Commit | Line | Data |
---|---|---|
059ec3d9 PH |
1 | /************************************************* |
2 | * Exim - an Internet mail transport agent * | |
3 | *************************************************/ | |
4 | ||
5a66c31b | 5 | /* Copyright (c) University of Cambridge 1995 - 2014 */ |
059ec3d9 PH |
6 | /* See the file NOTICE for conditions of use and distribution. */ |
7 | ||
8 | /* Functions concerned with running Exim as a daemon */ | |
9 | ||
10 | ||
11 | #include "exim.h" | |
12 | ||
13 | ||
14 | /* Structure for holding data for each SMTP connection */ | |
15 | ||
16 | typedef struct smtp_slot { | |
17 | pid_t pid; /* pid of the spawned reception process */ | |
18 | uschar *host_address; /* address of the client host */ | |
19 | } smtp_slot; | |
20 | ||
21 | /* An empty slot for initializing (Standard C does not allow constructor | |
22 | expressions in assigments except as initializers in declarations). */ | |
23 | ||
24 | static smtp_slot empty_smtp_slot = { 0, NULL }; | |
25 | ||
26 | ||
27 | ||
28 | /************************************************* | |
29 | * Local static variables * | |
30 | *************************************************/ | |
31 | ||
cd59ab18 PP |
32 | static SIGNAL_BOOL sigchld_seen; |
33 | static SIGNAL_BOOL sighup_seen; | |
059ec3d9 PH |
34 | |
35 | static int accept_retry_count = 0; | |
36 | static int accept_retry_errno; | |
37 | static BOOL accept_retry_select_failed; | |
38 | ||
39 | static int queue_run_count = 0; | |
bb6e88ff PH |
40 | static pid_t *queue_pid_slots = NULL; |
41 | static smtp_slot *smtp_slots = NULL; | |
059ec3d9 PH |
42 | |
43 | static BOOL write_pid = TRUE; | |
44 | ||
45 | ||
46 | ||
47 | /************************************************* | |
48 | * SIGHUP Handler * | |
49 | *************************************************/ | |
50 | ||
51 | /* All this handler does is to set a flag and re-enable the signal. | |
52 | ||
53 | Argument: the signal number | |
54 | Returns: nothing | |
55 | */ | |
56 | ||
57 | static void | |
58 | sighup_handler(int sig) | |
59 | { | |
60 | sig = sig; /* Keep picky compilers happy */ | |
61 | sighup_seen = TRUE; | |
62 | signal(SIGHUP, sighup_handler); | |
63 | } | |
64 | ||
65 | ||
66 | ||
67 | /************************************************* | |
68 | * SIGCHLD handler for main daemon process * | |
69 | *************************************************/ | |
70 | ||
71 | /* Don't re-enable the handler here, since we aren't doing the | |
72 | waiting here. If the signal is re-enabled, there will just be an | |
73 | infinite sequence of calls to this handler. The SIGCHLD signal is | |
74 | used just as a means of waking up the daemon so that it notices | |
75 | terminated subprocesses as soon as possible. | |
76 | ||
77 | Argument: the signal number | |
78 | Returns: nothing | |
79 | */ | |
80 | ||
81 | static void | |
82 | main_sigchld_handler(int sig) | |
83 | { | |
84 | sig = sig; /* Keep picky compilers happy */ | |
7d468ab8 | 85 | os_non_restarting_signal(SIGCHLD, SIG_DFL); |
059ec3d9 | 86 | sigchld_seen = TRUE; |
059ec3d9 PH |
87 | } |
88 | ||
89 | ||
90 | ||
91 | ||
92 | /************************************************* | |
93 | * Unexpected errors in SMTP calls * | |
94 | *************************************************/ | |
95 | ||
96 | /* This function just saves a bit of repetitious coding. | |
97 | ||
98 | Arguments: | |
99 | log_msg Text of message to be logged | |
100 | smtp_msg Text of SMTP error message | |
101 | was_errno The failing errno | |
102 | ||
103 | Returns: nothing | |
104 | */ | |
105 | ||
106 | static void | |
107 | never_error(uschar *log_msg, uschar *smtp_msg, int was_errno) | |
108 | { | |
109 | uschar *emsg = (was_errno <= 0)? US"" : | |
110 | string_sprintf(": %s", strerror(was_errno)); | |
111 | log_write(0, LOG_MAIN|LOG_PANIC, "%s%s", log_msg, emsg); | |
112 | if (smtp_out != NULL) smtp_printf("421 %s\r\n", smtp_msg); | |
113 | } | |
114 | ||
115 | ||
116 | ||
117 | ||
118 | /************************************************* | |
119 | * Handle a connected SMTP call * | |
120 | *************************************************/ | |
121 | ||
122 | /* This function is called when an SMTP connection has been accepted. | |
123 | If there are too many, give an error message and close down. Otherwise | |
124 | spin off a sub-process to handle the call. The list of listening sockets | |
125 | is required so that they can be closed in the sub-process. Take care not to | |
126 | leak store in this process - reset the stacking pool at the end. | |
127 | ||
128 | Arguments: | |
129 | listen_sockets sockets which are listening for incoming calls | |
130 | listen_socket_count count of listening sockets | |
131 | accept_socket socket of the current accepted call | |
132 | accepted socket information about the current call | |
133 | ||
134 | Returns: nothing | |
135 | */ | |
136 | ||
137 | static void | |
138 | handle_smtp_call(int *listen_sockets, int listen_socket_count, | |
139 | int accept_socket, struct sockaddr *accepted) | |
140 | { | |
141 | pid_t pid; | |
142 | union sockaddr_46 interface_sockaddr; | |
36a3b041 | 143 | EXIM_SOCKLEN_T ifsize = sizeof(interface_sockaddr); |
059ec3d9 PH |
144 | int dup_accept_socket = -1; |
145 | int max_for_this_host = 0; | |
146 | int wfsize = 0; | |
147 | int wfptr = 0; | |
148 | int use_log_write_selector = log_write_selector; | |
149 | uschar *whofrom = NULL; | |
150 | ||
151 | void *reset_point = store_get(0); | |
152 | ||
153 | /* Make the address available in ASCII representation, and also fish out | |
154 | the remote port. */ | |
155 | ||
156 | sender_host_address = host_ntoa(-1, accepted, NULL, &sender_host_port); | |
157 | DEBUG(D_any) debug_printf("Connection request from %s port %d\n", | |
158 | sender_host_address, sender_host_port); | |
159 | ||
160 | /* Set up the output stream, check the socket has duplicated, and set up the | |
161 | input stream. These operations fail only the exceptional circumstances. Note | |
162 | that never_error() won't use smtp_out if it is NULL. */ | |
163 | ||
164 | smtp_out = fdopen(accept_socket, "wb"); | |
165 | if (smtp_out == NULL) | |
166 | { | |
167 | never_error(US"daemon: fdopen() for smtp_out failed", US"", errno); | |
168 | goto ERROR_RETURN; | |
169 | } | |
170 | ||
171 | dup_accept_socket = dup(accept_socket); | |
172 | if (dup_accept_socket < 0) | |
173 | { | |
174 | never_error(US"daemon: couldn't dup socket descriptor", | |
175 | US"Connection setup failed", errno); | |
176 | goto ERROR_RETURN; | |
177 | } | |
178 | ||
179 | smtp_in = fdopen(dup_accept_socket, "rb"); | |
180 | if (smtp_in == NULL) | |
181 | { | |
182 | never_error(US"daemon: fdopen() for smtp_in failed", | |
183 | US"Connection setup failed", errno); | |
184 | goto ERROR_RETURN; | |
185 | } | |
186 | ||
520de300 PH |
187 | /* Get the data for the local interface address. Panic for most errors, but |
188 | "connection reset by peer" just means the connection went away. */ | |
059ec3d9 PH |
189 | |
190 | if (getsockname(accept_socket, (struct sockaddr *)(&interface_sockaddr), | |
191 | &ifsize) < 0) | |
192 | { | |
520de300 PH |
193 | log_write(0, LOG_MAIN | ((errno == ECONNRESET)? 0 : LOG_PANIC), |
194 | "getsockname() failed: %s", strerror(errno)); | |
059ec3d9 PH |
195 | smtp_printf("421 Local problem: getsockname() failed; please try again later\r\n"); |
196 | goto ERROR_RETURN; | |
197 | } | |
198 | ||
199 | interface_address = host_ntoa(-1, &interface_sockaddr, NULL, &interface_port); | |
200 | DEBUG(D_interface) debug_printf("interface address=%s port=%d\n", | |
201 | interface_address, interface_port); | |
202 | ||
203 | /* Build a string identifying the remote host and, if requested, the port and | |
204 | the local interface data. This is for logging; at the end of this function the | |
205 | memory is reclaimed. */ | |
206 | ||
207 | whofrom = string_append(whofrom, &wfsize, &wfptr, 3, "[", sender_host_address, "]"); | |
208 | ||
209 | if ((log_extra_selector & LX_incoming_port) != 0) | |
210 | whofrom = string_append(whofrom, &wfsize, &wfptr, 2, ":", string_sprintf("%d", | |
211 | sender_host_port)); | |
212 | ||
213 | if ((log_extra_selector & LX_incoming_interface) != 0) | |
214 | whofrom = string_append(whofrom, &wfsize, &wfptr, 4, " I=[", | |
215 | interface_address, "]:", string_sprintf("%d", interface_port)); | |
216 | ||
217 | whofrom[wfptr] = 0; /* Terminate the newly-built string */ | |
218 | ||
219 | /* Check maximum number of connections. We do not check for reserved | |
220 | connections or unacceptable hosts here. That is done in the subprocess because | |
221 | it might take some time. */ | |
222 | ||
223 | if (smtp_accept_max > 0 && smtp_accept_count >= smtp_accept_max) | |
224 | { | |
225 | DEBUG(D_any) debug_printf("rejecting SMTP connection: count=%d max=%d\n", | |
226 | smtp_accept_count, smtp_accept_max); | |
227 | smtp_printf("421 Too many concurrent SMTP connections; " | |
228 | "please try again later.\r\n"); | |
229 | log_write(L_connection_reject, | |
230 | LOG_MAIN, "Connection from %s refused: too many connections", | |
231 | whofrom); | |
232 | goto ERROR_RETURN; | |
233 | } | |
234 | ||
235 | /* If a load limit above which only reserved hosts are acceptable is defined, | |
236 | get the load average here, and if there are in fact no reserved hosts, do | |
237 | the test right away (saves a fork). If there are hosts, do the check in the | |
238 | subprocess because it might take time. */ | |
239 | ||
240 | if (smtp_load_reserve >= 0) | |
241 | { | |
8669f003 | 242 | load_average = OS_GETLOADAVG(); |
059ec3d9 PH |
243 | if (smtp_reserve_hosts == NULL && load_average > smtp_load_reserve) |
244 | { | |
245 | DEBUG(D_any) debug_printf("rejecting SMTP connection: load average = %.2f\n", | |
246 | (double)load_average/1000.0); | |
247 | smtp_printf("421 Too much load; please try again later.\r\n"); | |
248 | log_write(L_connection_reject, | |
249 | LOG_MAIN, "Connection from %s refused: load average = %.2f", | |
250 | whofrom, (double)load_average/1000.0); | |
251 | goto ERROR_RETURN; | |
252 | } | |
253 | } | |
254 | ||
255 | /* Check that one specific host (strictly, IP address) is not hogging | |
256 | resources. This is done here to prevent a denial of service attack by someone | |
257 | forcing you to fork lots of times before denying service. The value of | |
258 | smtp_accept_max_per_host is a string which is expanded. This makes it possible | |
259 | to provide host-specific limits according to $sender_host address, but because | |
260 | this is in the daemon mainline, only fast expansions (such as inline address | |
261 | checks) should be used. The documentation is full of warnings. */ | |
262 | ||
263 | if (smtp_accept_max_per_host != NULL) | |
264 | { | |
265 | uschar *expanded = expand_string(smtp_accept_max_per_host); | |
266 | if (expanded == NULL) | |
