Commit | Line | Data |
---|---|---|
059ec3d9 PH |
1 | /************************************************* |
2 | * Exim - an Internet mail transport agent * | |
3 | *************************************************/ | |
4 | ||
80fea873 | 5 | /* Copyright (c) University of Cambridge 1995 - 2016 */ |
059ec3d9 PH |
6 | /* See the file NOTICE for conditions of use and distribution. */ |
7 | ||
8 | /* Functions concerned with running Exim as a daemon */ | |
9 | ||
10 | ||
11 | #include "exim.h" | |
12 | ||
13 | ||
14 | /* Structure for holding data for each SMTP connection */ | |
15 | ||
16 | typedef struct smtp_slot { | |
17 | pid_t pid; /* pid of the spawned reception process */ | |
18 | uschar *host_address; /* address of the client host */ | |
19 | } smtp_slot; | |
20 | ||
21 | /* An empty slot for initializing (Standard C does not allow constructor | |
22 | expressions in assigments except as initializers in declarations). */ | |
23 | ||
24 | static smtp_slot empty_smtp_slot = { 0, NULL }; | |
25 | ||
26 | ||
27 | ||
28 | /************************************************* | |
29 | * Local static variables * | |
30 | *************************************************/ | |
31 | ||
cd59ab18 PP |
32 | static SIGNAL_BOOL sigchld_seen; |
33 | static SIGNAL_BOOL sighup_seen; | |
059ec3d9 PH |
34 | |
35 | static int accept_retry_count = 0; | |
36 | static int accept_retry_errno; | |
37 | static BOOL accept_retry_select_failed; | |
38 | ||
39 | static int queue_run_count = 0; | |
bb6e88ff PH |
40 | static pid_t *queue_pid_slots = NULL; |
41 | static smtp_slot *smtp_slots = NULL; | |
059ec3d9 PH |
42 | |
43 | static BOOL write_pid = TRUE; | |
44 | ||
45 | ||
46 | ||
47 | /************************************************* | |
48 | * SIGHUP Handler * | |
49 | *************************************************/ | |
50 | ||
51 | /* All this handler does is to set a flag and re-enable the signal. | |
52 | ||
53 | Argument: the signal number | |
54 | Returns: nothing | |
55 | */ | |
56 | ||
57 | static void | |
58 | sighup_handler(int sig) | |
59 | { | |
60 | sig = sig; /* Keep picky compilers happy */ | |
61 | sighup_seen = TRUE; | |
62 | signal(SIGHUP, sighup_handler); | |
63 | } | |
64 | ||
65 | ||
66 | ||
67 | /************************************************* | |
68 | * SIGCHLD handler for main daemon process * | |
69 | *************************************************/ | |
70 | ||
71 | /* Don't re-enable the handler here, since we aren't doing the | |
72 | waiting here. If the signal is re-enabled, there will just be an | |
73 | infinite sequence of calls to this handler. The SIGCHLD signal is | |
74 | used just as a means of waking up the daemon so that it notices | |
75 | terminated subprocesses as soon as possible. | |
76 | ||
77 | Argument: the signal number | |
78 | Returns: nothing | |
79 | */ | |
80 | ||
81 | static void | |
82 | main_sigchld_handler(int sig) | |
83 | { | |
84 | sig = sig; /* Keep picky compilers happy */ | |
7d468ab8 | 85 | os_non_restarting_signal(SIGCHLD, SIG_DFL); |
059ec3d9 | 86 | sigchld_seen = TRUE; |
059ec3d9 PH |
87 | } |
88 | ||
89 | ||
90 | ||
91 | ||
92 | /************************************************* | |
93 | * Unexpected errors in SMTP calls * | |
94 | *************************************************/ | |
95 | ||
96 | /* This function just saves a bit of repetitious coding. | |
97 | ||
98 | Arguments: | |
99 | log_msg Text of message to be logged | |
100 | smtp_msg Text of SMTP error message | |
101 | was_errno The failing errno | |
102 | ||
103 | Returns: nothing | |
104 | */ | |
105 | ||
106 | static void | |
107 | never_error(uschar *log_msg, uschar *smtp_msg, int was_errno) | |
108 | { | |
109 | uschar *emsg = (was_errno <= 0)? US"" : | |
110 | string_sprintf(": %s", strerror(was_errno)); | |
111 | log_write(0, LOG_MAIN|LOG_PANIC, "%s%s", log_msg, emsg); | |
112 | if (smtp_out != NULL) smtp_printf("421 %s\r\n", smtp_msg); | |
113 | } | |
114 | ||
115 | ||
116 | ||
117 | ||
118 | /************************************************* | |
119 | * Handle a connected SMTP call * | |
120 | *************************************************/ | |
121 | ||
122 | /* This function is called when an SMTP connection has been accepted. | |
123 | If there are too many, give an error message and close down. Otherwise | |
124 | spin off a sub-process to handle the call. The list of listening sockets | |
125 | is required so that they can be closed in the sub-process. Take care not to | |
126 | leak store in this process - reset the stacking pool at the end. | |
127 | ||
128 | Arguments: | |
129 | listen_sockets sockets which are listening for incoming calls | |
130 | listen_socket_count count of listening sockets | |
131 | accept_socket socket of the current accepted call | |
132 | accepted socket information about the current call | |
133 | ||
134 | Returns: nothing | |
135 | */ | |
136 | ||
137 | static void | |
138 | handle_smtp_call(int *listen_sockets, int listen_socket_count, | |
139 | int accept_socket, struct sockaddr *accepted) | |
140 | { | |
141 | pid_t pid; | |
142 | union sockaddr_46 interface_sockaddr; | |
36a3b041 | 143 | EXIM_SOCKLEN_T ifsize = sizeof(interface_sockaddr); |
059ec3d9 PH |
144 | int dup_accept_socket = -1; |
145 | int max_for_this_host = 0; | |
146 | int wfsize = 0; | |
147 | int wfptr = 0; | |
6c6d6e48 | 148 | int save_log_selector = *log_selector; |
059ec3d9 PH |
149 | uschar *whofrom = NULL; |
150 | ||
151 | void *reset_point = store_get(0); | |
152 | ||
153 | /* Make the address available in ASCII representation, and also fish out | |
154 | the remote port. */ | |
155 | ||
156 | sender_host_address = host_ntoa(-1, accepted, NULL, &sender_host_port); | |
157 | DEBUG(D_any) debug_printf("Connection request from %s port %d\n", | |
158 | sender_host_address, sender_host_port); | |
159 | ||
160 | /* Set up the output stream, check the socket has duplicated, and set up the | |
161 | input stream. These operations fail only the exceptional circumstances. Note | |
162 | that never_error() won't use smtp_out if it is NULL. */ | |
163 | ||
164 | smtp_out = fdopen(accept_socket, "wb"); | |
165 | if (smtp_out == NULL) | |
166 | { | |
167 | never_error(US"daemon: fdopen() for smtp_out failed", US"", errno); | |
168 | goto ERROR_RETURN; | |
169 | } | |
170 | ||
171 | dup_accept_socket = dup(accept_socket); | |
172 | if (dup_accept_socket < 0) | |
173 | { | |
174 | never_error(US"daemon: couldn't dup socket descriptor", | |
175 | US"Connection setup failed", errno); | |
176 | goto ERROR_RETURN; | |
177 | } | |
178 | ||
179 | smtp_in = fdopen(dup_accept_socket, "rb"); | |
180 | if (smtp_in == NULL) | |
181 | { | |
182 | never_error(US"daemon: fdopen() for smtp_in failed", | |
183 | US"Connection setup failed", errno); | |
184 | goto ERROR_RETURN; | |
185 | } | |
186 | ||
520de300 PH |
187 | /* Get the data for the local interface address. Panic for most errors, but |
188 | "connection reset by peer" just means the connection went away. */ | |
059ec3d9 PH |
189 | |
190 | if (getsockname(accept_socket, (struct sockaddr *)(&interface_sockaddr), | |
191 | &ifsize) < 0) | |
192 | { | |
520de300 PH |
193 | log_write(0, LOG_MAIN | ((errno == ECONNRESET)? 0 : LOG_PANIC), |
194 | "getsockname() failed: %s", strerror(errno)); | |
059ec3d9 PH |
195 | smtp_printf("421 Local problem: getsockname() failed; please try again later\r\n"); |
196 | goto ERROR_RETURN; | |
197 | } | |
198 | ||
199 | interface_address = host_ntoa(-1, &interface_sockaddr, NULL, &interface_port); | |
200 | DEBUG(D_interface) debug_printf("interface address=%s port=%d\n", | |
201 | interface_address, interface_port); | |
202 | ||
203 | /* Build a string identifying the remote host and, if requested, the port and | |
204 | the local interface data. This is for logging; at the end of this function the | |
205 | memory is reclaimed. */ | |
206 | ||
207 | whofrom = string_append(whofrom, &wfsize, &wfptr, 3, "[", sender_host_address, "]"); | |
208 | ||
6c6d6e48 | 209 | if (LOGGING(incoming_port)) |
059ec3d9 PH |
210 | whofrom = string_append(whofrom, &wfsize, &wfptr, 2, ":", string_sprintf("%d", |
211 | sender_host_port)); | |
