 isc_error_setunexpected(library_unexpected_error); 628 629 /* MPE lacks the concept of root */ 630# if defined(HAVE_GETUID) && !defined(MPE) 631 uid = getuid(); 632 if (uid && !HAVE_OPT( SAVECONFIGQUIT )) { 633 msyslog_term = TRUE; 634 msyslog(LOG_ERR, 635 "must be run as root, not uid %ld", (long)uid); 636 exit(1); 637 } 638# endif 639 640/* 641 * Enable the Multi-Media Timer for Windows? 642 */ 643# ifdef SYS_WINNT 644 if (HAVE_OPT( MODIFYMMTIMER )) 645 set_mm_timer(MM_TIMER_HIRES); 646# endif 647 648#ifdef HAVE_DNSREGISTRATION 649/* 650 * Enable mDNS registrations? 651 */ 652 if (HAVE_OPT( MDNS )) { 653 mdnsreg = TRUE; 654 } 655#endif /* HAVE_DNSREGISTRATION */ 656 657 if (HAVE_OPT( NOVIRTUALIPS )) 658 listen_to_virtual_ips = 0; 659 660 /* 661 * --interface, listen on specified interfaces 662 */ 663 if (HAVE_OPT( INTERFACE )) { 664 int ifacect = STACKCT_OPT( INTERFACE ); 665 const char** ifaces = STACKLST_OPT( INTERFACE ); 666 sockaddr_u addr; 667 668 while (ifacect-- > 0) { 669 add_nic_rule( 670 is_ip_address(*ifaces, AF_UNSPEC, &addr) 671 ? MATCH_IFADDR 672 : MATCH_IFNAME, 673 *ifaces, -1, ACTION_LISTEN); 674 ifaces++; 675 } 676 } 677 678 if (HAVE_OPT( NICE )) 679 priority_done = 0; 680 681# ifdef HAVE_SCHED_SETSCHEDULER 682 if (HAVE_OPT( PRIORITY )) { 683 config_priority = OPT_VALUE_PRIORITY; 684 config_priority_override = 1; 685 priority_done = 0; 686 } 687# endif 688 689# ifdef HAVE_WORKING_FORK 690 /* make sure the FDs are initialised */ 691 pipe_fds[0] = -1; 692 pipe_fds[1] = -1; 693 do { /* 'loop' once */ 694 if (!HAVE_OPT( WAIT_SYNC )) 695 break; 696 wait_sync = OPT_VALUE_WAIT_SYNC; 697 if (wait_sync <= 0) { 698 wait_sync = 0; 699 break; 700 } 701 /* -w requires a fork() even with debug > 0 */ 702 nofork = FALSE; 703 if (pipe(pipe_fds)) { 704 exit_code = (errno) ? errno : -1; 705 msyslog(LOG_ERR, 706 "Pipe creation failed for --wait-sync: %m"); 707 exit(exit_code); 708 } 709 waitsync_fd_to_close = pipe_fds[1]; 710 } while (0); /* 'loop' once */ 711# endif /* HAVE_WORKING_FORK */ 712 713 init_lib(); 714# ifdef SYS_WINNT 715 /* 716 * Start interpolation thread, must occur before first 717 * get_systime() 718 */ 719 init_winnt_time(); 720# endif 721 /* 722 * Initialize random generator and public key pair 723 */ 724 get_systime(&now); 725 726 ntp_srandom((int)(now.l_i * now.l_uf)); 727 728 /* 729 * Detach us from the terminal. May need an #ifndef GIZMO. 730 */ 731 if (!nofork) { 732 733# ifdef HAVE_WORKING_FORK 734 rc = fork(); 735 if (-1 == rc) { 736 exit_code = (errno) ? errno : -1; 737 msyslog(LOG_ERR, "fork: %m"); 738 exit(exit_code); 739 } 740 if (rc > 0) { 741 /* parent */ 742 exit_code = wait_child_sync_if(pipe_fds[0], 743 wait_sync); 744 exit(exit_code); 745 } 746 747 /* 748 * child/daemon 749 * close all open files excepting waitsync_fd_to_close. 750 * msyslog() unreliable until after init_logging(). 