267 | { | |
268 | if (!expand_string_forcedfail) | |
269 | log_write(0, LOG_MAIN|LOG_PANIC, "expansion of smtp_accept_max_per_host " | |
270 | "failed for %s: %s", whofrom, expand_string_message); | |
271 | } | |
272 | /* For speed, interpret a decimal number inline here */ | |
273 | else | |
274 | { | |
275 | uschar *s = expanded; | |
276 | while (isdigit(*s)) | |
277 | max_for_this_host = max_for_this_host * 10 + *s++ - '0'; | |
278 | if (*s != 0) | |
279 | log_write(0, LOG_MAIN|LOG_PANIC, "expansion of smtp_accept_max_per_host " | |
280 | "for %s contains non-digit: %s", whofrom, expanded); | |
281 | } | |
282 | } | |
283 | ||
284 | /* If we have fewer connections than max_for_this_host, we can skip the tedious | |
285 | per host_address checks. Note that at this stage smtp_accept_count contains the | |
286 | count of *other* connections, not including this one. */ | |
287 | ||
288 | if ((max_for_this_host > 0) && | |
289 | (smtp_accept_count >= max_for_this_host)) | |
290 | { | |
291 | int i; | |
292 | int host_accept_count = 0; | |
293 | int other_host_count = 0; /* keep a count of non matches to optimise */ | |
294 | ||
295 | for (i = 0; i < smtp_accept_max; ++i) | |
296 | { | |
297 | if (smtp_slots[i].host_address != NULL) | |
298 | { | |
299 | if (Ustrcmp(sender_host_address, smtp_slots[i].host_address) == 0) | |
300 | host_accept_count++; | |
301 | else | |
302 | other_host_count++; | |
303 | ||
304 | /* Testing all these strings is expensive - see if we can drop out | |
305 | early, either by hitting the target, or finding there are not enough | |
306 | connections left to make the target. */ | |
307 | ||
308 | if ((host_accept_count >= max_for_this_host) || | |
309 | ((smtp_accept_count - other_host_count) < max_for_this_host)) | |
310 | break; | |
311 | } | |
312 | } | |
313 | ||
314 | if (host_accept_count >= max_for_this_host) | |
315 | { | |
316 | DEBUG(D_any) debug_printf("rejecting SMTP connection: too many from this " | |
317 | "IP address: count=%d max=%d\n", | |
318 | host_accept_count, max_for_this_host); | |
319 | smtp_printf("421 Too many concurrent SMTP connections " | |
320 | "from this IP address; please try again later.\r\n"); | |
321 | log_write(L_connection_reject, | |
322 | LOG_MAIN, "Connection from %s refused: too many connections " | |
323 | "from that IP address", whofrom); | |
324 | goto ERROR_RETURN; | |
325 | } | |
326 | } | |
327 | ||
328 | /* OK, the connection count checks have been passed. Before we can fork the | |
329 | accepting process, we must first log the connection if requested. This logging | |
330 | used to happen in the subprocess, but doing that means that the value of | |
331 | smtp_accept_count can be out of step by the time it is logged. So we have to do | |
332 | the logging here and accept the performance cost. Note that smtp_accept_count | |
333 | hasn't yet been incremented to take account of this connection. | |
334 | ||
335 | In order to minimize the cost (because this is going to happen for every | |
336 | connection), do a preliminary selector test here. This saves ploughing through | |
337 | the generalized logging code each time when the selector is false. If the | |
338 | selector is set, check whether the host is on the list for logging. If not, | |
339 | arrange to unset the selector in the subprocess. */ | |
340 | ||
341 | if ((log_write_selector & L_smtp_connection) != 0) | |
342 | { | |
343 | uschar *list = hosts_connection_nolog; | |
344 | if (list != NULL && verify_check_host(&list) == OK) | |
345 | use_log_write_selector &= ~L_smtp_connection; | |
346 | else | |
347 | log_write(L_smtp_connection, LOG_MAIN, "SMTP connection from %s " | |
348 | "(TCP/IP connection count = %d)", whofrom, smtp_accept_count + 1); | |
349 | } | |
350 | ||
351 | /* Now we can fork the accepting process; do a lookup tidy, just in case any | |
352 | expansion above did a lookup. */ | |
353 | ||
354 | search_tidyup(); | |
355 | pid = fork(); | |
356 | ||
357 | /* Handle the child process */ | |
358 | ||
359 | if (pid == 0) | |
360 | { | |
361 | int i; | |
362 | int queue_only_reason = 0; | |
363 | int old_pool = store_pool; | |
8e669ac1 | 364 | int save_debug_selector = debug_selector; |
059ec3d9 | 365 | BOOL local_queue_only; |
8669f003 | 366 | BOOL session_local_queue_only; |
059ec3d9 PH |
367 | #ifdef SA_NOCLDWAIT |
368 | struct sigaction act; | |
369 | #endif | |
370 | ||
b01dd148 PH |
371 | smtp_accept_count++; /* So that it includes this process */ |
372 | ||
059ec3d9 PH |
373 | /* May have been modified for the subprocess */ |
374 | ||
375 | log_write_selector = use_log_write_selector; | |
376 | ||
377 | /* Get the local interface address into permanent store */ | |
378 | ||
379 | store_pool = POOL_PERM; | |
380 | interface_address = string_copy(interface_address); | |
381 | store_pool = old_pool; | |
382 | ||
383 | /* Check for a tls-on-connect port */ | |
384 | ||
817d9f57 | 385 | if (host_is_tls_on_connect_port(interface_port)) tls_in.on_connect = TRUE; |
059ec3d9 PH |
386 | |
387 | /* Expand smtp_active_hostname if required. We do not do this any earlier, | |
388 | because it may depend on the local interface address (indeed, that is most | |
389 | likely what it depends on.) */ | |
390 | ||
391 | smtp_active_hostname = primary_hostname; | |
392 | if (raw_active_hostname != NULL) | |
393 | { | |
394 | uschar *nah = expand_string(raw_active_hostname); | |
395 | if (nah == NULL) | |
396 | { | |
397 | if (!expand_string_forcedfail) | |
398 | { | |
399 | log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand \"%s\" " | |
400 | "(smtp_active_hostname): %s", raw_active_hostname, | |
401 | expand_string_message); | |
402 | smtp_printf("421 Local configuration error; " | |
403 | "please try again later.\r\n"); | |
404 | mac_smtp_fflush(); | |
405 | search_tidyup(); | |
406 | _exit(EXIT_FAILURE); | |
407 | } | |
408 | } | |
409 | else if (nah[0] != 0) smtp_active_hostname = nah; | |
410 | } | |
411 | ||
412 | /* Initialize the queueing flags */ | |
413 | ||
414 | queue_check_only(); | |
8669f003 | 415 | session_local_queue_only = queue_only; |
059ec3d9 PH |
416 | |
417 | /* Close the listening sockets, and set the SIGCHLD handler to SIG_IGN. | |
418 | We also attempt to set things up so that children are automatically reaped, | |
419 | but just in case this isn't available, there's a paranoid waitpid() in the | |
420 | loop too (except for systems where we are sure it isn't needed). See the more | |
421 | extensive comment before the reception loop in exim.c for a fuller | |
422 | explanation of this logic. */ | |
423 | ||
f1e894f3 | 424 | for (i = 0; i < listen_socket_count; i++) (void)close(listen_sockets[i]); |
059ec3d9 | 425 | |
fa32850b DW |
426 | /* Set FD_CLOEXEC on the SMTP socket. We don't want any rogue child processes |
427 | to be able to communicate with them, under any circumstances. */ | |
428 | (void)fcntl(accept_socket, F_SETFD, | |
429 | fcntl(accept_socket, F_GETFD) | FD_CLOEXEC); | |
430 | (void)fcntl(dup_accept_socket, F_SETFD, | |
431 | fcntl(dup_accept_socket, F_GETFD) | FD_CLOEXEC); | |
432 | ||
059ec3d9 PH |
433 | #ifdef SA_NOCLDWAIT |
434 | act.sa_handler = SIG_IGN; | |
435 | sigemptyset(&(act.sa_mask)); | |
436 | act.sa_flags = SA_NOCLDWAIT; | |
437 | sigaction(SIGCHLD, &act, NULL); | |
438 | #else | |
439 | signal(SIGCHLD, SIG_IGN); | |
440 | #endif | |
441 | ||
442 | /* Attempt to get an id from the sending machine via the RFC 1413 | |
443 | protocol. We do this in the sub-process in order not to hold up the | |
444 | main process if there is any delay. Then set up the fullhost information | |
8e669ac1 PH |
445 | in case there is no HELO/EHLO. |
446 | ||
447 | If debugging is enabled only for the daemon, we must turn if off while | |
448 | finding the id, but turn it on again afterwards so that information about the | |
3d235903 | 449 | incoming connection is output. */ |
8e669ac1 | 450 | |
3d235903 | 451 | if (debug_daemon) debug_selector = 0; |
059ec3d9 PH |
452 | verify_get_ident(IDENT_PORT); |
453 | host_build_sender_fullhost(); | |
8e669ac1 | 454 | debug_selector = save_debug_selector; |
059ec3d9 PH |
455 | |
456 | DEBUG(D_any) | |
457 | debug_printf("Process %d is handling incoming connection from %s\n", | |
458 | (int)getpid(), sender_fullhost); | |
459 | ||
3d235903 PH |
460 | /* Now disable debugging permanently if it's required only for the daemon |
461 | process. */ | |
462 | ||
463 | if (debug_daemon) debug_selector = 0; | |
464 | ||
059ec3d9 | 465 | /* If there are too many child processes for immediate delivery, |
8669f003 | 466 | set the session_local_queue_only flag, which is initialized from the |
059ec3d9 | 467 | configured value and may therefore already be TRUE. Leave logging |
8669f003 PH |
468 | till later so it will have a message id attached. Note that there is no |
469 | possibility of re-calculating this per-message, because the value of | |
470 | smtp_accept_count does not change in this subprocess. */ | |
059ec3d9 | 471 | |
b01dd148 | 472 | if (smtp_accept_queue > 0 && smtp_accept_count > smtp_accept_queue) |
059ec3d9 | 473 | { |
8669f003 | 474 | session_local_queue_only = TRUE; |
059ec3d9 PH |
475 | queue_only_reason = 1; |
476 | } | |
477 | ||
478 | /* Handle the start of the SMTP session, then loop, accepting incoming | |
479 | messages from the SMTP connection. The end will come at the QUIT command, | |
480 | when smtp_setup_msg() returns 0. A break in the connection causes the | |
24796b8d PH |
481 | process to die (see accept.c). |
482 | ||
483 | NOTE: We do *not* call smtp_log_no_mail() if smtp_start_session() fails, | |
484 | because a log line has already been written for all its failure exists | |
485 | (usually "connection refused: <reason>") and writing another one is | |
486 | unnecessary clutter. */ | |
059ec3d9 PH |
487 | |
488 | if (!smtp_start_session()) | |
489 | { | |
490 | mac_smtp_fflush(); | |
491 | search_tidyup(); | |
492 | _exit(EXIT_SUCCESS); | |
493 | } | |
494 | ||
495 | for (;;) | |
496 | { | |
497 | int rc; | |
498 | message_id[0] = 0; /* Clear out any previous message_id */ | |
499 | reset_point = store_get(0); /* Save current store high water point */ | |
500 | ||
501 | DEBUG(D_any) | |
502 | debug_printf("Process %d is ready for new message\n", (int)getpid()); | |
503 | ||
504 | /* Smtp_setup_msg() returns 0 on QUIT or if the call is from an | |
505 | unacceptable host or if an ACL "drop" command was triggered, -1 on | |
506 | connection lost, and +1 on validly reaching DATA. Receive_msg() almost | |
507 | always returns TRUE when smtp_input is true; just retry if no message was | |
508 | accepted (can happen for invalid message parameters). However, it can yield | |
509 | FALSE if the connection was forcibly dropped by the DATA ACL. */ | |
510 | ||
511 | if ((rc = smtp_setup_msg()) > 0) | |
512 | { | |
513 | BOOL ok = receive_msg(FALSE); | |