212 | ||
6c6d6e48 | 213 | if (LOGGING(incoming_interface)) |
059ec3d9 PH |
214 | whofrom = string_append(whofrom, &wfsize, &wfptr, 4, " I=[", |
215 | interface_address, "]:", string_sprintf("%d", interface_port)); | |
216 | ||
217 | whofrom[wfptr] = 0; /* Terminate the newly-built string */ | |
218 | ||
219 | /* Check maximum number of connections. We do not check for reserved | |
220 | connections or unacceptable hosts here. That is done in the subprocess because | |
221 | it might take some time. */ | |
222 | ||
223 | if (smtp_accept_max > 0 && smtp_accept_count >= smtp_accept_max) | |
224 | { | |
225 | DEBUG(D_any) debug_printf("rejecting SMTP connection: count=%d max=%d\n", | |
226 | smtp_accept_count, smtp_accept_max); | |
227 | smtp_printf("421 Too many concurrent SMTP connections; " | |
228 | "please try again later.\r\n"); | |
229 | log_write(L_connection_reject, | |
230 | LOG_MAIN, "Connection from %s refused: too many connections", | |
231 | whofrom); | |
232 | goto ERROR_RETURN; | |
233 | } | |
234 | ||
235 | /* If a load limit above which only reserved hosts are acceptable is defined, | |
236 | get the load average here, and if there are in fact no reserved hosts, do | |
237 | the test right away (saves a fork). If there are hosts, do the check in the | |
238 | subprocess because it might take time. */ | |
239 | ||
240 | if (smtp_load_reserve >= 0) | |
241 | { | |
8669f003 | 242 | load_average = OS_GETLOADAVG(); |
059ec3d9 PH |
243 | if (smtp_reserve_hosts == NULL && load_average > smtp_load_reserve) |
244 | { | |
245 | DEBUG(D_any) debug_printf("rejecting SMTP connection: load average = %.2f\n", | |
246 | (double)load_average/1000.0); | |
247 | smtp_printf("421 Too much load; please try again later.\r\n"); | |
248 | log_write(L_connection_reject, | |
249 | LOG_MAIN, "Connection from %s refused: load average = %.2f", | |
250 | whofrom, (double)load_average/1000.0); | |
251 | goto ERROR_RETURN; | |
252 | } | |
253 | } | |
254 | ||
255 | /* Check that one specific host (strictly, IP address) is not hogging | |
256 | resources. This is done here to prevent a denial of service attack by someone | |
257 | forcing you to fork lots of times before denying service. The value of | |
258 | smtp_accept_max_per_host is a string which is expanded. This makes it possible | |
259 | to provide host-specific limits according to $sender_host address, but because | |
260 | this is in the daemon mainline, only fast expansions (such as inline address | |
261 | checks) should be used. The documentation is full of warnings. */ | |
262 | ||
263 | if (smtp_accept_max_per_host != NULL) | |
264 | { | |
265 | uschar *expanded = expand_string(smtp_accept_max_per_host); | |
266 | if (expanded == NULL) | |
267 | { | |
268 | if (!expand_string_forcedfail) | |
269 | log_write(0, LOG_MAIN|LOG_PANIC, "expansion of smtp_accept_max_per_host " | |
270 | "failed for %s: %s", whofrom, expand_string_message); | |
271 | } | |
272 | /* For speed, interpret a decimal number inline here */ | |
273 | else | |
274 | { | |
275 | uschar *s = expanded; | |
276 | while (isdigit(*s)) | |
277 | max_for_this_host = max_for_this_host * 10 + *s++ - '0'; | |
278 | if (*s != 0) | |
279 | log_write(0, LOG_MAIN|LOG_PANIC, "expansion of smtp_accept_max_per_host " | |
280 | "for %s contains non-digit: %s", whofrom, expanded); | |
281 | } | |
282 | } | |
283 | ||
284 | /* If we have fewer connections than max_for_this_host, we can skip the tedious | |
285 | per host_address checks. Note that at this stage smtp_accept_count contains the | |
286 | count of *other* connections, not including this one. */ | |
287 | ||
288 | if ((max_for_this_host > 0) && | |
289 | (smtp_accept_count >= max_for_this_host)) | |
290 | { | |
291 | int i; | |
292 | int host_accept_count = 0; | |
293 | int other_host_count = 0; /* keep a count of non matches to optimise */ | |
294 | ||
295 | for (i = 0; i < smtp_accept_max; ++i) | |
296 | { | |
297 | if (smtp_slots[i].host_address != NULL) | |
298 | { | |
299 | if (Ustrcmp(sender_host_address, smtp_slots[i].host_address) == 0) | |
300 | host_accept_count++; | |
301 | else | |
302 | other_host_count++; | |
303 | ||
304 | /* Testing all these strings is expensive - see if we can drop out | |
305 | early, either by hitting the target, or finding there are not enough | |
306 | connections left to make the target. */ | |
307 | ||
308 | if ((host_accept_count >= max_for_this_host) || | |
309 | ((smtp_accept_count - other_host_count) < max_for_this_host)) | |
310 | break; | |
311 | } | |
312 | } | |
313 | ||
314 | if (host_accept_count >= max_for_this_host) | |
315 | { | |
316 | DEBUG(D_any) debug_printf("rejecting SMTP connection: too many from this " | |
317 | "IP address: count=%d max=%d\n", | |
318 | host_accept_count, max_for_this_host); | |
319 | smtp_printf("421 Too many concurrent SMTP connections " | |
320 | "from this IP address; please try again later.\r\n"); | |
321 | log_write(L_connection_reject, | |
322 | LOG_MAIN, "Connection from %s refused: too many connections " | |
323 | "from that IP address", whofrom); | |
324 | goto ERROR_RETURN; | |
325 | } | |
326 | } | |
327 | ||
328 | /* OK, the connection count checks have been passed. Before we can fork the | |
329 | accepting process, we must first log the connection if requested. This logging | |
330 | used to happen in the subprocess, but doing that means that the value of | |
331 | smtp_accept_count can be out of step by the time it is logged. So we have to do | |
332 | the logging here and accept the performance cost. Note that smtp_accept_count | |
333 | hasn't yet been incremented to take account of this connection. | |
334 | ||
335 | In order to minimize the cost (because this is going to happen for every | |
336 | connection), do a preliminary selector test here. This saves ploughing through | |
337 | the generalized logging code each time when the selector is false. If the | |
338 | selector is set, check whether the host is on the list for logging. If not, | |
339 | arrange to unset the selector in the subprocess. */ | |
340 | ||
6c6d6e48 | 341 | if (LOGGING(smtp_connection)) |
059ec3d9 PH |
342 | { |
343 | uschar *list = hosts_connection_nolog; | |
ce325893 | 344 | memset(sender_host_cache, 0, sizeof(sender_host_cache)); |
059ec3d9 | 345 | if (list != NULL && verify_check_host(&list) == OK) |
6c6d6e48 | 346 | save_log_selector &= ~L_smtp_connection; |
059ec3d9 PH |
347 | else |
348 | log_write(L_smtp_connection, LOG_MAIN, "SMTP connection from %s " | |
349 | "(TCP/IP connection count = %d)", whofrom, smtp_accept_count + 1); | |
350 | } | |
351 | ||
352 | /* Now we can fork the accepting process; do a lookup tidy, just in case any | |
353 | expansion above did a lookup. */ | |
354 | ||
355 | search_tidyup(); | |
356 | pid = fork(); | |
357 | ||
358 | /* Handle the child process */ | |
359 | ||
360 | if (pid == 0) | |
361 | { | |
362 | int i; | |
363 | int queue_only_reason = 0; | |
364 | int old_pool = store_pool; | |
8e669ac1 | 365 | int save_debug_selector = debug_selector; |
059ec3d9 | 366 | BOOL local_queue_only; |
8669f003 | 367 | BOOL session_local_queue_only; |
059ec3d9 PH |
368 | #ifdef SA_NOCLDWAIT |
369 | struct sigaction act; | |
370 | #endif | |
371 | ||
b01dd148 PH |
372 | smtp_accept_count++; /* So that it includes this process */ |
373 | ||
059ec3d9 PH |
374 | /* May have been modified for the subprocess */ |
375 | ||
6c6d6e48 | 376 | *log_selector = save_log_selector; |
059ec3d9 PH |
377 | |
378 | /* Get the local interface address into permanent store */ | |
379 | ||
380 | store_pool = POOL_PERM; | |
381 | interface_address = string_copy(interface_address); | |
382 | store_pool = old_pool; | |
383 | ||
384 | /* Check for a tls-on-connect port */ | |
385 | ||
817d9f57 | 386 | if (host_is_tls_on_connect_port(interface_port)) tls_in.on_connect = TRUE; |
059ec3d9 PH |
387 | |
388 | /* Expand smtp_active_hostname if required. We do not do this any earlier, | |
389 | because it may depend on the local interface address (indeed, that is most | |
390 | likely what it depends on.) */ | |
391 | ||
392 | smtp_active_hostname = primary_hostname; | |