751 */ 752 closelog(); 753 if (syslog_file != NULL) { 754 fclose(syslog_file); 755 syslog_file = NULL; 756 syslogit = TRUE; 757 } 758 close_all_except(waitsync_fd_to_close); 759 INSIST(0 == open("/dev/null", 0) && 1 == dup2(0, 1) \ 760 && 2 == dup2(0, 2)); 761 762 init_logging(progname, 0, TRUE); 763 /* we lost our logfile (if any) daemonizing */ 764 setup_logfile(logfilename); 765 766# ifdef SYS_DOMAINOS 767 { 768 uid_$t puid; 769 status_$t st; 770 771 proc2_$who_am_i(&puid); 772 proc2_$make_server(&puid, &st); 773 } 774# endif /* SYS_DOMAINOS */ 775# ifdef HAVE_SETSID 776 if (setsid() == (pid_t)-1) 777 msyslog(LOG_ERR, "setsid(): %m"); 778# elif defined(HAVE_SETPGID) 779 if (setpgid(0, 0) == -1) 780 msyslog(LOG_ERR, "setpgid(): %m"); 781# else /* !HAVE_SETSID && !HAVE_SETPGID follows */ 782# ifdef TIOCNOTTY 783 fid = open("/dev/tty", 2); 784 if (fid >= 0) { 785 ioctl(fid, (u_long)TIOCNOTTY, NULL); 786 close(fid); 787 } 788# endif /* TIOCNOTTY */ 789 ntp_setpgrp(0, getpid()); 790# endif /* !HAVE_SETSID && !HAVE_SETPGID */ 791# ifdef _AIX 792 /* Don't get killed by low-on-memory signal. */ 793 sa.sa_handler = catch_danger; 794 sigemptyset(&sa.sa_mask); 795 sa.sa_flags = SA_RESTART; 796 sigaction(SIGDANGER, &sa, NULL); 797# endif /* _AIX */ 798# endif /* HAVE_WORKING_FORK */ 799 } 800 801# ifdef SCO5_CLOCK 802 /* 803 * SCO OpenServer's system clock offers much more precise timekeeping 804 * on the base CPU than the other CPUs (for multiprocessor systems), 805 * so we must lock to the base CPU. 806 */ 807 fd = open("/dev/at1", O_RDONLY); 808 if (fd >= 0) { 809 zero = 0; 810 if (ioctl(fd, ACPU_LOCK, &zero) < 0) 811 msyslog(LOG_ERR, "cannot lock to base CPU: %m"); 812 close(fd); 813 } 814# endif 815 816 /* Setup stack size in preparation for locking pages in memory. */ 817# if defined(HAVE_MLOCKALL) 818# ifdef HAVE_SETRLIMIT 819 ntp_rlimit(RLIMIT_STACK, DFLT_RLIMIT_STACK * 4096, 4096, "4k"); 820# ifdef RLIMIT_MEMLOCK 821 /* 822 * The default RLIMIT_MEMLOCK is very low on Linux systems. 823 * Unless we increase this limit malloc calls are likely to 824 * fail if we drop root privilege. To be useful the value 825 * has to be larger than the largest ntpd resident set size. 826 */ 827 ntp_rlimit(RLIMIT_MEMLOCK, DFLT_RLIMIT_MEMLOCK * 1024 * 1024, 1024 * 1024, "MB"); 828# endif /* RLIMIT_MEMLOCK */ 829# endif /* HAVE_SETRLIMIT */ 830# else /* !HAVE_MLOCKALL follows */ 831# ifdef HAVE_PLOCK 832# ifdef PROCLOCK 833# ifdef _AIX 834 /* 835 * set the stack limit for AIX for plock(). 836 * see get_aix_stack() for more info. 837 */ 838 if (ulimit(SET_STACKLIM, (get_aix_stack() - 8 * 4096)) < 0) 839 msyslog(LOG_ERR, 840 "Cannot adjust stack limit for plock: %m"); 841# endif /* _AIX */ 842# endif /* PROCLOCK */ 843# endif /* HAVE_PLOCK */ 844# endif /* !HAVE_MLOCKALL */ 845 846 /* 847 * Set up signals we pay attention to locally. 848 */ 849# ifdef SIGDIE1 850 signal_no_reset(SIGDIE1, finish); 851 signal_no_reset(SIGDIE2, finish); 852 signal_no_reset(SIGDIE3, finish); 853 signal_no_reset(SIGDIE4, finish); 854# endif 855# ifdef SIGBUS 856 signal_no_reset(SIGBUS, finish); 857# endif 858 859# if !defined(SYS_WINNT) && !defined(VMS) 860# ifdef DEBUG 861 (void) signal_no_reset(MOREDEBUGSIG, moredebug); 862 (void) signal_no_reset(LESSDEBUGSIG, lessdebug); 863# else 864 (void) signal_no_reset(MOREDEBUGSIG, no_debug); 865 (void) signal_no_reset(LESSDEBUGSIG, no_debug); 866# endif /* DEBUG */ 867# endif /* !SYS_WINNT && !VMS */ 868 869 /* 870 * Set up signals we should never pay attention to. 871 */ 872# ifdef SIGPIPE 873 signal_no_reset(SIGPIPE, SIG_IGN); 874# endif 875 876 /* 877 * Call the init_ routines to initialize the data structures. 