514 | search_tidyup(); /* Close cached databases */ | |
515 | if (!ok) /* Connection was dropped */ | |
516 | { | |
517 | mac_smtp_fflush(); | |
b4ed4da0 | 518 | smtp_log_no_mail(); /* Log no mail if configured */ |
059ec3d9 PH |
519 | _exit(EXIT_SUCCESS); |
520 | } | |
521 | if (message_id[0] == 0) continue; /* No message was accepted */ | |
522 | } | |
523 | else | |
524 | { | |
525 | mac_smtp_fflush(); | |
526 | search_tidyup(); | |
b4ed4da0 | 527 | smtp_log_no_mail(); /* Log no mail if configured */ |
059ec3d9 PH |
528 | _exit((rc == 0)? EXIT_SUCCESS : EXIT_FAILURE); |
529 | } | |
530 | ||
531 | /* Show the recipients when debugging */ | |
532 | ||
533 | DEBUG(D_receive) | |
534 | { | |
535 | int i; | |
536 | if (sender_address != NULL) | |
537 | debug_printf("Sender: %s\n", sender_address); | |
538 | if (recipients_list != NULL) | |
539 | { | |
540 | debug_printf("Recipients:\n"); | |
541 | for (i = 0; i < recipients_count; i++) | |
542 | debug_printf(" %s\n", recipients_list[i].address); | |
543 | } | |
544 | } | |
545 | ||
546 | /* A message has been accepted. Clean up any previous delivery processes | |
547 | that have completed and are defunct, on systems where they don't go away | |
548 | by themselves (see comments when setting SIG_IGN above). On such systems | |
549 | (if any) these delivery processes hang around after termination until | |
550 | the next message is received. */ | |
551 | ||
552 | #ifndef SIG_IGN_WORKS | |
553 | while (waitpid(-1, NULL, WNOHANG) > 0); | |
554 | #endif | |
555 | ||
556 | /* Reclaim up the store used in accepting this message */ | |
557 | ||
558 | store_reset(reset_point); | |
559 | ||
560 | /* If queue_only is set or if there are too many incoming connections in | |
8669f003 PH |
561 | existence, session_local_queue_only will be TRUE. If it is not, check |
562 | whether we have received too many messages in this session for immediate | |
563 | delivery. */ | |
564 | ||
565 | if (!session_local_queue_only && | |
566 | smtp_accept_queue_per_connection > 0 && | |
567 | receive_messagecount > smtp_accept_queue_per_connection) | |
059ec3d9 | 568 | { |
8669f003 PH |
569 | session_local_queue_only = TRUE; |
570 | queue_only_reason = 2; | |
571 | } | |
572 | ||
573 | /* Initialize local_queue_only from session_local_queue_only. If it is not | |
574 | true, and queue_only_load is set, check that the load average is below it. | |
575 | If local_queue_only is set by this means, we also set if for the session if | |
576 | queue_only_load_latch is true (the default). This means that, once set, | |
577 | local_queue_only remains set for any subsequent messages on the same SMTP | |
578 | connection. This is a deliberate choice; even though the load average may | |
579 | fall, it doesn't seem right to deliver later messages on the same call when | |
580 | not delivering earlier ones. However, the are special circumstances such as | |
581 | very long-lived connections from scanning appliances where this is not the | |
582 | best strategy. In such cases, queue_only_load_latch should be set false. */ | |
583 | ||
584 | local_queue_only = session_local_queue_only; | |
585 | if (!local_queue_only && queue_only_load >= 0) | |
586 | { | |
587 | local_queue_only = (load_average = OS_GETLOADAVG()) > queue_only_load; | |
588 | if (local_queue_only) | |
059ec3d9 | 589 | { |
8669f003 PH |
590 | queue_only_reason = 3; |
591 | if (queue_only_load_latch) session_local_queue_only = TRUE; | |
059ec3d9 PH |
592 | } |
593 | } | |
594 | ||
595 | /* Log the queueing here, when it will get a message id attached, but | |
596 | not if queue_only is set (case 0). */ | |
597 | ||
598 | if (local_queue_only) switch(queue_only_reason) | |
599 | { | |
600 | case 1: | |
601 | log_write(L_delay_delivery, | |
602 | LOG_MAIN, "no immediate delivery: too many connections " | |
603 | "(%d, max %d)", smtp_accept_count, smtp_accept_queue); | |
604 | break; | |
605 | ||
606 | case 2: | |
607 | log_write(L_delay_delivery, | |
608 | LOG_MAIN, "no immediate delivery: more than %d messages " | |
609 | "received in one connection", smtp_accept_queue_per_connection); | |
610 | break; | |
611 | ||
612 | case 3: | |
613 | log_write(L_delay_delivery, | |
614 | LOG_MAIN, "no immediate delivery: load average %.2f", | |
615 | (double)load_average/1000.0); | |
616 | break; | |
617 | } | |
618 | ||
619 | /* If a delivery attempt is required, spin off a new process to handle it. | |
620 | If we are not root, we have to re-exec exim unless deliveries are being | |
621 | done unprivileged. */ | |
622 | ||
623 | else if (!queue_only_policy && !deliver_freeze) | |
624 | { | |
625 | pid_t dpid; | |
626 | ||
627 | /* Before forking, ensure that the C output buffer is flushed. Otherwise | |
628 | anything that it in it will get duplicated, leading to duplicate copies | |
629 | of the pending output. */ | |
630 | ||
631 | mac_smtp_fflush(); | |
632 | ||
633 | if ((dpid = fork()) == 0) | |
634 | { | |
f1e894f3 PH |
635 | (void)fclose(smtp_in); |
636 | (void)fclose(smtp_out); | |
059ec3d9 PH |
637 | |
638 | /* Don't ever molest the parent's SSL connection, but do clean up | |
639 | the data structures if necessary. */ | |
640 | ||
641 | #ifdef SUPPORT_TLS | |
a400eccf | 642 | tls_close(TRUE, FALSE); |
059ec3d9 PH |
643 | #endif |
644 | ||
645 | /* Reset SIGHUP and SIGCHLD in the child in both cases. */ | |
646 | ||
647 | signal(SIGHUP, SIG_DFL); | |
648 | signal(SIGCHLD, SIG_DFL); | |
649 | ||
650 | if (geteuid() != root_uid && !deliver_drop_privilege) | |
651 | { | |
652 | signal(SIGALRM, SIG_DFL); | |
653 | (void)child_exec_exim(CEE_EXEC_PANIC, FALSE, NULL, FALSE, 2, US"-Mc", | |
654 | message_id); | |
655 | /* Control does not return here. */ | |
656 | } | |
657 | ||
658 | /* No need to re-exec; SIGALRM remains set to the default handler */ | |
659 | ||
660 | (void)deliver_message(message_id, FALSE, FALSE); | |
661 | search_tidyup(); | |
662 | _exit(EXIT_SUCCESS); | |
663 | } | |
664 | ||
665 | if (dpid > 0) | |
666 | { | |
667 | DEBUG(D_any) debug_printf("forked delivery process %d\n", (int)dpid); | |
668 | } | |
669 | else | |
670 | { | |
671 | log_write(0, LOG_MAIN|LOG_PANIC, "daemon: delivery process fork " | |
672 | "failed: %s", strerror(errno)); | |
673 | } | |
674 | } | |
675 | } | |
676 | } | |
677 | ||
678 | ||
679 | /* Carrying on in the parent daemon process... Can't do much if the fork | |
680 | failed. Otherwise, keep count of the number of accepting processes and | |
681 | remember the pid for ticking off when the child completes. */ | |
682 | ||
683 | if (pid < 0) | |
684 | { | |
685 | never_error(US"daemon: accept process fork failed", US"Fork failed", errno); | |
686 | } | |
687 | else | |
688 | { | |
689 | int i; | |
690 | for (i = 0; i < smtp_accept_max; ++i) | |
691 | { | |
692 | if (smtp_slots[i].pid <= 0) | |
693 | { | |
694 | smtp_slots[i].pid = pid; | |
695 | if (smtp_accept_max_per_host != NULL) | |
696 | smtp_slots[i].host_address = string_copy_malloc(sender_host_address); | |
697 | smtp_accept_count++; | |
698 | break; | |
699 | } | |
700 | } | |
701 | DEBUG(D_any) debug_printf("%d SMTP accept process%s running\n", | |
702 | smtp_accept_count, (smtp_accept_count == 1)? "" : "es"); | |
703 | } | |
704 | ||
705 | /* Get here via goto in error cases */ | |
706 | ||
707 | ERROR_RETURN: | |
708 | ||
709 | /* Close the streams associated with the socket which will also close the | |
710 | socket fds in this process. We can't do anything if fclose() fails, but | |
711 | logging brings it to someone's attention. However, "connection reset by peer" | |
1f872c80 PH |
712 | isn't really a problem, so skip that one. On Solaris, a dropped connection can |
713 | manifest itself as a broken pipe, so drop that one too. If the streams don't | |
714 | exist, something went wrong while setting things up. Make sure the socket | |
715 | descriptors are closed, in order to drop the connection. */ | |
059ec3d9 PH |
716 | |
717 | if (smtp_out != NULL) | |
718 | { | |
1f872c80 | 719 | if (fclose(smtp_out) != 0 && errno != ECONNRESET && errno != EPIPE) |
059ec3d9 PH |
720 | log_write(0, LOG_MAIN|LOG_PANIC, "daemon: fclose(smtp_out) failed: %s", |
721 | strerror(errno)); | |
722 | smtp_out = NULL; | |
723 | } | |
f1e894f3 | 724 | else (void)close(accept_socket); |
059ec3d9 PH |
725 | |
726 | if (smtp_in != NULL) | |
727 | { | |
1f872c80 | 728 | if (fclose(smtp_in) != 0 && errno != ECONNRESET && errno != EPIPE) |
059ec3d9 PH |
729 | log_write(0, LOG_MAIN|LOG_PANIC, "daemon: fclose(smtp_in) failed: %s", |
730 | strerror(errno)); | |
731 | smtp_in = NULL; | |
732 | } | |
f1e894f3 | 733 | else (void)close(dup_accept_socket); |
059ec3d9 PH |
734 | |
735 | /* Release any store used in this process, including the store used for holding | |
736 | the incoming host address and an expanded active_hostname. */ | |
737 | ||
738 | store_reset(reset_point); | |
739 | sender_host_address = NULL; | |
740 | } | |
741 | ||
742 | ||
743 | ||
744 | ||
745 | /************************************************* | |
746 | * Check wildcard listen special cases * | |
747 | *************************************************/ | |
748 | ||
749 | /* This function is used when binding and listening on lists of addresses and | |
750 | ports. It tests for special cases of wildcard listening, when IPv4 and IPv6 | |
751 | sockets may interact in different ways in different operating systems. It is | |
752 | passed an error number, the list of listening addresses, and the current | |
753 | address. Two checks are available: for a previous wildcard IPv6 address, or for | |
754 | a following wildcard IPv4 address, in both cases on the same port. | |
755 | ||
756 | In practice, pairs of wildcard addresses should be adjacent in the address list | |
757 | because they are sorted that way below. | |
758 | ||
759 | Arguments: | |
760 | eno the error number | |
761 | addresses the list of addresses | |
762 | ipa the current IP address | |
763 | back if TRUE, check for previous wildcard IPv6 address | |
764 | if FALSE, check for a following wildcard IPv4 address | |
765 | ||
766 | Returns: TRUE or FALSE | |
767 | */ | |
768 | ||
769 | static BOOL | |
770 | check_special_case(int eno, ip_address_item *addresses, ip_address_item *ipa, | |
771 | BOOL back) | |
772 | { | |
773 | ip_address_item *ipa2; | |
774 | ||
775 | /* For the "back" case, if the failure was "address in use" for a wildcard IPv4 | |
776 | address, seek a previous IPv6 wildcard address on the same port. As it is | |
777 | previous, it must have been successfully bound and be listening. Flag it as a | |
778 | "6 including 4" listener. */ | |
779 | ||
780 | if (back) | |
781 | { | |
782 | if (eno != EADDRINUSE || ipa->address[0] != 0) return FALSE; | |
783 | for (ipa2 = addresses; ipa2 != ipa; ipa2 = ipa2->next) | |
784 | { | |
785 | if (ipa2->address[1] == 0 && ipa2->port == ipa->port) | |