393 | if (raw_active_hostname != NULL) | |
394 | { | |
395 | uschar *nah = expand_string(raw_active_hostname); | |
396 | if (nah == NULL) | |
397 | { | |
398 | if (!expand_string_forcedfail) | |
399 | { | |
400 | log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand \"%s\" " | |
401 | "(smtp_active_hostname): %s", raw_active_hostname, | |
402 | expand_string_message); | |
403 | smtp_printf("421 Local configuration error; " | |
404 | "please try again later.\r\n"); | |
405 | mac_smtp_fflush(); | |
406 | search_tidyup(); | |
407 | _exit(EXIT_FAILURE); | |
408 | } | |
409 | } | |
410 | else if (nah[0] != 0) smtp_active_hostname = nah; | |
411 | } | |
412 | ||
413 | /* Initialize the queueing flags */ | |
414 | ||
415 | queue_check_only(); | |
8669f003 | 416 | session_local_queue_only = queue_only; |
059ec3d9 PH |
417 | |
418 | /* Close the listening sockets, and set the SIGCHLD handler to SIG_IGN. | |
419 | We also attempt to set things up so that children are automatically reaped, | |
420 | but just in case this isn't available, there's a paranoid waitpid() in the | |
421 | loop too (except for systems where we are sure it isn't needed). See the more | |
422 | extensive comment before the reception loop in exim.c for a fuller | |
423 | explanation of this logic. */ | |
424 | ||
f1e894f3 | 425 | for (i = 0; i < listen_socket_count; i++) (void)close(listen_sockets[i]); |
059ec3d9 | 426 | |
fa32850b DW |
427 | /* Set FD_CLOEXEC on the SMTP socket. We don't want any rogue child processes |
428 | to be able to communicate with them, under any circumstances. */ | |
429 | (void)fcntl(accept_socket, F_SETFD, | |
430 | fcntl(accept_socket, F_GETFD) | FD_CLOEXEC); | |
431 | (void)fcntl(dup_accept_socket, F_SETFD, | |
432 | fcntl(dup_accept_socket, F_GETFD) | FD_CLOEXEC); | |
433 | ||
059ec3d9 PH |
434 | #ifdef SA_NOCLDWAIT |
435 | act.sa_handler = SIG_IGN; | |
436 | sigemptyset(&(act.sa_mask)); | |
437 | act.sa_flags = SA_NOCLDWAIT; | |
438 | sigaction(SIGCHLD, &act, NULL); | |
439 | #else | |
440 | signal(SIGCHLD, SIG_IGN); | |
441 | #endif | |
442 | ||
443 | /* Attempt to get an id from the sending machine via the RFC 1413 | |
444 | protocol. We do this in the sub-process in order not to hold up the | |
445 | main process if there is any delay. Then set up the fullhost information | |
8e669ac1 PH |
446 | in case there is no HELO/EHLO. |
447 | ||
448 | If debugging is enabled only for the daemon, we must turn if off while | |
449 | finding the id, but turn it on again afterwards so that information about the | |
3d235903 | 450 | incoming connection is output. */ |
8e669ac1 | 451 | |
3d235903 | 452 | if (debug_daemon) debug_selector = 0; |
059ec3d9 PH |
453 | verify_get_ident(IDENT_PORT); |
454 | host_build_sender_fullhost(); | |
8e669ac1 | 455 | debug_selector = save_debug_selector; |
059ec3d9 PH |
456 | |
457 | DEBUG(D_any) | |
458 | debug_printf("Process %d is handling incoming connection from %s\n", | |
459 | (int)getpid(), sender_fullhost); | |
460 | ||
3d235903 PH |
461 | /* Now disable debugging permanently if it's required only for the daemon |
462 | process. */ | |
463 | ||
464 | if (debug_daemon) debug_selector = 0; | |
465 | ||
059ec3d9 | 466 | /* If there are too many child processes for immediate delivery, |
8669f003 | 467 | set the session_local_queue_only flag, which is initialized from the |
059ec3d9 | 468 | configured value and may therefore already be TRUE. Leave logging |
8669f003 PH |
469 | till later so it will have a message id attached. Note that there is no |
470 | possibility of re-calculating this per-message, because the value of | |
471 | smtp_accept_count does not change in this subprocess. */ | |
059ec3d9 | 472 | |
b01dd148 | 473 | if (smtp_accept_queue > 0 && smtp_accept_count > smtp_accept_queue) |
059ec3d9 | 474 | { |
8669f003 | 475 | session_local_queue_only = TRUE; |
059ec3d9 PH |
476 | queue_only_reason = 1; |
477 | } | |
478 | ||
479 | /* Handle the start of the SMTP session, then loop, accepting incoming | |
480 | messages from the SMTP connection. The end will come at the QUIT command, | |
481 | when smtp_setup_msg() returns 0. A break in the connection causes the | |
24796b8d PH |
482 | process to die (see accept.c). |
483 | ||
484 | NOTE: We do *not* call smtp_log_no_mail() if smtp_start_session() fails, | |
485 | because a log line has already been written for all its failure exists | |
486 | (usually "connection refused: <reason>") and writing another one is | |
487 | unnecessary clutter. */ | |
059ec3d9 PH |
488 | |
489 | if (!smtp_start_session()) | |
490 | { | |
491 | mac_smtp_fflush(); | |
492 | search_tidyup(); | |
493 | _exit(EXIT_SUCCESS); | |
494 | } | |
495 | ||
496 | for (;;) | |
497 | { | |
498 | int rc; | |
499 | message_id[0] = 0; /* Clear out any previous message_id */ | |
500 | reset_point = store_get(0); /* Save current store high water point */ | |
501 | ||
502 | DEBUG(D_any) | |
503 | debug_printf("Process %d is ready for new message\n", (int)getpid()); | |
504 | ||
505 | /* Smtp_setup_msg() returns 0 on QUIT or if the call is from an | |
506 | unacceptable host or if an ACL "drop" command was triggered, -1 on | |
507 | connection lost, and +1 on validly reaching DATA. Receive_msg() almost | |
508 | always returns TRUE when smtp_input is true; just retry if no message was | |
509 | accepted (can happen for invalid message parameters). However, it can yield | |
510 | FALSE if the connection was forcibly dropped by the DATA ACL. */ | |
511 | ||
512 | if ((rc = smtp_setup_msg()) > 0) | |
513 | { | |
514 | BOOL ok = receive_msg(FALSE); | |
515 | search_tidyup(); /* Close cached databases */ | |
516 | if (!ok) /* Connection was dropped */ | |
517 | { | |
518 | mac_smtp_fflush(); | |
b4ed4da0 | 519 | smtp_log_no_mail(); /* Log no mail if configured */ |
059ec3d9 PH |
520 | _exit(EXIT_SUCCESS); |
521 | } | |
522 | if (message_id[0] == 0) continue; /* No message was accepted */ | |
523 | } | |
524 | else | |
525 | { | |
526 | mac_smtp_fflush(); | |
527 | search_tidyup(); | |
b4ed4da0 | 528 | smtp_log_no_mail(); /* Log no mail if configured */ |
059ec3d9 PH |
529 | _exit((rc == 0)? EXIT_SUCCESS : EXIT_FAILURE); |
530 | } | |
531 | ||
532 | /* Show the recipients when debugging */ | |
533 | ||
534 | DEBUG(D_receive) | |
535 | { | |
536 | int i; | |
537 | if (sender_address != NULL) | |
538 | debug_printf("Sender: %s\n", sender_address); | |
539 | if (recipients_list != NULL) | |
540 | { | |
541 | debug_printf("Recipients:\n"); | |
542 | for (i = 0; i < recipients_count; i++) | |
543 | debug_printf(" %s\n", recipients_list[i].address); | |
544 | } | |
545 | } | |
546 | ||
547 | /* A message has been accepted. Clean up any previous delivery processes | |
548 | that have completed and are defunct, on systems where they don't go away | |
549 | by themselves (see comments when setting SIG_IGN above). On such systems | |
550 | (if any) these delivery processes hang around after termination until | |
551 | the next message is received. */ | |
552 | ||
553 | #ifndef SIG_IGN_WORKS | |
554 | while (waitpid(-1, NULL, WNOHANG) > 0); | |
555 | #endif | |
556 | ||
557 | /* Reclaim up the store used in accepting this message */ | |
558 | ||
559 | store_reset(reset_point); | |
560 | ||
561 | /* If queue_only is set or if there are too many incoming connections in | |
8669f003 PH |
562 | existence, session_local_queue_only will be TRUE. If it is not, check |
563 | whether we have received too many messages in this session for immediate | |
564 | delivery. */ | |
565 | ||
566 | if (!session_local_queue_only && | |
567 | smtp_accept_queue_per_connection > 0 && | |
568 | receive_messagecount > smtp_accept_queue_per_connection) | |
059ec3d9 | 569 | { |
8669f003 PH |
570 | session_local_queue_only = TRUE; |
571 | queue_only_reason = 2; | |
572 | } | |
573 | ||
574 | /* Initialize local_queue_only from session_local_queue_only. If it is not | |
575 | true, and queue_only_load is set, check that the load average is below it. | |
576 | If local_queue_only is set by this means, we also set if for the session if | |
577 | queue_only_load_latch is true (the default). This means that, once set, | |