878 * 879 * Exactly what command-line options are we expecting here? 880 */ 881 INIT_SSL(); 882 init_auth(); 883 init_util(); 884 init_restrict(); 885 init_mon(); 886 init_timer(); 887 init_request(); 888 init_control(); 889 init_peer(); 890# ifdef REFCLOCK 891 init_refclock(); 892# endif 893 set_process_priority(); 894 init_proto(); /* Call at high priority */ 895 init_io(); 896 init_loopfilter(); 897 mon_start(MON_ON); /* monitor on by default now */ 898 /* turn off in config if unwanted */ 899 900 /* 901 * Get the configuration. This is done in a separate module 902 * since this will definitely be different for the gizmo board. 903 */ 904 getconfig(argc, argv); 905 906 if (-1 == cur_memlock) { 907# if defined(HAVE_MLOCKALL) 908 /* 909 * lock the process into memory 910 */ 911 if ( !HAVE_OPT(SAVECONFIGQUIT) 912# ifdef RLIMIT_MEMLOCK 913 && -1 != DFLT_RLIMIT_MEMLOCK 914# endif 915 && 0 != mlockall(MCL_CURRENT|MCL_FUTURE)) 916 msyslog(LOG_ERR, "mlockall(): %m"); 917# else /* !HAVE_MLOCKALL follows */ 918# ifdef HAVE_PLOCK 919# ifdef PROCLOCK 920 /* 921 * lock the process into memory 922 */ 923 if (!HAVE_OPT(SAVECONFIGQUIT) && 0 != plock(PROCLOCK)) 924 msyslog(LOG_ERR, "plock(PROCLOCK): %m"); 925# else /* !PROCLOCK follows */ 926# ifdef TXTLOCK 927 /* 928 * Lock text into ram 929 */ 930 if (!HAVE_OPT(SAVECONFIGQUIT) && 0 != plock(TXTLOCK)) 931 msyslog(LOG_ERR, "plock(TXTLOCK) error: %m"); 932# else /* !TXTLOCK follows */ 933 msyslog(LOG_ERR, "plock() - don't know what to lock!"); 934# endif /* !TXTLOCK */ 935# endif /* !PROCLOCK */ 936# endif /* HAVE_PLOCK */ 937# endif /* !HAVE_MLOCKALL */ 938 } 939 940 loop_config(LOOP_DRIFTINIT, 0); 941 report_event(EVNT_SYSRESTART, NULL, NULL); 942 initializing = FALSE; 943 944# ifdef HAVE_DROPROOT 945 if (droproot) { 946 947#ifdef NEED_EARLY_FORK 948 fork_nonchroot_worker(); 949#endif 950 951 /* Drop super-user privileges and chroot now if the OS supports this */ 952 953# ifdef HAVE_LINUX_CAPABILITIES 954 /* set flag: keep privileges accross setuid() call (we only really need cap_sys_time): */ 955 if (prctl( PR_SET_KEEPCAPS, 1L, 0L, 0L, 0L ) == -1) { 956 msyslog( LOG_ERR, "prctl( PR_SET_KEEPCAPS, 1L ) failed: %m" ); 957 exit(-1); 958 } 959# elif HAVE_SOLARIS_PRIVS 960 /* Nothing to do here */ 961# else 962 /* we need a user to switch to */ 963 if (user == NULL) { 964 msyslog(LOG_ERR, "Need user name to drop root privileges (see -u flag!)" ); 965 exit(-1); 966 } 967# endif /* HAVE_LINUX_CAPABILITIES || HAVE_SOLARIS_PRIVS */ 968 969 if (user != NULL) { 970 if (isdigit((unsigned char)*user)) { 971 sw_uid = (uid_t)strtoul(user, &endp, 0); 972 if (*endp != '\0') 973 goto getuser; 974 975 if ((pw = getpwuid(sw_uid)) != NULL) { 976 free(user); 977 user = estrdup(pw->pw_name); 978 sw_gid = pw->pw_gid; 979 } else { 980 errno = 0; 981 msyslog(LOG_ERR, "Cannot find user ID %s", user); 982 exit (-1); 983 } 984 985 } else { 986getuser: 987 errno = 0; 988 if ((pw = getpwnam(user)) != NULL) { 989 sw_uid = pw->pw_uid; 990 sw_gid = pw->pw_gid; 991 } else { 992 if (errno) 993 msyslog(LOG_ERR, "getpwnam(%s) failed: %m", user); 994 else 995 msyslog(LOG_ERR, "Cannot find user `%s'", user); 996 exit (-1); 997 } 998 } 999 } 1000 if (group != NULL) { 1001 if (isdigit((unsigned char)*group)) { 1002 sw_gid = (gid_t)strtoul(group, &endp, 0); 1003 if (*endp != '\0') 1004 goto getgroup; 1005 } else { 1006getgroup: 1007 if ((gr = getgrnam(group)) != NULL) { 1008 sw_gid = gr->gr_gid; 1009 } else { 1010 errno = 0; 1011 msyslog(LOG_ERR, "Cannot find group `%s'", group); 1012 exit (-1); 1013 } 1014 } 1015 } 1016 1017 if (chrootdir ) { 1018 /* make sure cwd is inside the jail: */ 1019 if (chdir(chrootdir)) { 1020 msyslog(LOG_ERR, "Cannot chdir() to `%s': %m", chrootdir); 1021 exit (-1); 1022 } 1023 if (chroot(chrootdir)) { 1024 msyslog(LOG_ERR, "Cannot chroot() to `%s': %m", chrootdir); 1025 exit (-1); 1026 } 1027 if (chdir("/")) { 1028 msyslog(LOG_ERR, "Cannot chdir() to`root after chroot(): %m"); 1029 exit (-1); 1030 } 1031 } 1032# ifdef HAVE_SOLARIS_PRIVS 1033 if ((lowprivs = priv_str_to_set(LOWPRIVS, ",", NULL)) == NULL) { 1034 msyslog(LOG_ERR, "priv_str_to_set() failed:%m"); 1035 exit(-1); 1036 } 1037 if ((highprivs = priv_allocset()) == NULL) { 1038 msyslog(LOG_ERR, "priv_allocset() failed:%m"); 1039 exit(-1); 1040 } 1041 (void) getppriv(PRIV_PERMITTED, highprivs); 1042 (void) priv_intersect(highprivs, lowprivs); 1043 if (setppriv(PRIV_SET, PRIV_PERMITTED, lowprivs) == -1) { 1044 msyslog(LOG_ERR, "setppriv() failed:%m"); 1045 exit(-1); 1046 } 1047# endif /* HAVE_SOLARIS_PRIVS */ 1048 if (user && initgroups(user, sw_gid)) { 1049 msyslog(LOG_ERR, "Cannot initgroups() to user `%s': %m", user); 1050 exit (-1); 1051 } 1052 if (group && setgid(sw_gid)) { 1053 msyslog(LOG_ERR, "Cannot setgid() to group `%s': %m", group); 1054 exit (-1); 1055 } 1056 if (group && setegid(sw_gid)) { 1057 msyslog(LOG_ERR, "Cannot setegid() to group `%s': %m", group); 1058 exit (-1); 1059 } 1060 if (group) { 1061 if (0 != setgroups(1, &sw_gid)) { 1062 msyslog(LOG_ERR, "setgroups(1, %d) failed: %m", sw_gid); 1063 exit (-1); 1064 } 1065 } 1066 else if (pw) 1067 if (0 != initgroups(pw->pw_name, pw->pw_gid)) { 1068 msyslog(LOG_ERR, "initgroups(<%s>, %d) filed: %m", pw->pw_name, pw->pw_gid); 1069 exit (-1); 1070 } 1071 if (user && setuid(sw_uid)) { 1072 msyslog(LOG_ERR, "Cannot setuid() to user `%s': %m", user); 1073 exit (-1); 1074 } 1075 if (user && seteuid(sw_uid)) { 1076 msyslog(LOG_ERR, "Cannot seteuid() to user `%s': %m", user); 1077 exit (-1); 1078 } 1079 1080# if !defined(HAVE_LINUX_CAPABILITIES) && !defined(HAVE_SOLARIS_PRIVS) 1081 /* 1082 * for now assume that the privilege to bind to privileged ports 1083 * is associated with running with uid 0 - should be refined on 1084 * ports that allow binding to NTP_PORT with uid != 0 1085 */ 1086 disable_dynamic_updates |= (sw_uid != 0); /* also notifies routing message listener */ 1087# endif /* !HAVE_LINUX_CAPABILITIES && !HAVE_SOLARIS_PRIVS */ 1088 1089 if (disable_dynamic_updates && interface_interval) { 1090 interface_interval = 0; 1091 msyslog(LOG_INFO, "running as non-root disables dynamic interface tracking"); 1092 } 1093 1094# ifdef HAVE_LINUX_CAPABILITIES 1095 { 1096 /* 1097 * We may be running under non-root uid now, but we still hold full root privileges! 