786 | { | |
787 | ipa2->v6_include_v4 = TRUE; | |
788 | return TRUE; | |
789 | } | |
790 | } | |
791 | } | |
792 | ||
793 | /* For the "forward" case, if the current address is a wildcard IPv6 address, | |
794 | we seek a following wildcard IPv4 address on the same port. */ | |
795 | ||
796 | else | |
797 | { | |
798 | if (ipa->address[0] != ':' || ipa->address[1] != 0) return FALSE; | |
799 | for (ipa2 = ipa->next; ipa2 != NULL; ipa2 = ipa2->next) | |
800 | if (ipa2->address[0] == 0 && ipa->port == ipa2->port) return TRUE; | |
801 | } | |
802 | ||
803 | return FALSE; | |
804 | } | |
805 | ||
806 | ||
807 | ||
808 | ||
bb6e88ff PH |
809 | /************************************************* |
810 | * Handle terminating subprocesses * | |
811 | *************************************************/ | |
812 | ||
813 | /* Handle the termination of child processes. Theoretically, this need be done | |
814 | only when sigchld_seen is TRUE, but rumour has it that some systems lose | |
815 | SIGCHLD signals at busy times, so to be on the safe side, this function is | |
816 | called each time round. It shouldn't be too expensive. | |
817 | ||
818 | Arguments: none | |
819 | Returns: nothing | |
820 | */ | |
821 | ||
822 | static void | |
823 | handle_ending_processes(void) | |
824 | { | |
825 | int status; | |
826 | pid_t pid; | |
827 | ||
828 | while ((pid = waitpid(-1, &status, WNOHANG)) > 0) | |
829 | { | |
830 | int i; | |
7be682ca PP |
831 | DEBUG(D_any) |
832 | { | |
833 | debug_printf("child %d ended: status=0x%x\n", (int)pid, status); | |
834 | #ifdef WCOREDUMP | |
835 | if (WIFEXITED(status)) | |
836 | debug_printf(" normal exit, %d\n", WEXITSTATUS(status)); | |
837 | else if (WIFSIGNALED(status)) | |
838 | debug_printf(" signal exit, signal %d%s\n", WTERMSIG(status), | |
839 | WCOREDUMP(status) ? " (core dumped)" : ""); | |
840 | #endif | |
841 | } | |
bb6e88ff | 842 | |
8e669ac1 | 843 | /* If it's a listening daemon for which we are keeping track of individual |
bb6e88ff PH |
844 | subprocesses, deal with an accepting process that has terminated. */ |
845 | ||
846 | if (smtp_slots != NULL) | |
847 | { | |
848 | for (i = 0; i < smtp_accept_max; i++) | |
849 | { | |
850 | if (smtp_slots[i].pid == pid) | |
851 | { | |
852 | if (smtp_slots[i].host_address != NULL) | |
853 | store_free(smtp_slots[i].host_address); | |
854 | smtp_slots[i] = empty_smtp_slot; | |
855 | if (--smtp_accept_count < 0) smtp_accept_count = 0; | |
856 | DEBUG(D_any) debug_printf("%d SMTP accept process%s now running\n", | |
857 | smtp_accept_count, (smtp_accept_count == 1)? "" : "es"); | |
858 | break; | |
859 | } | |
860 | } | |
861 | if (i < smtp_accept_max) continue; /* Found an accepting process */ | |
862 | } | |
863 | ||
864 | /* If it wasn't an accepting process, see if it was a queue-runner | |
865 | process that we are tracking. */ | |
866 | ||
867 | if (queue_pid_slots != NULL) | |
868 | { | |
869 | for (i = 0; i < queue_run_max; i++) | |
870 | { | |
871 | if (queue_pid_slots[i] == pid) | |
872 | { | |
873 | queue_pid_slots[i] = 0; | |
874 | if (--queue_run_count < 0) queue_run_count = 0; | |
875 | DEBUG(D_any) debug_printf("%d queue-runner process%s now running\n", | |
876 | queue_run_count, (queue_run_count == 1)? "" : "es"); | |
877 | break; | |
878 | } | |
879 | } | |
880 | } | |
881 | } | |
882 | } | |
883 | ||
059ec3d9 PH |
884 | |
885 | ||
886 | /************************************************* | |
887 | * Exim Daemon Mainline * | |
888 | *************************************************/ | |
889 | ||
890 | /* The daemon can do two jobs, either of which is optional: | |
891 | ||
892 | (1) Listens for incoming SMTP calls and spawns off a sub-process to handle | |
893 | each one. This is requested by the -bd option, with -oX specifying the SMTP | |
894 | port on which to listen (for testing). | |
895 | ||
896 | (2) Spawns a queue-running process every so often. This is controlled by the | |
897 | -q option with a an interval time. (If no time is given, a single queue run | |
898 | is done from the main function, and control doesn't get here.) | |
899 | ||
900 | Root privilege is required in order to attach to port 25. Some systems require | |
901 | it when calling socket() rather than bind(). To cope with all cases, we run as | |
902 | root for both socket() and bind(). Some systems also require root in order to | |
903 | write to the pid file directory. This function must therefore be called as root | |
904 | if it is to work properly in all circumstances. Once the socket is bound and | |
905 | the pid file written, root privilege is given up if there is an exim uid. | |
906 | ||
907 | There are no arguments to this function, and it never returns. */ | |
908 | ||
909 | void | |
910 | daemon_go(void) | |
911 | { | |
ebeaf996 | 912 | struct passwd *pw; |
059ec3d9 PH |
913 | int *listen_sockets = NULL; |
914 | int listen_socket_count = 0; | |
915 | ip_address_item *addresses = NULL; | |
9ee44efb | 916 | time_t last_connection_time = (time_t)0; |
059ec3d9 PH |
917 | |
918 | /* If any debugging options are set, turn on the D_pid bit so that all | |
919 | debugging lines get the pid added. */ | |
920 | ||
921 | DEBUG(D_any|D_v) debug_selector |= D_pid; | |
922 | ||
9ee44efb PP |
923 | if (inetd_wait_mode) |
924 | { | |
925 | int on = 1; | |
926 | ||
927 | listen_socket_count = 1; | |
928 | listen_sockets = store_get(sizeof(int *)); | |
929 | (void) close(3); | |
930 | if (dup2(0, 3) == -1) | |
931 | { | |
932 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, | |
933 | "failed to dup inetd socket safely away: %s", strerror(errno)); | |
934 | } | |
935 | listen_sockets[0] = 3; | |
936 | (void) close(0); | |
937 | (void) close(1); | |
938 | (void) close(2); | |
939 | exim_nullstd(); | |
940 | ||
941 | if (debug_file == stderr) | |
942 | { | |
943 | /* need a call to log_write before call to open debug_file, so that | |
944 | log.c:file_path has been initialised. This is unfortunate. */ | |
945 | log_write(0, LOG_MAIN, "debugging Exim in inetd wait mode starting"); | |
946 | ||
947 | fclose(debug_file); | |
948 | debug_file = NULL; | |
949 | exim_nullstd(); /* re-open fd2 after we just closed it again */ | |
950 | debug_logging_activate(US"-wait", NULL); | |
951 | } | |
952 | ||
953 | DEBUG(D_any) debug_printf("running in inetd wait mode\n"); | |
954 | ||
955 | /* As per below, when creating sockets ourselves, we handle tcp_nodelay for | |
956 | our own buffering; we assume though that inetd set the socket REUSEADDR. */ | |
957 | ||
958 | if (tcp_nodelay) setsockopt(3, IPPROTO_TCP, TCP_NODELAY, | |
959 | (uschar *)(&on), sizeof(on)); | |
960 | } | |
961 | ||
962 | ||
963 | if (inetd_wait_mode || daemon_listen) | |
964 | { | |
965 | /* If any option requiring a load average to be available during the | |
966 | reception of a message is set, call os_getloadavg() while we are root | |
967 | for those OS for which this is necessary the first time it is called (in | |
968 | order to perform an "open" on the kernel memory file). */ | |
969 | ||
970 | #ifdef LOAD_AVG_NEEDS_ROOT | |
971 | if (queue_only_load >= 0 || smtp_load_reserve >= 0 || | |
972 | (deliver_queue_load_max >= 0 && deliver_drop_privilege)) | |
973 | (void)os_getloadavg(); | |
974 | #endif | |
975 | } | |
976 | ||
059ec3d9 PH |
977 | |
978 | /* Do the preparation for setting up a listener on one or more interfaces, and | |
979 | possible on various ports. This is controlled by the combination of | |
980 | local_interfaces (which can set IP addresses and ports) and daemon_smtp_port | |
981 | (which is a list of default ports to use for those items in local_interfaces | |
982 | that do not specify a port). The -oX command line option can be used to | |
983 | override one or both of these options. | |
984 | ||
985 | If local_interfaces is not set, the default is to listen on all interfaces. | |
986 | When it is set, it can include "all IPvx interfaces" as an item. This is useful | |
987 | when different ports are in use. | |
988 | ||
989 | It turns out that listening on all interfaces is messy in an IPv6 world, | |
990 | because several different implementation approaches have been taken. This code | |
991 | is now supposed to work with all of them. The point of difference is whether an | |
992 | IPv6 socket that is listening on all interfaces will receive incoming IPv4 | |
993 | calls or not. We also have to cope with the case when IPv6 libraries exist, but | |
994 | there is no IPv6 support in the kernel. | |
995 | ||
996 | . On Solaris, an IPv6 socket will accept IPv4 calls, and give them as mapped | |
997 | addresses. However, if an IPv4 socket is also listening on all interfaces, | |
998 | calls are directed to the appropriate socket. | |
999 | ||
1000 | . On (some versions of) Linux, an IPv6 socket will accept IPv4 calls, and | |
1001 | give them as mapped addresses, but an attempt also to listen on an IPv4 | |
1002 | socket on all interfaces causes an error. | |
1003 | ||
1004 | . On OpenBSD, an IPv6 socket will not accept IPv4 calls. You have to set up | |
1005 | two sockets if you want to accept both kinds of call. | |
1006 | ||
1007 | . FreeBSD is like OpenBSD, but it has the IPV6_V6ONLY socket option, which | |
1008 | can be turned off, to make it behave like the versions of Linux described | |
1009 | above. | |
1010 | ||
1011 | . I heard a report that the USAGI IPv6 stack for Linux has implemented | |
1012 | IPV6_V6ONLY. | |
1013 | ||
1014 | So, what we do when IPv6 is supported is as follows: | |
1015 | ||
1016 | (1) After it is set up, the list of interfaces is scanned for wildcard | |
1017 | addresses. If an IPv6 and an IPv4 wildcard are both found for the same | |
1018 | port, the list is re-arranged so that they are together, with the IPv6 | |
1019 | wildcard first. | |
1020 | ||
1021 | (2) If the creation of a wildcard IPv6 socket fails, we just log the error and | |
1022 | carry on if an IPv4 wildcard socket for the same port follows later in the | |
1023 | list. This allows Exim to carry on in the case when the kernel has no IPv6 | |
1024 | support. | |
1025 | ||
1026 | (3) Having created an IPv6 wildcard socket, we try to set IPV6_V6ONLY if that | |
1027 | option is defined. However, if setting fails, carry on regardless (but log | |
1028 | the incident). | |
1029 | ||
1030 | (4) If binding or listening on an IPv6 wildcard socket fails, it is a serious | |
1031 | error. | |
1032 | ||
1033 | (5) If binding or listening on an IPv4 wildcard socket fails with the error | |
1034 | EADDRINUSE, and a previous interface was an IPv6 wildcard for the same | |
1035 | port (which must have succeeded or we wouldn't have got this far), we | |
1036 | assume we are in the situation where just a single socket is permitted, | |
1037 | and ignore the error. | |
1038 | ||
1039 | Phew! | |
1040 | ||