578 | local_queue_only remains set for any subsequent messages on the same SMTP | |
579 | connection. This is a deliberate choice; even though the load average may | |
580 | fall, it doesn't seem right to deliver later messages on the same call when | |
581 | not delivering earlier ones. However, the are special circumstances such as | |
582 | very long-lived connections from scanning appliances where this is not the | |
583 | best strategy. In such cases, queue_only_load_latch should be set false. */ | |
584 | ||
585 | local_queue_only = session_local_queue_only; | |
586 | if (!local_queue_only && queue_only_load >= 0) | |
587 | { | |
588 | local_queue_only = (load_average = OS_GETLOADAVG()) > queue_only_load; | |
589 | if (local_queue_only) | |
059ec3d9 | 590 | { |
8669f003 PH |
591 | queue_only_reason = 3; |
592 | if (queue_only_load_latch) session_local_queue_only = TRUE; | |
059ec3d9 PH |
593 | } |
594 | } | |
595 | ||
596 | /* Log the queueing here, when it will get a message id attached, but | |
597 | not if queue_only is set (case 0). */ | |
598 | ||
599 | if (local_queue_only) switch(queue_only_reason) | |
600 | { | |
601 | case 1: | |
602 | log_write(L_delay_delivery, | |
603 | LOG_MAIN, "no immediate delivery: too many connections " | |
604 | "(%d, max %d)", smtp_accept_count, smtp_accept_queue); | |
605 | break; | |
606 | ||
607 | case 2: | |
608 | log_write(L_delay_delivery, | |
609 | LOG_MAIN, "no immediate delivery: more than %d messages " | |
610 | "received in one connection", smtp_accept_queue_per_connection); | |
611 | break; | |
612 | ||
613 | case 3: | |
614 | log_write(L_delay_delivery, | |
615 | LOG_MAIN, "no immediate delivery: load average %.2f", | |
616 | (double)load_average/1000.0); | |
617 | break; | |
618 | } | |
619 | ||
620 | /* If a delivery attempt is required, spin off a new process to handle it. | |
621 | If we are not root, we have to re-exec exim unless deliveries are being | |
622 | done unprivileged. */ | |
623 | ||
624 | else if (!queue_only_policy && !deliver_freeze) | |
625 | { | |
626 | pid_t dpid; | |
627 | ||
628 | /* Before forking, ensure that the C output buffer is flushed. Otherwise | |
629 | anything that it in it will get duplicated, leading to duplicate copies | |
630 | of the pending output. */ | |
631 | ||
632 | mac_smtp_fflush(); | |
633 | ||
634 | if ((dpid = fork()) == 0) | |
635 | { | |
f1e894f3 PH |
636 | (void)fclose(smtp_in); |
637 | (void)fclose(smtp_out); | |
059ec3d9 PH |
638 | |
639 | /* Don't ever molest the parent's SSL connection, but do clean up | |
640 | the data structures if necessary. */ | |
641 | ||
642 | #ifdef SUPPORT_TLS | |
a400eccf | 643 | tls_close(TRUE, FALSE); |
059ec3d9 PH |
644 | #endif |
645 | ||
646 | /* Reset SIGHUP and SIGCHLD in the child in both cases. */ | |
647 | ||
648 | signal(SIGHUP, SIG_DFL); | |
649 | signal(SIGCHLD, SIG_DFL); | |
650 | ||
651 | if (geteuid() != root_uid && !deliver_drop_privilege) | |
652 | { | |
653 | signal(SIGALRM, SIG_DFL); | |
654 | (void)child_exec_exim(CEE_EXEC_PANIC, FALSE, NULL, FALSE, 2, US"-Mc", | |
655 | message_id); | |
656 | /* Control does not return here. */ | |
657 | } | |
658 | ||
659 | /* No need to re-exec; SIGALRM remains set to the default handler */ | |
660 | ||
661 | (void)deliver_message(message_id, FALSE, FALSE); | |
662 | search_tidyup(); | |
663 | _exit(EXIT_SUCCESS); | |
664 | } | |
665 | ||
666 | if (dpid > 0) | |
667 | { | |
668 | DEBUG(D_any) debug_printf("forked delivery process %d\n", (int)dpid); | |
669 | } | |
670 | else | |
671 | { | |
672 | log_write(0, LOG_MAIN|LOG_PANIC, "daemon: delivery process fork " | |
673 | "failed: %s", strerror(errno)); | |
674 | } | |
675 | } | |
676 | } | |
677 | } | |
678 | ||
679 | ||
680 | /* Carrying on in the parent daemon process... Can't do much if the fork | |
681 | failed. Otherwise, keep count of the number of accepting processes and | |
682 | remember the pid for ticking off when the child completes. */ | |
683 | ||
684 | if (pid < 0) | |
685 | { | |
686 | never_error(US"daemon: accept process fork failed", US"Fork failed", errno); | |
687 | } | |
688 | else | |
689 | { | |
690 | int i; | |
691 | for (i = 0; i < smtp_accept_max; ++i) | |
692 | { | |
693 | if (smtp_slots[i].pid <= 0) | |
694 | { | |
695 | smtp_slots[i].pid = pid; | |
696 | if (smtp_accept_max_per_host != NULL) | |
697 | smtp_slots[i].host_address = string_copy_malloc(sender_host_address); | |
698 | smtp_accept_count++; | |
699 | break; | |
700 | } | |
701 | } | |
702 | DEBUG(D_any) debug_printf("%d SMTP accept process%s running\n", | |
703 | smtp_accept_count, (smtp_accept_count == 1)? "" : "es"); | |
704 | } | |
705 | ||
706 | /* Get here via goto in error cases */ | |
707 | ||
708 | ERROR_RETURN: | |
709 | ||
710 | /* Close the streams associated with the socket which will also close the | |
711 | socket fds in this process. We can't do anything if fclose() fails, but | |
712 | logging brings it to someone's attention. However, "connection reset by peer" | |
1f872c80 PH |
713 | isn't really a problem, so skip that one. On Solaris, a dropped connection can |
714 | manifest itself as a broken pipe, so drop that one too. If the streams don't | |
715 | exist, something went wrong while setting things up. Make sure the socket | |
716 | descriptors are closed, in order to drop the connection. */ | |
059ec3d9 PH |
717 | |
718 | if (smtp_out != NULL) | |
719 | { | |
1f872c80 | 720 | if (fclose(smtp_out) != 0 && errno != ECONNRESET && errno != EPIPE) |
059ec3d9 PH |
721 | log_write(0, LOG_MAIN|LOG_PANIC, "daemon: fclose(smtp_out) failed: %s", |
722 | strerror(errno)); | |
723 | smtp_out = NULL; | |
724 | } | |
f1e894f3 | 725 | else (void)close(accept_socket); |
059ec3d9 PH |
726 | |
727 | if (smtp_in != NULL) | |
728 | { | |
1f872c80 | 729 | if (fclose(smtp_in) != 0 && errno != ECONNRESET && errno != EPIPE) |
059ec3d9 PH |
730 | log_write(0, LOG_MAIN|LOG_PANIC, "daemon: fclose(smtp_in) failed: %s", |
731 | strerror(errno)); | |
732 | smtp_in = NULL; | |
733 | } | |
f1e894f3 | 734 | else (void)close(dup_accept_socket); |
059ec3d9 PH |
735 | |
736 | /* Release any store used in this process, including the store used for holding | |
737 | the incoming host address and an expanded active_hostname. */ | |
738 | ||
c8899c20 | 739 | log_close_all(); |
059ec3d9 PH |
740 | store_reset(reset_point); |
741 | sender_host_address = NULL; | |
742 | } | |
743 | ||
744 | ||
745 | ||
746 | ||
747 | /************************************************* | |
748 | * Check wildcard listen special cases * | |
749 | *************************************************/ | |
750 | ||
751 | /* This function is used when binding and listening on lists of addresses and | |
752 | ports. It tests for special cases of wildcard listening, when IPv4 and IPv6 | |
753 | sockets may interact in different ways in different operating systems. It is | |
754 | passed an error number, the list of listening addresses, and the current | |
755 | address. Two checks are available: for a previous wildcard IPv6 address, or for | |
756 | a following wildcard IPv4 address, in both cases on the same port. | |
757 | ||
758 | In practice, pairs of wildcard addresses should be adjacent in the address list | |
759 | because they are sorted that way below. | |
760 | ||
761 | Arguments: | |
762 | eno the error number | |
763 | addresses the list of addresses | |
764 | ipa the current IP address | |
765 | back if TRUE, check for previous wildcard IPv6 address | |
766 | if FALSE, check for a following wildcard IPv4 address | |
767 | ||
768 | Returns: TRUE or FALSE | |
769 | */ | |
770 | ||
771 | static BOOL | |
772 | check_special_case(int eno, ip_address_item *addresses, ip_address_item *ipa, | |
773 | BOOL back) | |
774 | { | |
775 | ip_address_item *ipa2; | |
776 | ||
777 | /* For the "back" case, if the failure was "address in use" for a wildcard IPv4 | |
778 | address, seek a previous IPv6 wildcard address on the same port. As it is | |
779 | previous, it must have been successfully bound and be listening. Flag it as a | |
780 | "6 including 4" listener. */ | |
781 | ||
782 | if (back) | |