1098 * We drop all of them, except for the crucial one or two: cap_sys_time and 1099 * cap_net_bind_service if doing dynamic interface tracking. 1100 */ 1101 cap_t caps; 1102 char *captext; 1103 1104 captext = (0 != interface_interval) 1105 ? "cap_sys_time,cap_net_bind_service=pe" 1106 : "cap_sys_time=pe"; 1107 caps = cap_from_text(captext); 1108 if (!caps) { 1109 msyslog(LOG_ERR, 1110 "cap_from_text(%s) failed: %m", 1111 captext); 1112 exit(-1); 1113 } 1114 if (-1 == cap_set_proc(caps)) { 1115 msyslog(LOG_ERR, 1116 "cap_set_proc() failed to drop root privs: %m"); 1117 exit(-1); 1118 } 1119 cap_free(caps); 1120 } 1121# endif /* HAVE_LINUX_CAPABILITIES */ 1122# ifdef HAVE_SOLARIS_PRIVS 1123 if (priv_delset(lowprivs, "proc_setid") == -1) { 1124 msyslog(LOG_ERR, "priv_delset() failed:%m"); 1125 exit(-1); 1126 } 1127 if (setppriv(PRIV_SET, PRIV_PERMITTED, lowprivs) == -1) { 1128 msyslog(LOG_ERR, "setppriv() failed:%m"); 1129 exit(-1); 1130 } 1131 priv_freeset(lowprivs); 1132 priv_freeset(highprivs); 1133# endif /* HAVE_SOLARIS_PRIVS */ 1134 root_dropped = TRUE; 1135 fork_deferred_worker(); 1136 } /* if (droproot) */ 1137# endif /* HAVE_DROPROOT */ 1138 1139/* libssecomp sandboxing */ 1140#if defined (LIBSECCOMP) && (KERN_SECCOMP) 1141 scmp_filter_ctx ctx; 1142 1143 if ((ctx = seccomp_init(SCMP_ACT_KILL)) < 0) 1144 msyslog(LOG_ERR, "%s: seccomp_init(SCMP_ACT_KILL) failed: %m", __func__); 1145 else { 1146 msyslog(LOG_DEBUG, "%s: seccomp_init(SCMP_ACT_KILL) succeeded", __func__); 1147 } 1148 1149#ifdef __x86_64__ 1150int scmp_sc[] = { 1151 SCMP_SYS(adjtimex), 1152 SCMP_SYS(bind), 1153 SCMP_SYS(brk), 1154 SCMP_SYS(chdir), 1155 SCMP_SYS(clock_gettime), 1156 SCMP_SYS(clock_settime), 1157 SCMP_SYS(close), 1158 SCMP_SYS(connect), 1159 SCMP_SYS(exit_group), 1160 SCMP_SYS(fstat), 1161 SCMP_SYS(fsync), 1162 SCMP_SYS(futex), 1163 SCMP_SYS(getitimer), 1164 SCMP_SYS(getsockname), 1165 SCMP_SYS(ioctl), 1166 SCMP_SYS(lseek), 1167 SCMP_SYS(madvise), 1168 SCMP_SYS(mmap), 1169 SCMP_SYS(munmap), 1170 SCMP_SYS(open), 1171 SCMP_SYS(poll), 1172 SCMP_SYS(read), 1173 SCMP_SYS(recvmsg), 1174 SCMP_SYS(rename), 1175 SCMP_SYS(rt_sigaction), 1176 SCMP_SYS(rt_sigprocmask), 1177 SCMP_SYS(rt_sigreturn), 1178 SCMP_SYS(select), 1179 SCMP_SYS(sendto), 1180 SCMP_SYS(setitimer), 1181 SCMP_SYS(setsid), 1182 SCMP_SYS(socket), 1183 SCMP_SYS(stat), 1184 SCMP_SYS(time), 1185 SCMP_SYS(write), 1186}; 1187#endif 1188#ifdef __i386__ 1189int scmp_sc[] = { 1190 SCMP_SYS(_newselect), 1191 SCMP_SYS(adjtimex), 1192 SCMP_SYS(brk), 1193 SCMP_SYS(chdir), 1194 SCMP_SYS(clock_gettime), 1195 SCMP_SYS(clock_settime), 1196 SCMP_SYS(close), 1197 SCMP_SYS(exit_group), 1198 SCMP_SYS(fsync), 1199 SCMP_SYS(futex), 1200 SCMP_SYS(getitimer), 1201 SCMP_SYS(madvise), 1202 SCMP_SYS(mmap), 1203 SCMP_SYS(mmap2), 1204 SCMP_SYS(munmap), 1205 SCMP_SYS(open), 1206 SCMP_SYS(poll), 1207 SCMP_SYS(read), 1208 SCMP_SYS(rename), 1209 SCMP_SYS(rt_sigaction), 1210 SCMP_SYS(rt_sigprocmask), 1211 SCMP_SYS(select), 1212 SCMP_SYS(setitimer), 1213 SCMP_SYS(setsid), 