1041 | The preparation code decodes options and sets up the relevant data. We do this | |
1042 | first, so that we can return non-zero if there are any syntax errors, and also | |
1043 | write to stderr. */ | |
1044 | ||
602e0254 | 1045 | if (daemon_listen && !inetd_wait_mode) |
059ec3d9 PH |
1046 | { |
1047 | int *default_smtp_port; | |
1048 | int sep; | |
1049 | int pct = 0; | |
1050 | uschar *s; | |
55414b25 | 1051 | const uschar * list; |
059ec3d9 PH |
1052 | uschar *local_iface_source = US"local_interfaces"; |
1053 | ip_address_item *ipa; | |
1054 | ip_address_item **pipa; | |
1055 | ||
059ec3d9 PH |
1056 | /* If -oX was used, disable the writing of a pid file unless -oP was |
1057 | explicitly used to force it. Then scan the string given to -oX. Any items | |
1058 | that contain neither a dot nor a colon are used to override daemon_smtp_port. | |
1059 | Any other items are used to override local_interfaces. */ | |
1060 | ||
1061 | if (override_local_interfaces != NULL) | |
1062 | { | |
1063 | uschar *new_smtp_port = NULL; | |
1064 | uschar *new_local_interfaces = NULL; | |
1065 | int portsize = 0; | |
1066 | int portptr = 0; | |
1067 | int ifacesize = 0; | |
1068 | int ifaceptr = 0; | |
1069 | ||
1070 | if (override_pid_file_path == NULL) write_pid = FALSE; | |
1071 | ||
1072 | list = override_local_interfaces; | |
1073 | sep = 0; | |
55414b25 | 1074 | while ((s = string_nextinlist(&list, &sep, big_buffer, big_buffer_size))) |
059ec3d9 PH |
1075 | { |
1076 | uschar joinstr[4]; | |
1077 | uschar **ptr; | |
1078 | int *sizeptr; | |
1079 | int *ptrptr; | |
1080 | ||
1081 | if (Ustrpbrk(s, ".:") == NULL) | |
1082 | { | |
1083 | ptr = &new_smtp_port; | |
1084 | sizeptr = &portsize; | |
1085 | ptrptr = &portptr; | |
1086 | } | |
1087 | else | |
1088 | { | |
1089 | ptr = &new_local_interfaces; | |
1090 | sizeptr = &ifacesize; | |
1091 | ptrptr = &ifaceptr; | |
1092 | } | |
1093 | ||
1094 | if (*ptr == NULL) | |
1095 | { | |
1096 | joinstr[0] = sep; | |
1097 | joinstr[1] = ' '; | |
1098 | *ptr = string_cat(*ptr, sizeptr, ptrptr, US"<", 1); | |
1099 | } | |
1100 | ||
1101 | *ptr = string_cat(*ptr, sizeptr, ptrptr, joinstr, 2); | |
1102 | *ptr = string_cat(*ptr, sizeptr, ptrptr, s, Ustrlen(s)); | |
1103 | } | |
1104 | ||
1105 | if (new_smtp_port != NULL) | |
1106 | { | |
1107 | new_smtp_port[portptr] = 0; | |
1108 | daemon_smtp_port = new_smtp_port; | |
1109 | DEBUG(D_any) debug_printf("daemon_smtp_port overridden by -oX:\n %s\n", | |
1110 | daemon_smtp_port); | |
1111 | } | |
1112 | ||
1113 | if (new_local_interfaces != NULL) | |
1114 | { | |
1115 | new_local_interfaces[ifaceptr] = 0; | |
1116 | local_interfaces = new_local_interfaces; | |
1117 | local_iface_source = US"-oX data"; | |
1118 | DEBUG(D_any) debug_printf("local_interfaces overridden by -oX:\n %s\n", | |
1119 | local_interfaces); | |
1120 | } | |
1121 | } | |
1122 | ||
1123 | /* Create a list of default SMTP ports, to be used if local_interfaces | |
1124 | contains entries without explict ports. First count the number of ports, then | |
1125 | build a translated list in a vector. */ | |
1126 | ||
1127 | list = daemon_smtp_port; | |
1128 | sep = 0; | |
55414b25 | 1129 | while ((s = string_nextinlist(&list, &sep, big_buffer, big_buffer_size))) |
059ec3d9 PH |
1130 | pct++; |
1131 | default_smtp_port = store_get((pct+1) * sizeof(int)); | |
1132 | list = daemon_smtp_port; | |
1133 | sep = 0; | |
1134 | for (pct = 0; | |
55414b25 | 1135 | (s = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)); |
059ec3d9 PH |
1136 | pct++) |
1137 | { | |
1138 | if (isdigit(*s)) | |
1139 | { | |
1140 | uschar *end; | |
1141 | default_smtp_port[pct] = Ustrtol(s, &end, 0); | |
1142 | if (end != s + Ustrlen(s)) | |
1143 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "invalid SMTP port: %s", s); | |
1144 | } | |
1145 | else | |
1146 | { | |
1147 | struct servent *smtp_service = getservbyname(CS s, "tcp"); | |
071c51f7 | 1148 | if (!smtp_service) |
059ec3d9 PH |
1149 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "TCP port \"%s\" not found", s); |
1150 | default_smtp_port[pct] = ntohs(smtp_service->s_port); | |
1151 | } | |
1152 | } | |
1153 | default_smtp_port[pct] = 0; | |
1154 | ||
071c51f7 JH |
1155 | /* Check the list of TLS-on-connect ports and do name lookups if needed */ |
1156 | ||
1157 | list = tls_in.on_connect_ports; | |
1158 | sep = 0; | |
1159 | while ((s = string_nextinlist(&list, &sep, big_buffer, big_buffer_size))) | |
1160 | if (!isdigit(*s)) | |
1161 | { | |
1162 | list = tls_in.on_connect_ports; | |
1163 | tls_in.on_connect_ports = NULL; | |
1164 | sep = 0; | |
1165 | while ((s = string_nextinlist(&list, &sep, big_buffer, big_buffer_size))) | |
1166 | { | |
1167 | if (!isdigit(*s)) | |
1168 | { | |
1169 | struct servent *smtp_service = getservbyname(CS s, "tcp"); | |
1170 | if (!smtp_service) | |
1171 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "TCP port \"%s\" not found", s); | |
1172 | s= string_sprintf("%d", (int)ntohs(smtp_service->s_port)); | |
1173 | } | |
1174 | tls_in.on_connect_ports = string_append_listele(tls_in.on_connect_ports, | |
1175 | ':', s); | |
1176 | } | |
1177 | break; | |
1178 | } | |
1179 | ||
059ec3d9 PH |
1180 | /* Create the list of local interfaces, possibly with ports included. This |
1181 | list may contain references to 0.0.0.0 and ::0 as wildcards. These special | |
1182 | values are converted below. */ | |
1183 | ||
1184 | addresses = host_build_ifacelist(local_interfaces, local_iface_source); | |
1185 | ||
1186 | /* In the list of IP addresses, convert 0.0.0.0 into an empty string, and ::0 | |
1187 | into the string ":". We use these to recognize wildcards in IPv4 and IPv6. In | |
1188 | fact, many IP stacks recognize 0.0.0.0 and ::0 and handle them as wildcards | |
1189 | anyway, but we need to know which are the wildcard addresses, and the shorter | |
1190 | strings are neater. | |
1191 | ||
1192 | In the same scan, fill in missing port numbers from the default list. When | |
1193 | there is more than one item in the list, extra items are created. */ | |
1194 | ||
1195 | for (ipa = addresses; ipa != NULL; ipa = ipa->next) | |
1196 | { | |
1197 | int i; | |
1198 | ||
1199 | if (Ustrcmp(ipa->address, "0.0.0.0") == 0) ipa->address[0] = 0; | |
1200 | else if (Ustrcmp(ipa->address, "::0") == 0) | |
1201 | { | |
1202 | ipa->address[0] = ':'; | |
1203 | ipa->address[1] = 0; | |
1204 | } | |
1205 | ||
1206 | if (ipa->port > 0) continue; | |
1207 | ||
1208 | if (daemon_smtp_port[0] <= 0) | |
1209 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "no port specified for interface " | |
1210 | "%s and daemon_smtp_port is unset; cannot start daemon", | |
1211 | (ipa->address[0] == 0)? US"\"all IPv4\"" : | |
1212 | (ipa->address[1] == 0)? US"\"all IPv6\"" : ipa->address); | |
1213 | ipa->port = default_smtp_port[0]; | |
1214 | for (i = 1; default_smtp_port[i] > 0; i++) | |
1215 | { | |
1216 | ip_address_item *new = store_get(sizeof(ip_address_item)); | |
1217 | memcpy(new->address, ipa->address, Ustrlen(ipa->address) + 1); | |
1218 | new->port = default_smtp_port[i]; | |
1219 | new->next = ipa->next; | |
1220 | ipa->next = new; | |
1221 | ipa = new; | |
1222 | } | |
1223 | } | |
1224 | ||
1225 | /* Scan the list of addresses for wildcards. If we find an IPv4 and an IPv6 | |
1226 | wildcard for the same port, ensure that (a) they are together and (b) the | |
1227 | IPv6 address comes first. This makes handling the messy features easier, and | |
1228 | also simplifies the construction of the "daemon started" log line. */ | |
1229 | ||
1230 | pipa = &addresses; | |
1231 | for (ipa = addresses; ipa != NULL; pipa = &(ipa->next), ipa = ipa->next) | |
1232 | { | |
1233 | ip_address_item *ipa2; | |
1234 | ||
1235 | /* Handle an IPv4 wildcard */ | |
1236 | ||
1237 | if (ipa->address[0] == 0) | |
1238 | { | |
1239 | for (ipa2 = ipa; ipa2->next != NULL; ipa2 = ipa2->next) | |
1240 | { | |
1241 | ip_address_item *ipa3 = ipa2->next; | |
1242 | if (ipa3->address[0] == ':' && | |
1243 | ipa3->address[1] == 0 && | |
1244 | ipa3->port == ipa->port) | |
1245 | { | |
1246 | ipa2->next = ipa3->next; | |
1247 | ipa3->next = ipa; | |
1248 | *pipa = ipa3; | |
1249 | break; | |
1250 | } | |
1251 | } | |
1252 | } | |
1253 | ||
1254 | /* Handle an IPv6 wildcard. */ | |
1255 | ||
1256 | else if (ipa->address[0] == ':' && ipa->address[1] == 0) | |
1257 | { | |
1258 | for (ipa2 = ipa; ipa2->next != NULL; ipa2 = ipa2->next) | |
1259 | { | |
1260 | ip_address_item *ipa3 = ipa2->next; | |
1261 | if (ipa3->address[0] == 0 && ipa3->port == ipa->port) | |
1262 | { | |
1263 | ipa2->next = ipa3->next; | |
1264 | ipa3->next = ipa->next; | |
1265 | ipa->next = ipa3; | |
1266 | ipa = ipa3; | |
1267 | break; | |
1268 | } | |
1269 | } | |
1270 | } | |
1271 | } | |
1272 | ||
1273 | /* Get a vector to remember all the sockets in */ | |
1274 | ||
1275 | for (ipa = addresses; ipa != NULL; ipa = ipa->next) | |
1276 | listen_socket_count++; | |
1277 | listen_sockets = store_get(sizeof(int *) * listen_socket_count); | |
1278 | ||
9ee44efb PP |
1279 | } /* daemon_listen but not inetd_wait_mode */ |
1280 | ||
1281 | if (daemon_listen) | |
1282 | { | |
1283 | ||
059ec3d9 PH |
1284 | /* Do a sanity check on the max connects value just to save us from getting |
1285 | a huge amount of store. */ | |
1286 | ||
1287 | if (smtp_accept_max > 4095) smtp_accept_max = 4096; | |
1288 | ||
1289 | /* There's no point setting smtp_accept_queue unless it is less than the max | |
1290 | connects limit. The configuration reader ensures that the max is set if the | |
1291 | queue-only option is set. */ | |
1292 | ||
1293 | if (smtp_accept_queue > smtp_accept_max) smtp_accept_queue = 0; | |
1294 | ||
1295 | /* Get somewhere to keep the list of SMTP accepting pids if we are keeping | |
1296 | track of them for total number and queue/host limits. */ | |
1297 | ||
1298 | if (smtp_accept_max > 0) | |
1299 | { | |
1300 | int i; | |
1301 | smtp_slots = store_get(smtp_accept_max * sizeof(smtp_slot)); | |
1302 | for (i = 0; i < smtp_accept_max; i++) smtp_slots[i] = empty_smtp_slot; | |
1303 | } | |
1304 | } | |
1305 | ||
76a2d7ba PH |
1306 | /* The variable background_daemon is always false when debugging, but |
1307 | can also be forced false in order to keep a non-debugging daemon in the | |
1308 | foreground. If background_daemon is true, close all open file descriptors that | |
9ee44efb PP |
1309 | we know about, but then re-open stdin, stdout, and stderr to /dev/null. Also |
1310 | do this for inetd_wait mode. | |
76a2d7ba PH |
1311 | |
1312 | This is protection against any called functions (in libraries, or in | |
1313 | Perl, or whatever) that think they can write to stderr (or stdout). Before this | |
1314 | was added, it was quite likely that an SMTP connection would use one of these | |
1315 | file descriptors, in which case writing random stuff to it caused chaos. | |
1316 | ||