783 | { | |
784 | if (eno != EADDRINUSE || ipa->address[0] != 0) return FALSE; | |
785 | for (ipa2 = addresses; ipa2 != ipa; ipa2 = ipa2->next) | |
786 | { | |
787 | if (ipa2->address[1] == 0 && ipa2->port == ipa->port) | |
788 | { | |
789 | ipa2->v6_include_v4 = TRUE; | |
790 | return TRUE; | |
791 | } | |
792 | } | |
793 | } | |
794 | ||
795 | /* For the "forward" case, if the current address is a wildcard IPv6 address, | |
796 | we seek a following wildcard IPv4 address on the same port. */ | |
797 | ||
798 | else | |
799 | { | |
800 | if (ipa->address[0] != ':' || ipa->address[1] != 0) return FALSE; | |
801 | for (ipa2 = ipa->next; ipa2 != NULL; ipa2 = ipa2->next) | |
802 | if (ipa2->address[0] == 0 && ipa->port == ipa2->port) return TRUE; | |
803 | } | |
804 | ||
805 | return FALSE; | |
806 | } | |
807 | ||
808 | ||
809 | ||
810 | ||
bb6e88ff PH |
811 | /************************************************* |
812 | * Handle terminating subprocesses * | |
813 | *************************************************/ | |
814 | ||
815 | /* Handle the termination of child processes. Theoretically, this need be done | |
816 | only when sigchld_seen is TRUE, but rumour has it that some systems lose | |
817 | SIGCHLD signals at busy times, so to be on the safe side, this function is | |
818 | called each time round. It shouldn't be too expensive. | |
819 | ||
820 | Arguments: none | |
821 | Returns: nothing | |
822 | */ | |
823 | ||
824 | static void | |
825 | handle_ending_processes(void) | |
826 | { | |
827 | int status; | |
828 | pid_t pid; | |
829 | ||
830 | while ((pid = waitpid(-1, &status, WNOHANG)) > 0) | |
831 | { | |
832 | int i; | |
7be682ca PP |
833 | DEBUG(D_any) |
834 | { | |
835 | debug_printf("child %d ended: status=0x%x\n", (int)pid, status); | |
836 | #ifdef WCOREDUMP | |
837 | if (WIFEXITED(status)) | |
838 | debug_printf(" normal exit, %d\n", WEXITSTATUS(status)); | |
839 | else if (WIFSIGNALED(status)) | |
840 | debug_printf(" signal exit, signal %d%s\n", WTERMSIG(status), | |
841 | WCOREDUMP(status) ? " (core dumped)" : ""); | |
842 | #endif | |
843 | } | |
bb6e88ff | 844 | |
8e669ac1 | 845 | /* If it's a listening daemon for which we are keeping track of individual |
bb6e88ff PH |
846 | subprocesses, deal with an accepting process that has terminated. */ |
847 | ||
848 | if (smtp_slots != NULL) | |
849 | { | |
850 | for (i = 0; i < smtp_accept_max; i++) | |
851 | { | |
852 | if (smtp_slots[i].pid == pid) | |
853 | { | |
854 | if (smtp_slots[i].host_address != NULL) | |
855 | store_free(smtp_slots[i].host_address); | |
856 | smtp_slots[i] = empty_smtp_slot; | |
857 | if (--smtp_accept_count < 0) smtp_accept_count = 0; | |
858 | DEBUG(D_any) debug_printf("%d SMTP accept process%s now running\n", | |
859 | smtp_accept_count, (smtp_accept_count == 1)? "" : "es"); | |
860 | break; | |
861 | } | |
862 | } | |
863 | if (i < smtp_accept_max) continue; /* Found an accepting process */ | |
864 | } | |
865 | ||
866 | /* If it wasn't an accepting process, see if it was a queue-runner | |
867 | process that we are tracking. */ | |
868 | ||
869 | if (queue_pid_slots != NULL) | |
870 | { | |
871 | for (i = 0; i < queue_run_max; i++) | |
872 | { | |
873 | if (queue_pid_slots[i] == pid) | |
874 | { | |
875 | queue_pid_slots[i] = 0; | |
876 | if (--queue_run_count < 0) queue_run_count = 0; | |
877 | DEBUG(D_any) debug_printf("%d queue-runner process%s now running\n", | |
878 | queue_run_count, (queue_run_count == 1)? "" : "es"); | |
879 | break; | |
880 | } | |
881 | } | |
882 | } | |
883 | } | |
884 | } | |
885 | ||
059ec3d9 PH |
886 | |
887 | ||
888 | /************************************************* | |
889 | * Exim Daemon Mainline * | |
890 | *************************************************/ | |
891 | ||
892 | /* The daemon can do two jobs, either of which is optional: | |
893 | ||
894 | (1) Listens for incoming SMTP calls and spawns off a sub-process to handle | |
895 | each one. This is requested by the -bd option, with -oX specifying the SMTP | |
896 | port on which to listen (for testing). | |
897 | ||
898 | (2) Spawns a queue-running process every so often. This is controlled by the | |
899 | -q option with a an interval time. (If no time is given, a single queue run | |
900 | is done from the main function, and control doesn't get here.) | |
901 | ||
902 | Root privilege is required in order to attach to port 25. Some systems require | |
903 | it when calling socket() rather than bind(). To cope with all cases, we run as | |
904 | root for both socket() and bind(). Some systems also require root in order to | |
905 | write to the pid file directory. This function must therefore be called as root | |
906 | if it is to work properly in all circumstances. Once the socket is bound and | |
907 | the pid file written, root privilege is given up if there is an exim uid. | |
908 | ||
909 | There are no arguments to this function, and it never returns. */ | |
910 | ||
911 | void | |
912 | daemon_go(void) | |
913 | { | |
ebeaf996 | 914 | struct passwd *pw; |
059ec3d9 PH |
915 | int *listen_sockets = NULL; |
916 | int listen_socket_count = 0; | |
917 | ip_address_item *addresses = NULL; | |
9ee44efb | 918 | time_t last_connection_time = (time_t)0; |
059ec3d9 PH |
919 | |
920 | /* If any debugging options are set, turn on the D_pid bit so that all | |
921 | debugging lines get the pid added. */ | |
922 | ||
923 | DEBUG(D_any|D_v) debug_selector |= D_pid; | |
924 | ||
9ee44efb PP |
925 | if (inetd_wait_mode) |
926 | { | |
927 | int on = 1; | |
928 | ||
929 | listen_socket_count = 1; | |
96f5fe4c | 930 | listen_sockets = store_get(sizeof(int)); |
9ee44efb PP |
931 | (void) close(3); |
932 | if (dup2(0, 3) == -1) | |
9ee44efb PP |
933 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, |
934 | "failed to dup inetd socket safely away: %s", strerror(errno)); | |
d4ff61d1 | 935 | |
9ee44efb PP |
936 | listen_sockets[0] = 3; |
937 | (void) close(0); | |
938 | (void) close(1); | |
939 | (void) close(2); | |
940 | exim_nullstd(); | |
941 | ||
942 | if (debug_file == stderr) | |
943 | { | |
944 | /* need a call to log_write before call to open debug_file, so that | |
945 | log.c:file_path has been initialised. This is unfortunate. */ | |
946 | log_write(0, LOG_MAIN, "debugging Exim in inetd wait mode starting"); | |
947 | ||
948 | fclose(debug_file); | |
949 | debug_file = NULL; | |
950 | exim_nullstd(); /* re-open fd2 after we just closed it again */ | |
951 | debug_logging_activate(US"-wait", NULL); | |
952 | } | |
953 | ||
954 | DEBUG(D_any) debug_printf("running in inetd wait mode\n"); | |
955 | ||
956 | /* As per below, when creating sockets ourselves, we handle tcp_nodelay for | |
957 | our own buffering; we assume though that inetd set the socket REUSEADDR. */ | |
958 | ||
d4ff61d1 JH |
959 | if (tcp_nodelay) |
960 | if (setsockopt(3, IPPROTO_TCP, TCP_NODELAY, US &on, sizeof(on))) | |
961 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to set socket NODELAY: %s", | |
962 | strerror(errno)); | |
9ee44efb PP |
963 | } |
964 | ||
965 | ||
966 | if (inetd_wait_mode || daemon_listen) | |
967 | { | |
968 | /* If any option requiring a load average to be available during the | |
969 | reception of a message is set, call os_getloadavg() while we are root | |
970 | for those OS for which this is necessary the first time it is called (in | |
971 | order to perform an "open" on the kernel memory file). */ | |
972 | ||
973 | #ifdef LOAD_AVG_NEEDS_ROOT | |
974 | if (queue_only_load >= 0 || smtp_load_reserve >= 0 || | |
975 | (deliver_queue_load_max >= 0 && deliver_drop_privilege)) | |
976 | (void)os_getloadavg(); | |
977 | #endif | |
978 | } | |
979 | ||
059ec3d9 PH |
980 | |
981 | /* Do the preparation for setting up a listener on one or more interfaces, and | |
982 | possible on various ports. This is controlled by the combination of | |
983 | local_interfaces (which can set IP addresses and ports) and daemon_smtp_port | |
984 | (which is a list of default ports to use for those items in local_interfaces | |
985 | that do not specify a port). The -oX command line option can be used to | |