1214 SCMP_SYS(sigprocmask), 1215 SCMP_SYS(sigreturn), 1216 SCMP_SYS(socketcall), 1217 SCMP_SYS(stat64), 1218 SCMP_SYS(time), 1219 SCMP_SYS(write), 1220}; 1221#endif 1222 { 1223 int i; 1224 1225 for (i = 0; i < COUNTOF(scmp_sc); i++) { 1226 if (seccomp_rule_add(ctx, 1227 SCMP_ACT_ALLOW, scmp_sc[i], 0) < 0) { 1228 msyslog(LOG_ERR, 1229 "%s: seccomp_rule_add() failed: %m", 1230 __func__); 1231 } 1232 } 1233 } 1234 1235 if (seccomp_load(ctx) < 0) 1236 msyslog(LOG_ERR, "%s: seccomp_load() failed: %m", 1237 __func__); 1238 else { 1239 msyslog(LOG_DEBUG, "%s: seccomp_load() succeeded", __func__); 1240 } 1241#endif /* LIBSECCOMP and KERN_SECCOMP */ 1242 1243# ifdef HAVE_IO_COMPLETION_PORT 1244 1245 for (;;) { 1246#if !defined(SIM) && defined(SIGDIE1) 1247 if (signalled) 1248 finish_safe(signo); 1249#endif 1250 GetReceivedBuffers(); 1251# else /* normal I/O */ 1252 1253 BLOCK_IO_AND_ALARM(); 1254 was_alarmed = FALSE; 1255 1256 for (;;) { 1257#if !defined(SIM) && defined(SIGDIE1) 1258 if (signalled) 1259 finish_safe(signo); 1260#endif 1261 if (alarm_flag) { /* alarmed? */ 1262 was_alarmed = TRUE; 1263 alarm_flag = FALSE; 1264 } 1265 1266 /* collect async name/addr results */ 1267 if (!was_alarmed) 1268 harvest_blocking_responses(); 1269 1270 if (!was_alarmed && !has_full_recv_buffer()) { 1271 /* 1272 * Nothing to do. Wait for something. 1273 */ 1274 io_handler(); 1275 } 1276 1277 if (alarm_flag) { /* alarmed? */ 1278 was_alarmed = TRUE; 1279 alarm_flag = FALSE; 1280 } 1281 1282 if (was_alarmed) { 1283 UNBLOCK_IO_AND_ALARM(); 1284 /* 1285 * Out here, signals are unblocked. Call timer routine 1286 * to process expiry. 1287 */ 1288 timer(); 1289 was_alarmed = FALSE; 1290 BLOCK_IO_AND_ALARM(); 1291 } 1292 1293# endif /* !HAVE_IO_COMPLETION_PORT */ 1294 1295# ifdef DEBUG_TIMING 1296 { 1297 l_fp pts; 1298 l_fp tsa, tsb; 1299 int bufcount = 0; 1300 1301 get_systime(&pts); 1302 tsa = pts; 1303# endif 1304 rbuf = get_full_recv_buffer(); 1305 while (rbuf != NULL) { 1306 if (alarm_flag) { 1307 was_alarmed = TRUE; 1308 alarm_flag = FALSE; 1309 } 1310 UNBLOCK_IO_AND_ALARM(); 1311 1312 if (was_alarmed) { 1313 /* avoid timer starvation during lengthy I/O handling */ 1314 timer(); 1315 was_alarmed = FALSE; 1316 } 1317 1318 /* 1319 * Call the data procedure to handle each received 1320 * packet. 1321 */ 1322 if (rbuf->receiver != NULL) { 1323# ifdef DEBUG_TIMING 1324 l_fp dts = pts; 1325 1326 L_SUB(&dts, &rbuf->recv_time); 1327 DPRINTF(2, ("processing timestamp delta %s (with prec. fuzz)\n", lfptoa(&dts, 9))); 1328 collect_timing(rbuf, "buffer processing delay", 1, &dts); 1329 bufcount++; 1330# endif 1331 (*rbuf->receiver)(rbuf); 1332 } else { 1333 msyslog(LOG_ERR, "fatal: receive buffer callback NULL"); 1334 abort(); 1335 } 1336 1337 BLOCK_IO_AND_ALARM(); 1338 freerecvbuf(rbuf); 1339 rbuf = get_full_recv_buffer(); 1340 } 1341# ifdef DEBUG_TIMING 1342 get_systime(&tsb); 1343 L_SUB(&tsb, &tsa); 1344 if (bufcount) { 1345 collect_timing(NULL, "processing", bufcount, &tsb); 1346 DPRINTF(2, ("processing time for %d buffers %s\n", bufcount, lfptoa(&tsb, 9))); 1347 } 1348 } 1349# endif 1350 1351 /* 1352 * Go around again 1353 */ 1354 1355# ifdef HAVE_DNSREGISTRATION 1356 if (mdnsreg && (current_time - mdnsreg ) > 60 && mdnstries && sys_leap != LEAP_NOTINSYNC) { 1357 mdnsreg = current_time; 1358 msyslog(LOG_INFO, "Attempting to register mDNS"); 1359 if ( DNSServiceRegister (&mdns, 0, 0, NULL, "_ntp._udp", NULL, NULL, 1360 htons(NTP_PORT), 0, NULL, NULL, NULL) != kDNSServiceErr_NoError ) { 1361 if (!