1317 | Then disconnect from the controlling terminal, Most modern Unixes seem to have | |
1318 | setsid() for getting rid of the controlling terminal. For any OS that doesn't, | |
1319 | setsid() can be #defined as a no-op, or as something else. */ | |
059ec3d9 | 1320 | |
9ee44efb | 1321 | if (background_daemon || inetd_wait_mode) |
059ec3d9 | 1322 | { |
76a2d7ba PH |
1323 | log_close_all(); /* Just in case anything was logged earlier */ |
1324 | search_tidyup(); /* Just in case any were used in reading the config. */ | |
f1e894f3 PH |
1325 | (void)close(0); /* Get rid of stdin/stdout/stderr */ |
1326 | (void)close(1); | |
1327 | (void)close(2); | |
8e669ac1 | 1328 | exim_nullstd(); /* Connect stdin/stdout/stderr to /dev/null */ |
059ec3d9 | 1329 | log_stderr = NULL; /* So no attempt to copy paniclog output */ |
9ee44efb | 1330 | } |
059ec3d9 | 1331 | |
9ee44efb PP |
1332 | if (background_daemon) |
1333 | { | |
059ec3d9 | 1334 | /* If the parent process of this one has pid == 1, we are re-initializing the |
8e669ac1 | 1335 | daemon as the result of a SIGHUP. In this case, there is no need to do |
76a2d7ba PH |
1336 | anything, because the controlling terminal has long gone. Otherwise, fork, in |
1337 | case current process is a process group leader (see 'man setsid' for an | |
1338 | explanation) before calling setsid(). */ | |
059ec3d9 PH |
1339 | |
1340 | if (getppid() != 1) | |
1341 | { | |
1342 | pid_t pid = fork(); | |
1343 | if (pid < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, | |
1344 | "fork() failed when starting daemon: %s", strerror(errno)); | |
1345 | if (pid > 0) exit(EXIT_SUCCESS); /* in parent process, just exit */ | |
1346 | (void)setsid(); /* release controlling terminal */ | |
1347 | } | |
1348 | } | |
1349 | ||
1350 | /* We are now in the disconnected, daemon process (unless debugging). Set up | |
1351 | the listening sockets if required. */ | |
1352 | ||
9ee44efb | 1353 | if (daemon_listen && !inetd_wait_mode) |
059ec3d9 PH |
1354 | { |
1355 | int sk; | |
1356 | int on = 1; | |
1357 | ip_address_item *ipa; | |
1358 | ||
1359 | /* For each IP address, create a socket, bind it to the appropriate port, and | |
1360 | start listening. See comments above about IPv6 sockets that may or may not | |
1361 | accept IPv4 calls when listening on all interfaces. We also have to cope with | |
1362 | the case of a system with IPv6 libraries, but no IPv6 support in the kernel. | |
1363 | listening, provided a wildcard IPv4 socket for the same port follows. */ | |
1364 | ||
1365 | for (ipa = addresses, sk = 0; sk < listen_socket_count; ipa = ipa->next, sk++) | |
1366 | { | |
1367 | BOOL wildcard; | |
1368 | ip_address_item *ipa2; | |
059ec3d9 PH |
1369 | int af; |
1370 | ||
1371 | if (Ustrchr(ipa->address, ':') != NULL) | |
1372 | { | |
1373 | af = AF_INET6; | |
1374 | wildcard = ipa->address[1] == 0; | |
1375 | } | |
1376 | else | |
1377 | { | |
1378 | af = AF_INET; | |
1379 | wildcard = ipa->address[0] == 0; | |
1380 | } | |
1381 | ||
1382 | listen_sockets[sk] = ip_socket(SOCK_STREAM, af); | |
1383 | if (listen_sockets[sk] < 0) | |
1384 | { | |
1385 | if (check_special_case(0, addresses, ipa, FALSE)) | |
1386 | { | |
1387 | log_write(0, LOG_MAIN, "Failed to create IPv6 socket for wildcard " | |
1388 | "listening (%s): will use IPv4", strerror(errno)); | |
1389 | goto SKIP_SOCKET; | |
1390 | } | |
1391 | log_write(0, LOG_PANIC_DIE, "IPv%c socket creation failed: %s", | |
1392 | (af == AF_INET6)? '6' : '4', strerror(errno)); | |
1393 | } | |
1394 | ||
1395 | /* If this is an IPv6 wildcard socket, set IPV6_V6ONLY if that option is | |
1396 | available. Just log failure (can get protocol not available, just like | |
1397 | socket creation can). */ | |
1398 | ||
1399 | #ifdef IPV6_V6ONLY | |
1400 | if (af == AF_INET6 && wildcard && | |
1401 | setsockopt(listen_sockets[sk], IPPROTO_IPV6, IPV6_V6ONLY, (char *)(&on), | |
1402 | sizeof(on)) < 0) | |
1403 | log_write(0, LOG_MAIN, "Setting IPV6_V6ONLY on daemon's IPv6 wildcard " | |
1404 | "socket failed (%s): carrying on without it", strerror(errno)); | |
1405 | #endif /* IPV6_V6ONLY */ | |
1406 | ||
1407 | /* Set SO_REUSEADDR so that the daemon can be restarted while a connection | |
1408 | is being handled. Without this, a connection will prevent reuse of the | |
1409 | smtp port for listening. */ | |
1410 | ||
1411 | if (setsockopt(listen_sockets[sk], SOL_SOCKET, SO_REUSEADDR, | |
1412 | (uschar *)(&on), sizeof(on)) < 0) | |
1413 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "setting SO_REUSEADDR on socket " | |
1414 | "failed when starting daemon: %s", strerror(errno)); | |
1415 | ||
1416 | /* Set TCP_NODELAY; Exim does its own buffering. There is a switch to | |
1417 | disable this because it breaks some broken clients. */ | |
1418 | ||
1419 | if (tcp_nodelay) setsockopt(listen_sockets[sk], IPPROTO_TCP, TCP_NODELAY, | |
1420 | (uschar *)(&on), sizeof(on)); | |
1421 | ||
1422 | /* Now bind the socket to the required port; if Exim is being restarted | |
1423 | it may not always be possible to bind immediately, even with SO_REUSEADDR | |
1424 | set, so try 10 times, waiting between each try. After 10 failures, we give | |
1425 | up. In an IPv6 environment, if bind () fails with the error EADDRINUSE and | |
1426 | we are doing wildcard IPv4 listening and there was a previous IPv6 wildcard | |
1427 | address for the same port, ignore the error on the grounds that we must be | |
1428 | in a system where the IPv6 socket accepts both kinds of call. This is | |
1429 | necessary for (some release of) USAGI Linux; other IP stacks fail at the | |
1430 | listen() stage instead. */ | |
1431 | ||
1432 | for(;;) | |
1433 | { | |
1434 | uschar *msg, *addr; | |
1435 | if (ip_bind(listen_sockets[sk], af, ipa->address, ipa->port) >= 0) break; | |
1436 | if (check_special_case(errno, addresses, ipa, TRUE)) | |
1437 | { | |
1438 | DEBUG(D_any) debug_printf("wildcard IPv4 bind() failed after IPv6 " | |
1439 | "listen() success; EADDRINUSE ignored\n"); | |
f1e894f3 | 1440 | (void)close(listen_sockets[sk]); |
059ec3d9 PH |
1441 | goto SKIP_SOCKET; |
1442 | } | |
1443 | msg = US strerror(errno); | |
1444 | addr = wildcard? ((af == AF_INET6)? US"(any IPv6)" : US"(any IPv4)") : | |
1445 | ipa->address; | |
4aee0225 | 1446 | if (daemon_startup_retries <= 0) |
059ec3d9 PH |
1447 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, |
1448 | "socket bind() to port %d for address %s failed: %s: " | |
1449 | "daemon abandoned", ipa->port, addr, msg); | |
1450 | log_write(0, LOG_MAIN, "socket bind() to port %d for address %s " | |
4aee0225 PH |
1451 | "failed: %s: waiting %s before trying again (%d more %s)", |
1452 | ipa->port, addr, msg, readconf_printtime(daemon_startup_sleep), | |
1453 | daemon_startup_retries, (daemon_startup_retries > 1)? "tries" : "try"); | |
1454 | daemon_startup_retries--; | |
1455 | sleep(daemon_startup_sleep); | |
059ec3d9 PH |
1456 | } |
1457 | ||
1458 | DEBUG(D_any) | |
1459 | { | |
1460 | if (wildcard) | |
1461 | debug_printf("listening on all interfaces (IPv%c) port %d\n", | |
1462 | (af == AF_INET6)? '6' : '4', ipa->port); | |
1463 | else | |
1464 | debug_printf("listening on %s port %d\n", ipa->address, ipa->port); | |
1465 | } | |
1466 | ||
1467 | /* Start listening on the bound socket, establishing the maximum backlog of | |
1468 | connections that is allowed. On success, continue to the next address. */ | |
1469 | ||
1470 | if (listen(listen_sockets[sk], smtp_connect_backlog) >= 0) continue; | |
1471 | ||
1472 | /* Listening has failed. In an IPv6 environment, as for bind(), if listen() | |
1473 | fails with the error EADDRINUSE and we are doing IPv4 wildcard listening | |
1474 | and there was a previous successful IPv6 wildcard listen on the same port, | |
1475 | we want to ignore the error on the grounds that we must be in a system | |
1476 | where the IPv6 socket accepts both kinds of call. */ | |
1477 | ||
1478 | if (!check_special_case(errno, addresses, ipa, TRUE)) | |
1479 | log_write(0, LOG_PANIC_DIE, "listen() failed on interface %s: %s", | |
1480 | wildcard? ((af == AF_INET6)? US"(any IPv6)" : US"(any IPv4)") : | |
1481 | ipa->address, | |
1482 | strerror(errno)); | |
1483 | ||
1484 | DEBUG(D_any) debug_printf("wildcard IPv4 listen() failed after IPv6 " | |
1485 | "listen() success; EADDRINUSE ignored\n"); | |
f1e894f3 | 1486 | (void)close(listen_sockets[sk]); |
059ec3d9 PH |
1487 | |
1488 | /* Come here if there has been a problem with the socket which we | |
1489 | are going to ignore. We remove the address from the chain, and back up the | |
1490 | counts. */ | |
1491 | ||
1492 | SKIP_SOCKET: | |
1493 | sk--; /* Back up the count */ | |
1494 | listen_socket_count--; /* Reduce the total */ | |
1495 | if (ipa == addresses) addresses = ipa->next; else | |
1496 | { | |
1497 | for (ipa2 = addresses; ipa2->next != ipa; ipa2 = ipa2->next); | |
1498 | ipa2->next = ipa->next; | |
1499 | ipa = ipa2; | |
1500 | } | |
1501 | } /* End of bind/listen loop for each address */ | |
1502 | } /* End of setup for listening */ | |
1503 | ||
1504 | ||
1505 | /* If we are not listening, we want to write a pid file only if -oP was | |
1506 | explicitly given. */ | |
1507 | ||
1508 | else if (override_pid_file_path == NULL) write_pid = FALSE; | |
1509 | ||
1510 | /* Write the pid to a known file for assistance in identification, if required. | |
1511 | We do this before giving up root privilege, because on some systems it is | |
1512 | necessary to be root in order to write into the pid file directory. There's | |
1513 | nothing to stop multiple daemons running, as long as no more than one listens | |
1514 | on a given TCP/IP port on the same interface(s). However, in these | |
1515 | circumstances it gets far too complicated to mess with pid file names | |
1516 | automatically. Consequently, Exim 4 writes a pid file only | |
1517 | ||
1518 | (a) When running in the test harness, or | |
1519 | (b) When -bd is used and -oX is not used, or | |
1520 | (c) When -oP is used to supply a path. | |
1521 | ||
1522 | The variable daemon_write_pid is used to control this. */ | |
1523 | ||
1524 | if (running_in_test_harness || write_pid) | |
1525 | { | |
1526 | FILE *f; | |
1527 | ||
1528 | if (override_pid_file_path != NULL) | |
1529 | pid_file_path = override_pid_file_path; | |
1530 | ||
1531 | if (pid_file_path[0] == 0) | |
1532 | pid_file_path = string_sprintf("%s/exim-daemon.pid", spool_directory); | |
1533 | ||
2632889e | 1534 | f = modefopen(pid_file_path, "wb", 0644); |
059ec3d9 PH |
1535 | if (f != NULL) |
1536 | { | |
ff790e47 | 1537 | (void)fprintf(f, "%d\n", (int)getpid()); |
ff790e47 | 1538 | (void)fclose(f); |
059ec3d9 PH |
1539 | DEBUG(D_any) debug_printf("pid written to %s\n", pid_file_path); |
1540 | } | |
1541 | else | |
1542 | { | |
1543 | DEBUG(D_any) | |
1544 | debug_printf("%s\n", string_open_failed(errno, "pid file %s", | |