986 | override one or both of these options. | |
987 | ||
988 | If local_interfaces is not set, the default is to listen on all interfaces. | |
989 | When it is set, it can include "all IPvx interfaces" as an item. This is useful | |
990 | when different ports are in use. | |
991 | ||
992 | It turns out that listening on all interfaces is messy in an IPv6 world, | |
993 | because several different implementation approaches have been taken. This code | |
994 | is now supposed to work with all of them. The point of difference is whether an | |
995 | IPv6 socket that is listening on all interfaces will receive incoming IPv4 | |
996 | calls or not. We also have to cope with the case when IPv6 libraries exist, but | |
997 | there is no IPv6 support in the kernel. | |
998 | ||
999 | . On Solaris, an IPv6 socket will accept IPv4 calls, and give them as mapped | |
1000 | addresses. However, if an IPv4 socket is also listening on all interfaces, | |
1001 | calls are directed to the appropriate socket. | |
1002 | ||
1003 | . On (some versions of) Linux, an IPv6 socket will accept IPv4 calls, and | |
1004 | give them as mapped addresses, but an attempt also to listen on an IPv4 | |
1005 | socket on all interfaces causes an error. | |
1006 | ||
1007 | . On OpenBSD, an IPv6 socket will not accept IPv4 calls. You have to set up | |
1008 | two sockets if you want to accept both kinds of call. | |
1009 | ||
1010 | . FreeBSD is like OpenBSD, but it has the IPV6_V6ONLY socket option, which | |
1011 | can be turned off, to make it behave like the versions of Linux described | |
1012 | above. | |
1013 | ||
1014 | . I heard a report that the USAGI IPv6 stack for Linux has implemented | |
1015 | IPV6_V6ONLY. | |
1016 | ||
1017 | So, what we do when IPv6 is supported is as follows: | |
1018 | ||
1019 | (1) After it is set up, the list of interfaces is scanned for wildcard | |
1020 | addresses. If an IPv6 and an IPv4 wildcard are both found for the same | |
1021 | port, the list is re-arranged so that they are together, with the IPv6 | |
1022 | wildcard first. | |
1023 | ||
1024 | (2) If the creation of a wildcard IPv6 socket fails, we just log the error and | |
1025 | carry on if an IPv4 wildcard socket for the same port follows later in the | |
1026 | list. This allows Exim to carry on in the case when the kernel has no IPv6 | |
1027 | support. | |
1028 | ||
1029 | (3) Having created an IPv6 wildcard socket, we try to set IPV6_V6ONLY if that | |
1030 | option is defined. However, if setting fails, carry on regardless (but log | |
1031 | the incident). | |
1032 | ||
1033 | (4) If binding or listening on an IPv6 wildcard socket fails, it is a serious | |
1034 | error. | |
1035 | ||
1036 | (5) If binding or listening on an IPv4 wildcard socket fails with the error | |
1037 | EADDRINUSE, and a previous interface was an IPv6 wildcard for the same | |
1038 | port (which must have succeeded or we wouldn't have got this far), we | |
1039 | assume we are in the situation where just a single socket is permitted, | |
1040 | and ignore the error. | |
1041 | ||
1042 | Phew! | |
1043 | ||
1044 | The preparation code decodes options and sets up the relevant data. We do this | |
1045 | first, so that we can return non-zero if there are any syntax errors, and also | |
1046 | write to stderr. */ | |
1047 | ||
602e0254 | 1048 | if (daemon_listen && !inetd_wait_mode) |
059ec3d9 PH |
1049 | { |
1050 | int *default_smtp_port; | |
1051 | int sep; | |
1052 | int pct = 0; | |
1053 | uschar *s; | |
55414b25 | 1054 | const uschar * list; |
059ec3d9 PH |
1055 | uschar *local_iface_source = US"local_interfaces"; |
1056 | ip_address_item *ipa; | |
1057 | ip_address_item **pipa; | |
1058 | ||
059ec3d9 PH |
1059 | /* If -oX was used, disable the writing of a pid file unless -oP was |
1060 | explicitly used to force it. Then scan the string given to -oX. Any items | |
1061 | that contain neither a dot nor a colon are used to override daemon_smtp_port. | |
1062 | Any other items are used to override local_interfaces. */ | |
1063 | ||
1064 | if (override_local_interfaces != NULL) | |
1065 | { | |
1066 | uschar *new_smtp_port = NULL; | |
1067 | uschar *new_local_interfaces = NULL; | |
1068 | int portsize = 0; | |
1069 | int portptr = 0; | |
1070 | int ifacesize = 0; | |
1071 | int ifaceptr = 0; | |
1072 | ||
1073 | if (override_pid_file_path == NULL) write_pid = FALSE; | |
1074 | ||
1075 | list = override_local_interfaces; | |
1076 | sep = 0; | |
55414b25 | 1077 | while ((s = string_nextinlist(&list, &sep, big_buffer, big_buffer_size))) |
059ec3d9 PH |
1078 | { |
1079 | uschar joinstr[4]; | |
1080 | uschar **ptr; | |
1081 | int *sizeptr; | |
1082 | int *ptrptr; | |
1083 | ||
1084 | if (Ustrpbrk(s, ".:") == NULL) | |
1085 | { | |
1086 | ptr = &new_smtp_port; | |
1087 | sizeptr = &portsize; | |
1088 | ptrptr = &portptr; | |
1089 | } | |
1090 | else | |
1091 | { | |
1092 | ptr = &new_local_interfaces; | |
1093 | sizeptr = &ifacesize; | |
1094 | ptrptr = &ifaceptr; | |
1095 | } | |
1096 | ||
1097 | if (*ptr == NULL) | |
1098 | { | |
1099 | joinstr[0] = sep; | |
1100 | joinstr[1] = ' '; | |
c2f669a4 | 1101 | *ptr = string_catn(*ptr, sizeptr, ptrptr, US"<", 1); |
059ec3d9 PH |
1102 | } |
1103 | ||
c2f669a4 JH |
1104 | *ptr = string_catn(*ptr, sizeptr, ptrptr, joinstr, 2); |
1105 | *ptr = string_cat (*ptr, sizeptr, ptrptr, s); | |
059ec3d9 PH |
1106 | } |
1107 | ||
1108 | if (new_smtp_port != NULL) | |
1109 | { | |
1110 | new_smtp_port[portptr] = 0; | |
1111 | daemon_smtp_port = new_smtp_port; | |
1112 | DEBUG(D_any) debug_printf("daemon_smtp_port overridden by -oX:\n %s\n", | |
1113 | daemon_smtp_port); | |
1114 | } | |
1115 | ||
1116 | if (new_local_interfaces != NULL) | |
1117 | { | |
1118 | new_local_interfaces[ifaceptr] = 0; | |
1119 | local_interfaces = new_local_interfaces; | |
1120 | local_iface_source = US"-oX data"; | |
1121 | DEBUG(D_any) debug_printf("local_interfaces overridden by -oX:\n %s\n", | |
1122 | local_interfaces); | |
1123 | } | |
1124 | } | |
1125 | ||
1126 | /* Create a list of default SMTP ports, to be used if local_interfaces | |
1127 | contains entries without explict ports. First count the number of ports, then | |
1128 | build a translated list in a vector. */ | |
1129 | ||
1130 | list = daemon_smtp_port; | |
1131 | sep = 0; | |
55414b25 | 1132 | while ((s = string_nextinlist(&list, &sep, big_buffer, big_buffer_size))) |
059ec3d9 PH |
1133 | pct++; |
1134 | default_smtp_port = store_get((pct+1) * sizeof(int)); | |
1135 | list = daemon_smtp_port; | |
1136 | sep = 0; | |
1137 | for (pct = 0; | |
55414b25 | 1138 | (s = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)); |
059ec3d9 PH |
1139 | pct++) |
1140 | { | |
1141 | if (isdigit(*s)) | |
1142 | { | |
1143 | uschar *end; | |
1144 | default_smtp_port[pct] = Ustrtol(s, &end, 0); | |
1145 | if (end != s + Ustrlen(s)) | |
1146 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "invalid SMTP port: %s", s); | |
1147 | } | |
1148 | else | |
1149 | { | |
1150 | struct servent *smtp_service = getservbyname(CS s, "tcp"); | |
071c51f7 | 1151 | if (!smtp_service) |
059ec3d9 PH |
1152 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "TCP port \"%s\" not found", s); |
1153 | default_smtp_port[pct] = ntohs(smtp_service->s_port); | |
1154 | } | |
1155 | } | |
1156 | default_smtp_port[pct] = 0; | |
1157 | ||
071c51f7 JH |
1158 | /* Check the list of TLS-on-connect ports and do name lookups if needed */ |
1159 | ||
1160 | list = tls_in.on_connect_ports; | |
1161 | sep = 0; | |
1162 | while ((s = string_nextinlist(&list, &sep, big_buffer, big_buffer_size))) | |
1163 | if (!isdigit(*s)) | |
1164 | { | |
1165 | list = tls_in.on_connect_ports; | |
1166 | tls_in.on_connect_ports = NULL; | |
1167 | sep = 0; | |
1168 | while ((s = string_nextinlist(&list, &sep, big_buffer, big_buffer_size))) | |
1169 | { | |
1170 | if (!isdigit(*s)) | |
1171 | { | |
1172 | struct servent *smtp_service = getservbyname(CS s, "tcp"); | |
1173 | if (!smtp_service) | |
1174 | log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "TCP port \"%s\" not found", s); | |
1175 | s= string_sprintf("%d", (int)ntohs(smtp_service->s_port)); | |