--mdnstries) { 1362 msyslog(LOG_ERR, "Unable to register mDNS, giving up."); 1363 } else { 1364 msyslog(LOG_INFO, "Unable to register mDNS, will try later."); 1365 } 1366 } else { 1367 msyslog(LOG_INFO, "mDNS service registered."); 1368 mdnsreg = FALSE; 1369 } 1370 } 1371# endif /* HAVE_DNSREGISTRATION */ 1372 1373 } 1374 UNBLOCK_IO_AND_ALARM(); 1375 return 1; 1376} 1377#endif /* !SIM */ 1378 1379 1380#if !defined(SIM) && defined(SIGDIE1) 1381/* 1382 * finish - exit gracefully 1383 */ 1384static void 1385finish_safe( 1386 int sig 1387 ) 1388{ 1389 const char *sig_desc; 1390 1391 sig_desc = NULL; 1392#ifdef HAVE_STRSIGNAL 1393 sig_desc = strsignal(sig); 1394#endif 1395 if (sig_desc == NULL) 1396 sig_desc = ""; 1397 msyslog(LOG_NOTICE, "%s exiting on signal %d (%s)", progname, 1398 sig, sig_desc); 1399 /* See Bug 2513 and Bug 2522 re the unlink of PIDFILE */ 1400# ifdef HAVE_DNSREGISTRATION 1401 if (mdns != NULL) 1402 DNSServiceRefDeallocate(mdns); 1403# endif 1404 peer_cleanup(); 1405 exit(0); 1406} 1407 1408static RETSIGTYPE 1409finish( 1410 int sig 1411 ) 1412{ 1413 signalled = 1; 1414 signo = sig; 1415} 1416 1417#endif /* !SIM && SIGDIE1 */ 1418 1419 1420#ifndef SIM 1421/* 1422 * wait_child_sync_if - implements parent side of -w/--wait-sync 1423 */ 1424# ifdef HAVE_WORKING_FORK 1425static int 1426wait_child_sync_if( 1427 int pipe_read_fd, 1428 long wait_sync 1429 ) 1430{ 1431 int rc; 1432 int exit_code; 1433 time_t wait_end_time; 1434 time_t cur_time; 1435 time_t wait_rem; 1436 fd_set readset; 1437 struct timeval wtimeout; 1438 1439 if (0 == wait_sync) 1440 return 0; 1441 1442 /* waitsync_fd_to_close used solely by child */ 1443 close(waitsync_fd_to_close); 1444 wait_end_time = time(NULL) + wait_sync; 1445 do { 1446 cur_time = time(NULL); 1447 wait_rem = (wait_end_time > cur_time) 1448 ? (wait_end_time - cur_time) 1449 : 0; 1450 wtimeout.tv_sec = wait_rem; 1451 wtimeout.tv_usec = 0; 1452 FD_ZERO(&readset); 1453 FD_SET(pipe_read_fd, &readset); 1454 rc = select(pipe_read_fd + 1, &readset, NULL, NULL, 1455 &wtimeout); 1456 if (-1 == rc) { 1457 if (EINTR == errno) 1458 continue; 1459 exit_code = (errno) ? errno : -1; 1460 msyslog(LOG_ERR, 1461 "--wait-sync select failed: %m"); 1462 return exit_code; 1463 } 1464 if (0 == rc) { 1465 /* 1466 * select() indicated a timeout, but in case 1467 * its timeouts are affected by a step of the 1468 * system clock, select() again with a zero 1469 * timeout to confirm. 1470 */ 1471 FD_ZERO(&readset); 1472 FD_SET(pipe_read_fd, &readset); 1473 wtimeout.tv_sec = 0; 1474 wtimeout.tv_usec = 0; 1475 rc = select(pipe_read_fd + 1, &readset, NULL, 1476 NULL, &wtimeout); 1477 if (0 == rc) /* select() timeout */ 1478 break; 1479 else /* readable */ 1480 return 0; 1481 } else /* readable */ 1482 return 0; 1483 } while (wait_rem > 0); 1484 1485 fprintf(stderr, "%s: -w/--wait-sync %ld timed out.