1545 | pid_file_path)); | |
1546 | } | |
1547 | } | |
1548 | ||
1549 | /* Set up the handler for SIGHUP, which causes a restart of the daemon. */ | |
1550 | ||
1551 | sighup_seen = FALSE; | |
1552 | signal(SIGHUP, sighup_handler); | |
1553 | ||
1554 | /* Give up root privilege at this point (assuming that exim_uid and exim_gid | |
1555 | are not root). The third argument controls the running of initgroups(). | |
1556 | Normally we do this, in order to set up the groups for the Exim user. However, | |
1557 | if we are not root at this time - some odd installations run that way - we | |
1558 | cannot do this. */ | |
1559 | ||
1560 | exim_setugid(exim_uid, exim_gid, geteuid()==root_uid, US"running as a daemon"); | |
1561 | ||
ebeaf996 PH |
1562 | /* Update the originator_xxx fields so that received messages as listed as |
1563 | coming from Exim, not whoever started the daemon. */ | |
1564 | ||
1565 | originator_uid = exim_uid; | |
1566 | originator_gid = exim_gid; | |
1567 | originator_login = ((pw = getpwuid(exim_uid)) != NULL)? | |
1568 | string_copy_malloc(US pw->pw_name) : US"exim"; | |
1569 | ||
059ec3d9 PH |
1570 | /* Get somewhere to keep the list of queue-runner pids if we are keeping track |
1571 | of them (and also if we are doing queue runs). */ | |
1572 | ||
1573 | if (queue_interval > 0 && queue_run_max > 0) | |
1574 | { | |
1575 | int i; | |
1576 | queue_pid_slots = store_get(queue_run_max * sizeof(pid_t)); | |
1577 | for (i = 0; i < queue_run_max; i++) queue_pid_slots[i] = 0; | |
1578 | } | |
1579 | ||
1580 | /* Set up the handler for termination of child processes. */ | |
1581 | ||
1582 | sigchld_seen = FALSE; | |
7d468ab8 | 1583 | os_non_restarting_signal(SIGCHLD, main_sigchld_handler); |
059ec3d9 PH |
1584 | |
1585 | /* If we are to run the queue periodically, pretend the alarm has just gone | |
1586 | off. This will cause the first queue-runner to get kicked off straight away. */ | |
1587 | ||
1588 | sigalrm_seen = (queue_interval > 0); | |
1589 | ||
1590 | /* Log the start up of a daemon - at least one of listening or queue running | |
1591 | must be set up. */ | |
1592 | ||
9ee44efb PP |
1593 | if (inetd_wait_mode) |
1594 | { | |
1595 | uschar *p = big_buffer; | |
1596 | ||
1597 | if (inetd_wait_timeout >= 0) | |
1598 | sprintf(CS p, "terminating after %d seconds", inetd_wait_timeout); | |
1599 | else | |
1600 | sprintf(CS p, "with no wait timeout"); | |
1601 | ||
1602 | log_write(0, LOG_MAIN, | |
1603 | "exim %s daemon started: pid=%d, launched with listening socket, %s", | |
1604 | version_string, getpid(), big_buffer); | |
1605 | set_process_info("daemon: pre-listening socket"); | |
1606 | ||
1607 | /* set up the timeout logic */ | |
1608 | sigalrm_seen = 1; | |
1609 | } | |
1610 | ||
1611 | else if (daemon_listen) | |
059ec3d9 PH |
1612 | { |
1613 | int i, j; | |
1614 | int smtp_ports = 0; | |
1615 | int smtps_ports = 0; | |
1616 | ip_address_item *ipa; | |
1617 | uschar *p = big_buffer; | |
1618 | uschar *qinfo = (queue_interval > 0)? | |
1619 | string_sprintf("-q%s", readconf_printtime(queue_interval)) | |
1620 | : | |
1621 | US"no queue runs"; | |
1622 | ||
1623 | /* Build a list of listening addresses in big_buffer, but limit it to 10 | |
1624 | items. The style is for backwards compatibility. | |
1625 | ||
1626 | It is now possible to have some ports listening for SMTPS (the old, | |
1627 | deprecated protocol that starts TLS without using STARTTLS), and others | |
1628 | listening for standard SMTP. Keep their listings separate. */ | |
1629 | ||
1630 | for (j = 0; j < 2; j++) | |
1631 | { | |
1632 | for (i = 0, ipa = addresses; i < 10 && ipa != NULL; i++, ipa = ipa->next) | |
1633 | { | |
1634 | /* First time round, look for SMTP ports; second time round, look for | |
1635 | SMTPS ports. For the first one of each, insert leading text. */ | |
1636 | ||
1637 | if (host_is_tls_on_connect_port(ipa->port) == (j > 0)) | |
1638 | { | |
1639 | if (j == 0) | |
1640 | { | |
1641 | if (smtp_ports++ == 0) | |
1642 | { | |
1643 | memcpy(p, "SMTP on", 8); | |
1644 | p += 7; | |
1645 | } | |
1646 | } | |
1647 | else | |
1648 | { | |
1649 | if (smtps_ports++ == 0) | |
1650 | { | |
1651 | (void)sprintf(CS p, "%sSMTPS on", | |
1652 | (smtp_ports == 0)? "":" and for "); | |
1653 | while (*p != 0) p++; | |
1654 | } | |
1655 | } | |
1656 | ||
1657 | /* Now the information about the port (and sometimes interface) */ | |
1658 | ||
1659 | if (ipa->address[0] == ':' && ipa->address[1] == 0) | |
1660 | { | |
1661 | if (ipa->next != NULL && ipa->next->address[0] == 0 && | |
1662 | ipa->next->port == ipa->port) | |
1663 | { | |
1664 | (void)sprintf(CS p, " port %d (IPv6 and IPv4)", ipa->port); | |
1665 | ipa = ipa->next; | |
1666 | } | |
1667 | else if (ipa->v6_include_v4) | |
1668 | (void)sprintf(CS p, " port %d (IPv6 with IPv4)", ipa->port); | |
1669 | else | |
1670 | (void)sprintf(CS p, " port %d (IPv6)", ipa->port); | |
1671 | } | |
1672 | else if (ipa->address[0] == 0) | |
1673 | (void)sprintf(CS p, " port %d (IPv4)", ipa->port); | |
1674 | else | |
1675 | (void)sprintf(CS p, " [%s]:%d", ipa->address, ipa->port); | |
1676 | while (*p != 0) p++; | |
1677 | } | |
1678 | } | |
1679 | ||
1680 | if (ipa != NULL) | |
1681 | { | |
1682 | memcpy(p, " ...", 5); | |
1683 | p += 4; | |
1684 | } | |
1685 | } | |
1686 | ||
1687 | log_write(0, LOG_MAIN, | |
1688 | "exim %s daemon started: pid=%d, %s, listening for %s", | |
1689 | version_string, getpid(), qinfo, big_buffer); | |
1690 | set_process_info("daemon: %s, listening for %s", qinfo, big_buffer); | |
1691 | } | |
1692 | ||
1693 | else | |
1694 | { | |
1695 | log_write(0, LOG_MAIN, | |
1696 | "exim %s daemon started: pid=%d, -q%s, not listening for SMTP", | |
1697 | version_string, getpid(), readconf_printtime(queue_interval)); | |
1698 | set_process_info("daemon: -q%s, not listening", | |
1699 | readconf_printtime(queue_interval)); | |
1700 | } | |
1701 | ||
476be7e2 JH |
1702 | /* Do any work it might be useful to amortize over our children |
1703 | (eg: compile regex) */ | |
1704 | ||
1705 | deliver_init(); | |
1706 | dns_pattern_init(); | |
1707 | ||
1708 | #ifdef WITH_CONTENT_SCAN | |
1709 | malware_init(); | |
1710 | #endif | |
059ec3d9 PH |
1711 | |
1712 | /* Close the log so it can be renamed and moved. In the few cases below where | |
1713 | this long-running process writes to the log (always exceptional conditions), it | |
1714 | closes the log afterwards, for the same reason. */ | |
1715 | ||
1716 | log_close_all(); | |
1717 | ||
1718 | DEBUG(D_any) debug_print_ids(US"daemon running with"); | |
1719 | ||
1720 | /* Any messages accepted via this route are going to be SMTP. */ | |
1721 | ||
1722 | smtp_input = TRUE; | |
1723 | ||
1724 | /* Enter the never-ending loop... */ | |
1725 | ||
1726 | for (;;) | |
1727 | { | |
1728 | #if HAVE_IPV6 | |
1729 | struct sockaddr_in6 accepted; | |
1730 | #else | |
1731 | struct sockaddr_in accepted; | |
1732 | #endif | |
1733 | ||
cf73943b | 1734 | EXIM_SOCKLEN_T len; |
059ec3d9 PH |
1735 | pid_t pid; |
1736 | ||
1737 | /* This code is placed first in the loop, so that it gets obeyed at the | |
9ee44efb PP |
1738 | start, before the first wait, for the queue-runner case, so that the first |
1739 | one can be started immediately. | |
1740 | ||
1741 | The other option is that we have an inetd wait timeout specified to -bw. */ | |
059ec3d9 PH |
1742 | |
1743 | if (sigalrm_seen) | |
1744 | { | |
9ee44efb PP |
1745 | if (inetd_wait_timeout > 0) |
1746 | { | |
1747 | time_t resignal_interval = inetd_wait_timeout; | |
1748 | ||
1749 | if (last_connection_time == (time_t)0) | |
1750 | { | |
1751 | DEBUG(D_any) | |
1752 | debug_printf("inetd wait timeout expired, but still not seen first message, ignoring\n"); | |
1753 | } | |
1754 | else | |
1755 | { | |
1756 | time_t now = time(NULL); | |
1757 | if (now == (time_t)-1) | |
1758 | { | |
1759 | DEBUG(D_any) debug_printf("failed to get time: %s\n", strerror(errno)); | |
1760 | } | |
1761 | else | |
1762 | { | |
1763 | if ((now - last_connection_time) >= inetd_wait_timeout) | |
1764 | { | |
1765 | DEBUG(D_any) | |
1766 | debug_printf("inetd wait timeout %d expired, ending daemon\n", | |
1767 | inetd_wait_timeout); | |
1768 | log_write(0, LOG_MAIN, "exim %s daemon terminating, inetd wait timeout reached.\n", | |
1769 | version_string); | |
1770 | exit(EXIT_SUCCESS); | |
1771 | } | |
1772 | else | |
1773 | { | |
1774 | resignal_interval -= (now - last_connection_time); | |
1775 | } | |
1776 | } | |
1777 | } | |
059ec3d9 | 1778 | |
9ee44efb PP |
1779 | sigalrm_seen = FALSE; |
1780 | alarm(resignal_interval); | |
1781 | } | |
059ec3d9 | 1782 | |
9ee44efb | 1783 | else |
059ec3d9 | 1784 | { |
9ee44efb | 1785 | DEBUG(D_any) debug_printf("SIGALRM received\n"); |
8e669ac1 | 1786 | |
9ee44efb PP |
1787 | /* Do a full queue run in a child process, if required, unless we already |
1788 | have enough queue runners on the go. If we are not running as root, a | |
1789 | re-exec is required. */ | |
059ec3d9 | 1790 | |
9ee44efb PP |
1791 | if (queue_interval > 0 && |
1792 | (queue_run_max <= 0 || queue_run_count < queue_run_max)) | |
1793 | { | |
1794 | if ((pid = fork()) == 0) | |
1795 | { | |
1796 | int sk; | |
3d235903 | 1797 | |
9ee44efb PP |
1798 | DEBUG(D_any) debug_printf("Starting queue-runner: pid %d\n", |
1799 | (int)getpid()); | |
8e669ac1 | 1800 | |
9ee44efb PP |
1801 | /* Disable debugging if it's required only for the daemon process. We |
1802 | leave the above message, because it ties up with the "child ended" | |
1803 | debugging messages. */ | |
059ec3d9 | 1804 | |
9ee44efb | 1805 | if (debug_daemon) debug_selector = 0; |
059ec3d9 | 1806 | |
9ee44efb | 1807 | /* Close any open listening sockets in the child */ |
059ec3d9 | 1808 | |
9ee44efb PP |
1809 | for (sk = 0; sk < listen_socket_count; sk++) |
1810 | (void)close(listen_sockets[sk]); | |
059ec3d9 | 1811 | |
9ee44efb | 1812 | /* Reset SIGHUP and SIGCHLD in the child in both cases. */ |
059ec3d9 | 1813 | |
9ee44efb PP |
1814 | signal(SIGHUP, SIG_DFL); |
1815 | signal(SIGCHLD, SIG_DFL); | |
059ec3d9 | 1816 | |
9ee44efb PP |
1817 | /* Re-exec if privilege has been given up, unless deliver_drop_ |
1818 | privilege is set. Reset SIGALRM before exec(). */ | |
4fbcfc2e | 1819 | |
9ee44efb | 1820 | if (geteuid() != root_uid && !deliver_drop_privilege) |
4fbcfc2e | 1821 | { |
9ee44efb PP |
1822 | uschar opt[8]; |
1823 | uschar *p = opt; | |
1824 | uschar *extra[5]; | |
1825 | int extracount = 1; | |
1826 | ||
1827 | signal(SIGALRM, SIG_DFL); | |
1828 | *p++ = '-'; | |
1829 | *p++ = 'q'; | |
1830 | if (queue_2stage) *p++ = 'q'; | |
1831 | if (queue_run_first_delivery) *p++ = 'i'; | |
1832 | if (queue_run_force) *p++ = 'f'; | |
1833 | if (deliver_force_thaw) *p++ = 'f'; | |
1834 | if (queue_run_local) *p++ = 'l'; | |
1835 | *p = 0; | |
1836 | extra[0] = opt; | |
1837 | ||