1176 | } | |
1177 | tls_in.on_connect_ports = string_append_listele(tls_in.on_connect_ports, | |
1178 | ':', s); | |
1179 | } | |
1180 | break; | |
1181 | } | |
1182 | ||
059ec3d9 PH |
1183 | /* Create the list of local interfaces, possibly with ports included. This |
1184 | list may contain references to 0.0.0.0 and ::0 as wildcards. These special | |
1185 | values are converted below. */ | |
1186 | ||
1187 | addresses = host_build_ifacelist(local_interfaces, local_iface_source); | |
1188 | ||
1189 | /* In the list of IP addresses, convert 0.0.0.0 into an empty string, and ::0 | |
1190 | into the string ":". We use these to recognize wildcards in IPv4 and IPv6. In | |
1191 | fact, many IP stacks recognize 0.0.0.0 and ::0 and handle them as wildcards | |
1192 | anyway, but we need to know which are the wildcard addresses, and the shorter | |
1193 | strings are neater. | |
1194 | ||
1195 | In the same scan, fill in missing port numbers from the default list. When | |
1196 | there is more than one item in the list, extra items are created. */ | |
1197 | ||
1198 | for (ipa = addresses; ipa != NULL; ipa = ipa->next) | |
1199 | { | |
1200 | int i; | |
1201 | ||
1202 | if (Ustrcmp(ipa->address, "0.0.0.0") == 0) ipa->address[0] = 0; | |
1203 | else if (Ustrcmp(ipa->address, "::0") == 0) | |
1204 | { | |
1205 | ipa->address[0] = ':'; | |
1206 | ipa->address[1] = 0; | |
1207 | } | |
1208 | ||
1209 | if (ipa->port > 0) continue; | |
1210 | ||
1211 | if (daemon_smtp_port[0] <= 0) | |
1212 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "no port specified for interface " | |
1213 | "%s and daemon_smtp_port is unset; cannot start daemon", | |
1214 | (ipa->address[0] == 0)? US"\"all IPv4\"" : | |
1215 | (ipa->address[1] == 0)? US"\"all IPv6\"" : ipa->address); | |
1216 | ipa->port = default_smtp_port[0]; | |
1217 | for (i = 1; default_smtp_port[i] > 0; i++) | |
1218 | { | |
1219 | ip_address_item *new = store_get(sizeof(ip_address_item)); | |
1220 | memcpy(new->address, ipa->address, Ustrlen(ipa->address) + 1); | |
1221 | new->port = default_smtp_port[i]; | |
1222 | new->next = ipa->next; | |
1223 | ipa->next = new; | |
1224 | ipa = new; | |
1225 | } | |
1226 | } | |
1227 | ||
1228 | /* Scan the list of addresses for wildcards. If we find an IPv4 and an IPv6 | |
1229 | wildcard for the same port, ensure that (a) they are together and (b) the | |
1230 | IPv6 address comes first. This makes handling the messy features easier, and | |
1231 | also simplifies the construction of the "daemon started" log line. */ | |
1232 | ||
1233 | pipa = &addresses; | |
1234 | for (ipa = addresses; ipa != NULL; pipa = &(ipa->next), ipa = ipa->next) | |
1235 | { | |
1236 | ip_address_item *ipa2; | |
1237 | ||
1238 | /* Handle an IPv4 wildcard */ | |
1239 | ||
1240 | if (ipa->address[0] == 0) | |
1241 | { | |
1242 | for (ipa2 = ipa; ipa2->next != NULL; ipa2 = ipa2->next) | |
1243 | { | |
1244 | ip_address_item *ipa3 = ipa2->next; | |
1245 | if (ipa3->address[0] == ':' && | |
1246 | ipa3->address[1] == 0 && | |
1247 | ipa3->port == ipa->port) | |
1248 | { | |
1249 | ipa2->next = ipa3->next; | |
1250 | ipa3->next = ipa; | |
1251 | *pipa = ipa3; | |
1252 | break; | |
1253 | } | |
1254 | } | |
1255 | } | |
1256 | ||
1257 | /* Handle an IPv6 wildcard. */ | |
1258 | ||
1259 | else if (ipa->address[0] == ':' && ipa->address[1] == 0) | |
1260 | { | |
1261 | for (ipa2 = ipa; ipa2->next != NULL; ipa2 = ipa2->next) | |
1262 | { | |
1263 | ip_address_item *ipa3 = ipa2->next; | |
1264 | if (ipa3->address[0] == 0 && ipa3->port == ipa->port) | |
1265 | { | |
1266 | ipa2->next = ipa3->next; | |
1267 | ipa3->next = ipa->next; | |
1268 | ipa->next = ipa3; | |
1269 | ipa = ipa3; | |
1270 | break; | |
1271 | } | |
1272 | } | |
1273 | } | |
1274 | } | |
1275 | ||
1276 | /* Get a vector to remember all the sockets in */ | |
1277 | ||
1278 | for (ipa = addresses; ipa != NULL; ipa = ipa->next) | |
1279 | listen_socket_count++; | |
96f5fe4c | 1280 | listen_sockets = store_get(sizeof(int) * listen_socket_count); |
059ec3d9 | 1281 | |
9ee44efb PP |
1282 | } /* daemon_listen but not inetd_wait_mode */ |
1283 | ||
1284 | if (daemon_listen) | |
1285 | { | |
1286 | ||
059ec3d9 PH |
1287 | /* Do a sanity check on the max connects value just to save us from getting |
1288 | a huge amount of store. */ | |
1289 | ||
1290 | if (smtp_accept_max > 4095) smtp_accept_max = 4096; | |
1291 | ||
1292 | /* There's no point setting smtp_accept_queue unless it is less than the max | |
1293 | connects limit. The configuration reader ensures that the max is set if the | |
1294 | queue-only option is set. */ | |
1295 | ||
1296 | if (smtp_accept_queue > smtp_accept_max) smtp_accept_queue = 0; | |
1297 | ||
1298 | /* Get somewhere to keep the list of SMTP accepting pids if we are keeping | |
1299 | track of them for total number and queue/host limits. */ | |
1300 | ||
1301 | if (smtp_accept_max > 0) | |
1302 | { | |
1303 | int i; | |
1304 | smtp_slots = store_get(smtp_accept_max * sizeof(smtp_slot)); | |
1305 | for (i = 0; i < smtp_accept_max; i++) smtp_slots[i] = empty_smtp_slot; | |
1306 | } | |
1307 | } | |
1308 | ||
76a2d7ba PH |
1309 | /* The variable background_daemon is always false when debugging, but |
1310 | can also be forced false in order to keep a non-debugging daemon in the | |
1311 | foreground. If background_daemon is true, close all open file descriptors that | |
9ee44efb PP |
1312 | we know about, but then re-open stdin, stdout, and stderr to /dev/null. Also |
1313 | do this for inetd_wait mode. | |
76a2d7ba PH |
1314 | |
1315 | This is protection against any called functions (in libraries, or in | |
1316 | Perl, or whatever) that think they can write to stderr (or stdout). Before this | |
1317 | was added, it was quite likely that an SMTP connection would use one of these | |
1318 | file descriptors, in which case writing random stuff to it caused chaos. | |
1319 | ||
1320 | Then disconnect from the controlling terminal, Most modern Unixes seem to have | |
1321 | setsid() for getting rid of the controlling terminal. For any OS that doesn't, | |
1322 | setsid() can be #defined as a no-op, or as something else. */ | |
059ec3d9 | 1323 | |
9ee44efb | 1324 | if (background_daemon || inetd_wait_mode) |
059ec3d9 | 1325 | { |
76a2d7ba PH |
1326 | log_close_all(); /* Just in case anything was logged earlier */ |
1327 | search_tidyup(); /* Just in case any were used in reading the config. */ | |
f1e894f3 PH |
1328 | (void)close(0); /* Get rid of stdin/stdout/stderr */ |
1329 | (void)close(1); | |
1330 | (void)close(2); | |
8e669ac1 | 1331 | exim_nullstd(); /* Connect stdin/stdout/stderr to /dev/null */ |
059ec3d9 | 1332 | log_stderr = NULL; /* So no attempt to copy paniclog output */ |
9ee44efb | 1333 | } |
059ec3d9 | 1334 | |
9ee44efb PP |
1335 | if (background_daemon) |
1336 | { | |
059ec3d9 | 1337 | /* If the parent process of this one has pid == 1, we are re-initializing the |
8e669ac1 | 1338 | daemon as the result of a SIGHUP. In this case, there is no need to do |
76a2d7ba PH |
1339 | anything, because the controlling terminal has long gone. Otherwise, fork, in |
1340 | case current process is a process group leader (see 'man setsid' for an | |
1341 | explanation) before calling setsid(). */ | |
059ec3d9 PH |
1342 | |
1343 | if (getppid() != 1) | |
1344 | { | |
1345 | pid_t pid = fork(); | |
1346 | if (pid < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, | |
1347 | "fork() failed when starting daemon: %s", strerror(errno)); | |
1348 | if (pid > 0) exit(EXIT_SUCCESS); /* in parent process, just exit */ | |
1349 | (void)setsid(); /* release controlling terminal */ | |
1350 | } | |
1351 | } | |
1352 | ||
1353 | /* We are now in the disconnected, daemon process (unless debugging). Set up | |
1354 | the listening sockets if required. */ | |
1355 | ||
9ee44efb | 1356 | if (daemon_listen && !inetd_wait_mode) |
059ec3d9 PH |
1357 | { |
1358 | int sk; | |
1359 | int on = 1; | |
1360 | ip_address_item *ipa; | |
1361 | ||
1362 | /* For each IP address, create a socket, bind it to the appropriate port, and | |
1363 | start listening. See comments above about IPv6 sockets that may or may not | |