\n", 1486 progname, wait_sync); 1487 return ETIMEDOUT; 1488} 1489# endif /* HAVE_WORKING_FORK */ 1490 1491 1492/* 1493 * assertion_failed - Redirect assertion failures to msyslog(). 1494 */ 1495static void 1496assertion_failed( 1497 const char *file, 1498 int line, 1499 isc_assertiontype_t type, 1500 const char *cond 1501 ) 1502{ 1503 isc_assertion_setcallback(NULL); /* Avoid recursion */ 1504 1505 msyslog(LOG_ERR, "%s:%d: %s(%s) failed", 1506 file, line, isc_assertion_typetotext(type), cond); 1507 msyslog(LOG_ERR, "exiting (due to assertion failure)"); 1508 1509#if defined(DEBUG) && defined(SYS_WINNT) 1510 if (debug) 1511 DebugBreak(); 1512#endif 1513 1514 abort(); 1515} 1516 1517 1518/* 1519 * library_fatal_error - Handle fatal errors from our libraries. 1520 */ 1521static void 1522library_fatal_error( 1523 const char *file, 1524 int line, 1525 const char *format, 1526 va_list args 1527 ) 1528{ 1529 char errbuf[256]; 1530 1531 isc_error_setfatal(NULL); /* Avoid recursion */ 1532 1533 msyslog(LOG_ERR, "%s:%d: fatal error:", file, line); 1534 vsnprintf(errbuf, sizeof(errbuf), format, args); 1535 msyslog(LOG_ERR, "%s", errbuf); 1536 msyslog(LOG_ERR, "exiting (due to fatal error in library)"); 1537 1538#if defined(DEBUG) && defined(SYS_WINNT) 1539 if (debug) 1540 DebugBreak(); 1541#endif 1542 1543 abort(); 1544} 1545 1546 1547/* 1548 * library_unexpected_error - Handle non fatal errors from our libraries. 1549 */ 1550# define MAX_UNEXPECTED_ERRORS 100 1551int unexpected_error_cnt = 0; 1552static void 1553library_unexpected_error( 1554 const char *file, 1555 int line, 1556 const char *format, 1557 va_list args 1558 ) 1559{ 1560 char errbuf[256]; 1561 1562 if (unexpected_error_cnt >= MAX_UNEXPECTED_ERRORS) 1563 return; /* avoid clutter in log */ 1564 1565 msyslog(LOG_ERR, "%s:%d: unexpected error:", file, line); 1566 vsnprintf(errbuf, sizeof(errbuf), format, args); 1567 msyslog(LOG_ERR, "%s", errbuf); 1568 1569 if (++unexpected_error_cnt == MAX_UNEXPECTED_ERRORS) 1570 msyslog(LOG_ERR, "Too many errors. Shutting up."); 1571 1572} 1573#endif /* !SIM */ 1574 1575#if !defined(SIM) && !defined(SYS_WINNT) 1576# ifdef DEBUG 1577 1578/* 1579 * moredebug - increase debugging verbosity 1580 */ 1581static RETSIGTYPE 1582moredebug( 1583 int sig 1584 ) 1585{ 1586 int saved_errno = errno; 1587 1588 if (debug < 255) 1589 { 1590 debug++; 1591 msyslog(LOG_DEBUG, "debug raised to %d", debug); 1592 } 1593 errno = saved_errno; 1594} 1595 1596 1597/* 1598 * lessdebug - decrease debugging verbosity 1599 */ 1600static RETSIGTYPE 1601lessdebug( 1602 int sig 1603 ) 1604{ 1605 int saved_errno = errno; 1606 1607 if (debug > 0) 1608 { 1609 debug--; 1610 msyslog(LOG_DEBUG, "debug lowered to %d", debug); 1611 } 1612 errno = saved_errno; 1613} 1614 1615# else /* !DEBUG follows */ 1616 1617 1618/* 1619 * no_debug - We don't do the debug here. 1620 */ 1621static RETSIGTYPE 1622no_debug( 1623 int sig 1624 ) 1625{ 1626 int saved_errno = errno; 1627 1628 msyslog(LOG_DEBUG, "ntpd not compiled for debugging (signal %d)", sig); 1629 errno = saved_errno; 1630} 1631# endif /* !DEBUG */ 1632#endif /* !SIM && !SYS_WINNT */ 1633