1838 | /* If -R or -S were on the original command line, ensure they get | |
1839 | passed on. */ | |
1840 | ||
1841 | if (deliver_selectstring != NULL) | |
1842 | { | |
1843 | extra[extracount++] = deliver_selectstring_regex? US"-Rr" : US"-R"; | |
1844 | extra[extracount++] = deliver_selectstring; | |
1845 | } | |
1846 | ||
1847 | if (deliver_selectstring_sender != NULL) | |
1848 | { | |
1849 | extra[extracount++] = deliver_selectstring_sender_regex? | |
1850 | US"-Sr" : US"-S"; | |
1851 | extra[extracount++] = deliver_selectstring_sender; | |
1852 | } | |
1853 | ||
1854 | /* Overlay this process with a new execution. */ | |
1855 | ||
1856 | (void)child_exec_exim(CEE_EXEC_PANIC, FALSE, NULL, TRUE, extracount, | |
1857 | extra[0], extra[1], extra[2], extra[3], extra[4]); | |
1858 | ||
1859 | /* Control never returns here. */ | |
4fbcfc2e PH |
1860 | } |
1861 | ||
9ee44efb | 1862 | /* No need to re-exec; SIGALRM remains set to the default handler */ |
059ec3d9 | 1863 | |
9ee44efb PP |
1864 | queue_run(NULL, NULL, FALSE); |
1865 | _exit(EXIT_SUCCESS); | |
059ec3d9 PH |
1866 | } |
1867 | ||
9ee44efb | 1868 | if (pid < 0) |
059ec3d9 | 1869 | { |
9ee44efb PP |
1870 | log_write(0, LOG_MAIN|LOG_PANIC, "daemon: fork of queue-runner " |
1871 | "process failed: %s", strerror(errno)); | |
1872 | log_close_all(); | |
1873 | } | |
1874 | else | |
1875 | { | |
1876 | int i; | |
1877 | for (i = 0; i < queue_run_max; ++i) | |
059ec3d9 | 1878 | { |
9ee44efb PP |
1879 | if (queue_pid_slots[i] <= 0) |
1880 | { | |
1881 | queue_pid_slots[i] = pid; | |
1882 | queue_run_count++; | |
1883 | break; | |
1884 | } | |
059ec3d9 | 1885 | } |
9ee44efb PP |
1886 | DEBUG(D_any) debug_printf("%d queue-runner process%s running\n", |
1887 | queue_run_count, (queue_run_count == 1)? "" : "es"); | |
059ec3d9 | 1888 | } |
059ec3d9 | 1889 | } |
059ec3d9 | 1890 | |
9ee44efb | 1891 | /* Reset the alarm clock */ |
059ec3d9 | 1892 | |
9ee44efb PP |
1893 | sigalrm_seen = FALSE; |
1894 | alarm(queue_interval); | |
1895 | } | |
1896 | ||
1897 | } /* sigalrm_seen */ | |
059ec3d9 PH |
1898 | |
1899 | ||
1900 | /* Sleep till a connection happens if listening, and handle the connection if | |
1901 | that is why we woke up. The FreeBSD operating system requires the use of | |
1902 | select() before accept() because the latter function is not interrupted by | |
1903 | a signal, and we want to wake up for SIGCHLD and SIGALRM signals. Some other | |
1904 | OS do notice signals in accept() but it does no harm to have the select() | |
1905 | in for all of them - and it won't then be a lurking problem for ports to | |
1906 | new OS. In fact, the later addition of listening on specific interfaces only | |
1907 | requires this way of working anyway. */ | |
1908 | ||
1909 | if (daemon_listen) | |
1910 | { | |
bb6e88ff | 1911 | int sk, lcount, select_errno; |
059ec3d9 PH |
1912 | int max_socket = 0; |
1913 | BOOL select_failed = FALSE; | |
1914 | fd_set select_listen; | |
1915 | ||
1916 | FD_ZERO(&select_listen); | |
1917 | for (sk = 0; sk < listen_socket_count; sk++) | |
1918 | { | |
1919 | FD_SET(listen_sockets[sk], &select_listen); | |
1920 | if (listen_sockets[sk] > max_socket) max_socket = listen_sockets[sk]; | |
1921 | } | |
1922 | ||
1923 | DEBUG(D_any) debug_printf("Listening...\n"); | |
8e669ac1 PH |
1924 | |
1925 | /* In rare cases we may have had a SIGCHLD signal in the time between | |
1926 | setting the handler (below) and getting back here. If so, pretend that the | |
7d468ab8 | 1927 | select() was interrupted so that we reap the child. This might still leave |
8e669ac1 | 1928 | a small window when a SIGCHLD could get lost. However, since we use SIGCHLD |
7d468ab8 PH |
1929 | only to do the reaping more quickly, it shouldn't result in anything other |
1930 | than a delay until something else causes a wake-up. */ | |
1931 | ||
1932 | if (sigchld_seen) | |
1933 | { | |
1934 | lcount = -1; | |
8e669ac1 | 1935 | errno = EINTR; |
7d468ab8 PH |
1936 | } |
1937 | else | |
8e669ac1 | 1938 | { |
7d468ab8 PH |
1939 | lcount = select(max_socket + 1, (SELECT_ARG2_TYPE *)&select_listen, |
1940 | NULL, NULL, NULL); | |
8e669ac1 | 1941 | } |
059ec3d9 | 1942 | |
7d468ab8 | 1943 | if (lcount < 0) |
059ec3d9 PH |
1944 | { |
1945 | select_failed = TRUE; | |
1946 | lcount = 1; | |
1947 | } | |
8e669ac1 PH |
1948 | |
1949 | /* Clean up any subprocesses that may have terminated. We need to do this | |
1950 | here so that smtp_accept_max_per_host works when a connection to that host | |
1951 | has completed, and we are about to accept a new one. When this code was | |
1952 | later in the sequence, a new connection could be rejected, even though an | |
1953 | old one had just finished. Preserve the errno from any select() failure for | |
bb6e88ff | 1954 | the use of the common select/accept error processing below. */ |
8e669ac1 | 1955 | |
bb6e88ff PH |
1956 | select_errno = errno; |
1957 | handle_ending_processes(); | |
8e669ac1 PH |
1958 | errno = select_errno; |
1959 | ||
059ec3d9 | 1960 | /* Loop for all the sockets that are currently ready to go. If select |
7d468ab8 PH |
1961 | actually failed, we have set the count to 1 and select_failed=TRUE, so as |
1962 | to use the common error code for select/accept below. */ | |
059ec3d9 PH |
1963 | |
1964 | while (lcount-- > 0) | |
1965 | { | |
1966 | int accept_socket = -1; | |
1967 | if (!select_failed) | |
1968 | { | |
1969 | for (sk = 0; sk < listen_socket_count; sk++) | |
1970 | { | |
1971 | if (FD_ISSET(listen_sockets[sk], &select_listen)) | |
1972 | { | |
cf73943b | 1973 | len = sizeof(accepted); |
059ec3d9 PH |
1974 | accept_socket = accept(listen_sockets[sk], |
1975 | (struct sockaddr *)&accepted, &len); | |
1976 | FD_CLR(listen_sockets[sk], &select_listen); | |
1977 | break; | |
1978 | } | |
1979 | } | |
1980 | } | |
1981 | ||
1982 | /* If select or accept has failed and this was not caused by an | |
1983 | interruption, log the incident and try again. With asymmetric TCP/IP | |
1984 | routing errors such as "No route to network" have been seen here. Also | |
1985 | "connection reset by peer" has been seen. These cannot be classed as | |
1986 | disastrous errors, but they could fill up a lot of log. The code in smail | |
1987 | crashes the daemon after 10 successive failures of accept, on the grounds | |
1988 | that some OS fail continuously. Exim originally followed suit, but this | |
1989 | appears to have caused problems. Now it just keeps going, but instead of | |
1990 | logging each error, it batches them up when they are continuous. */ | |
1991 | ||
1992 | if (accept_socket < 0 && errno != EINTR) | |
1993 | { | |
1994 | if (accept_retry_count == 0) | |
1995 | { | |
1996 | accept_retry_errno = errno; | |
1997 | accept_retry_select_failed = select_failed; | |
1998 | } | |
1999 | else | |
2000 | { | |
2001 | if (errno != accept_retry_errno || | |
2002 | select_failed != accept_retry_select_failed || | |
2003 | accept_retry_count >= 50) | |
2004 | { | |
2005 | log_write(0, LOG_MAIN | ((accept_retry_count >= 50)? LOG_PANIC : 0), | |
2006 | "%d %s() failure%s: %s", | |
2007 | accept_retry_count, | |
2008 | accept_retry_select_failed? "select" : "accept", | |
2009 | (accept_retry_count == 1)? "" : "s", | |
2010 | strerror(accept_retry_errno)); | |
2011 | log_close_all(); | |
2012 | accept_retry_count = 0; | |
2013 | accept_retry_errno = errno; | |
2014 | accept_retry_select_failed = select_failed; | |
2015 | } | |
2016 | } | |
2017 | accept_retry_count++; | |
2018 | } | |
2019 | ||
2020 | else | |
2021 | { | |
2022 | if (accept_retry_count > 0) | |
2023 | { | |
2024 | log_write(0, LOG_MAIN, "%d %s() failure%s: %s", | |
2025 | accept_retry_count, | |
2026 | accept_retry_select_failed? "select" : "accept", | |
2027 | (accept_retry_count == 1)? "" : "s", | |
2028 | strerror(accept_retry_errno)); | |
2029 | log_close_all(); | |
2030 | accept_retry_count = 0; | |
2031 | } | |
2032 | } | |
2033 | ||
2034 | /* If select/accept succeeded, deal with the connection. */ | |
2035 | ||
2036 | if (accept_socket >= 0) | |
9ee44efb PP |
2037 | { |
2038 | if (inetd_wait_timeout) | |
2039 | last_connection_time = time(NULL); | |
059ec3d9 PH |
2040 | handle_smtp_call(listen_sockets, listen_socket_count, accept_socket, |
2041 | (struct sockaddr *)&accepted); | |
9ee44efb | 2042 | } |
059ec3d9 PH |
2043 | } |
2044 | } | |
2045 | ||
2046 | /* If not listening, then just sleep for the queue interval. If we woke | |
2047 | up early the last time for some other signal, it won't matter because | |
2048 | the alarm signal will wake at the right time. This code originally used | |
2049 | sleep() but it turns out that on the FreeBSD system, sleep() is not inter- | |
2050 | rupted by signals, so it wasn't waking up for SIGALRM or SIGCHLD. Luckily | |
2051 | select() can be used as an interruptible sleep() on all versions of Unix. */ | |
2052 | ||
2053 | else | |
2054 | { | |
2055 | struct timeval tv; | |
2056 | tv.tv_sec = queue_interval; | |
2057 | tv.tv_usec = 0; | |
2058 | select(0, NULL, NULL, NULL, &tv); | |
8e669ac1 | 2059 | handle_ending_processes(); |
059ec3d9 PH |
2060 | } |
2061 | ||
2062 | /* Re-enable the SIGCHLD handler if it has been run. It can't do it | |
2063 | for itself, because it isn't doing the waiting itself. */ | |
2064 | ||
2065 | if (sigchld_seen) | |
2066 | { | |
2067 | sigchld_seen = FALSE; | |
7d468ab8 | 2068 | os_non_restarting_signal(SIGCHLD, main_sigchld_handler); |
059ec3d9 PH |
2069 | } |
2070 | ||
2071 | /* Handle being woken by SIGHUP. We know at this point that the result | |
2072 | of accept() has been dealt with, so we can re-exec exim safely, first | |
2073 | closing the listening sockets so that they can be reused. Cancel any pending | |
2074 | alarm in case it is just about to go off, and set SIGHUP to be ignored so | |
2075 | that another HUP in quick succession doesn't clobber the new daemon before it | |
2076 | gets going. All log files get closed by the close-on-exec flag; however, if | |
2077 | the exec fails, we need to close the logs. */ | |
2078 | ||
2079 | if (sighup_seen) | |
2080 | { | |
2081 | int sk; | |
2082 | log_write(0, LOG_MAIN, "pid %d: SIGHUP received: re-exec daemon", | |
2083 | getpid()); | |
f1e894f3 PH |
2084 | for (sk = 0; sk < listen_socket_count; sk++) |
2085 | (void)close(listen_sockets[sk]); | |
059ec3d9 PH |
2086 | alarm(0); |
2087 | signal(SIGHUP, SIG_IGN); | |
2088 | sighup_argv[0] = exim_path; | |
2089 | exim_nullstd(); | |
2090 | execv(CS exim_path, (char *const *)sighup_argv); | |
2091 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "pid %d: exec of %s failed: %s", | |
2092 | getpid(), exim_path, strerror(errno)); | |
2093 | log_close_all(); | |
2094 | } | |
2095 | ||
2096 | } /* End of main loop */ | |
2097 | ||
2098 | /* Control never reaches here */ | |
2099 | } | |
2100 | ||
071c51f7 JH |
2101 | /* vi: aw ai sw=2 |
2102 | */ | |
059ec3d9 | 2103 | /* End of exim_daemon.c */ |