1364 | accept IPv4 calls when listening on all interfaces. We also have to cope with | |
1365 | the case of a system with IPv6 libraries, but no IPv6 support in the kernel. | |
1366 | listening, provided a wildcard IPv4 socket for the same port follows. */ | |
1367 | ||
1368 | for (ipa = addresses, sk = 0; sk < listen_socket_count; ipa = ipa->next, sk++) | |
1369 | { | |
1370 | BOOL wildcard; | |
1371 | ip_address_item *ipa2; | |
059ec3d9 PH |
1372 | int af; |
1373 | ||
1374 | if (Ustrchr(ipa->address, ':') != NULL) | |
1375 | { | |
1376 | af = AF_INET6; | |
1377 | wildcard = ipa->address[1] == 0; | |
1378 | } | |
1379 | else | |
1380 | { | |
1381 | af = AF_INET; | |
1382 | wildcard = ipa->address[0] == 0; | |
1383 | } | |
1384 | ||
96f5fe4c | 1385 | if ((listen_sockets[sk] = ip_socket(SOCK_STREAM, af)) < 0) |
059ec3d9 PH |
1386 | { |
1387 | if (check_special_case(0, addresses, ipa, FALSE)) | |
1388 | { | |
1389 | log_write(0, LOG_MAIN, "Failed to create IPv6 socket for wildcard " | |
1390 | "listening (%s): will use IPv4", strerror(errno)); | |
1391 | goto SKIP_SOCKET; | |
1392 | } | |
1393 | log_write(0, LOG_PANIC_DIE, "IPv%c socket creation failed: %s", | |
1394 | (af == AF_INET6)? '6' : '4', strerror(errno)); | |
1395 | } | |
1396 | ||
1397 | /* If this is an IPv6 wildcard socket, set IPV6_V6ONLY if that option is | |
1398 | available. Just log failure (can get protocol not available, just like | |
1399 | socket creation can). */ | |
1400 | ||
1401 | #ifdef IPV6_V6ONLY | |
1402 | if (af == AF_INET6 && wildcard && | |
1403 | setsockopt(listen_sockets[sk], IPPROTO_IPV6, IPV6_V6ONLY, (char *)(&on), | |
1404 | sizeof(on)) < 0) | |
1405 | log_write(0, LOG_MAIN, "Setting IPV6_V6ONLY on daemon's IPv6 wildcard " | |
1406 | "socket failed (%s): carrying on without it", strerror(errno)); | |
1407 | #endif /* IPV6_V6ONLY */ | |
1408 | ||
1409 | /* Set SO_REUSEADDR so that the daemon can be restarted while a connection | |
1410 | is being handled. Without this, a connection will prevent reuse of the | |
1411 | smtp port for listening. */ | |
1412 | ||
1413 | if (setsockopt(listen_sockets[sk], SOL_SOCKET, SO_REUSEADDR, | |
1414 | (uschar *)(&on), sizeof(on)) < 0) | |
1415 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "setting SO_REUSEADDR on socket " | |
1416 | "failed when starting daemon: %s", strerror(errno)); | |
1417 | ||
1418 | /* Set TCP_NODELAY; Exim does its own buffering. There is a switch to | |
1419 | disable this because it breaks some broken clients. */ | |
1420 | ||
1421 | if (tcp_nodelay) setsockopt(listen_sockets[sk], IPPROTO_TCP, TCP_NODELAY, | |
1422 | (uschar *)(&on), sizeof(on)); | |
1423 | ||
1424 | /* Now bind the socket to the required port; if Exim is being restarted | |
1425 | it may not always be possible to bind immediately, even with SO_REUSEADDR | |
1426 | set, so try 10 times, waiting between each try. After 10 failures, we give | |
1427 | up. In an IPv6 environment, if bind () fails with the error EADDRINUSE and | |
1428 | we are doing wildcard IPv4 listening and there was a previous IPv6 wildcard | |
1429 | address for the same port, ignore the error on the grounds that we must be | |
1430 | in a system where the IPv6 socket accepts both kinds of call. This is | |
1431 | necessary for (some release of) USAGI Linux; other IP stacks fail at the | |
1432 | listen() stage instead. */ | |
1433 | ||
1434 | for(;;) | |
1435 | { | |
1436 | uschar *msg, *addr; | |
1437 | if (ip_bind(listen_sockets[sk], af, ipa->address, ipa->port) >= 0) break; | |
1438 | if (check_special_case(errno, addresses, ipa, TRUE)) | |
1439 | { | |
1440 | DEBUG(D_any) debug_printf("wildcard IPv4 bind() failed after IPv6 " | |
1441 | "listen() success; EADDRINUSE ignored\n"); | |
f1e894f3 | 1442 | (void)close(listen_sockets[sk]); |
059ec3d9 PH |
1443 | goto SKIP_SOCKET; |
1444 | } | |
1445 | msg = US strerror(errno); | |
1446 | addr = wildcard? ((af == AF_INET6)? US"(any IPv6)" : US"(any IPv4)") : | |
1447 | ipa->address; | |
4aee0225 | 1448 | if (daemon_startup_retries <= 0) |
059ec3d9 PH |
1449 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, |
1450 | "socket bind() to port %d for address %s failed: %s: " | |
1451 | "daemon abandoned", ipa->port, addr, msg); | |
1452 | log_write(0, LOG_MAIN, "socket bind() to port %d for address %s " | |
4aee0225 PH |
1453 | "failed: %s: waiting %s before trying again (%d more %s)", |
1454 | ipa->port, addr, msg, readconf_printtime(daemon_startup_sleep), | |
1455 | daemon_startup_retries, (daemon_startup_retries > 1)? "tries" : "try"); | |
1456 | daemon_startup_retries--; | |
1457 | sleep(daemon_startup_sleep); | |
059ec3d9 PH |
1458 | } |
1459 | ||
1460 | DEBUG(D_any) | |
1461 | { | |
1462 | if (wildcard) | |
1463 | debug_printf("listening on all interfaces (IPv%c) port %d\n", | |
1464 | (af == AF_INET6)? '6' : '4', ipa->port); | |
1465 | else | |
1466 | debug_printf("listening on %s port %d\n", ipa->address, ipa->port); | |
1467 | } | |
1468 | ||
1469 | /* Start listening on the bound socket, establishing the maximum backlog of | |
1470 | connections that is allowed. On success, continue to the next address. */ | |
1471 | ||
1472 | if (listen(listen_sockets[sk], smtp_connect_backlog) >= 0) continue; | |
1473 | ||
1474 | /* Listening has failed. In an IPv6 environment, as for bind(), if listen() | |
1475 | fails with the error EADDRINUSE and we are doing IPv4 wildcard listening | |
1476 | and there was a previous successful IPv6 wildcard listen on the same port, | |
1477 | we want to ignore the error on the grounds that we must be in a system | |
1478 | where the IPv6 socket accepts both kinds of call. */ | |
1479 | ||
1480 | if (!check_special_case(errno, addresses, ipa, TRUE)) | |
1481 | log_write(0, LOG_PANIC_DIE, "listen() failed on interface %s: %s", | |
1482 | wildcard? ((af == AF_INET6)? US"(any IPv6)" : US"(any IPv4)") : | |
1483 | ipa->address, | |
1484 | strerror(errno)); | |
1485 | ||
1486 | DEBUG(D_any) debug_printf("wildcard IPv4 listen() failed after IPv6 " | |
1487 | "listen() success; EADDRINUSE ignored\n"); | |
f1e894f3 | 1488 | (void)close(listen_sockets[sk]); |
059ec3d9 PH |
1489 | |
1490 | /* Come here if there has been a problem with the socket which we | |
1491 | are going to ignore. We remove the address from the chain, and back up the | |
1492 | counts. */ | |
1493 | ||
1494 | SKIP_SOCKET: | |
1495 | sk--; /* Back up the count */ | |
1496 | listen_socket_count--; /* Reduce the total */ | |
1497 | if (ipa == addresses) addresses = ipa->next; else | |
1498 | { | |
1499 | for (ipa2 = addresses; ipa2->next != ipa; ipa2 = ipa2->next); | |
1500 | ipa2->next = ipa->next; | |
1501 | ipa = ipa2; | |
1502 | } | |
1503 | } /* End of bind/listen loop for each address */ | |
1504 | } /* End of setup for listening */ | |
1505 | ||
1506 | ||
1507 | /* If we are not listening, we want to write a pid file only if -oP was | |
1508 | explicitly given. */ | |
1509 | ||
1510 | else if (override_pid_file_path == NULL) write_pid = FALSE; | |
1511 | ||
1512 | /* Write the pid to a known file for assistance in identification, if required. | |
1513 | We do this before giving up root privilege, because on some systems it is | |
1514 | necessary to be root in order to write into the pid file directory. There's | |
1515 | nothing to stop multiple daemons running, as long as no more than one listens | |
1516 | on a given TCP/IP port on the same interface(s). However, in these | |
1517 | circumstances it gets far too complicated to mess with pid file names | |
1518 | automatically. Consequently, Exim 4 writes a pid file only | |
1519 | ||
1520 | (a) When running in the test harness, or | |
1521 | (b) When -bd is used and -oX is not used, or | |
1522 | (c) When -oP is used to supply a path. | |
1523 | ||
1524 | The variable daemon_write_pid is used to control this. */ | |
1525 | ||
1526 | if (running_in_test_harness || write_pid) | |
1527 | { | |
1528 | FILE *f; | |
1529 | ||
1530 | if (override_pid_file_path != NULL) | |
1531 | pid_file_path = override_pid_file_path; | |
1532 | ||
1533 | if (pid_file_path[0] == 0) | |
1534 | pid_file_path = string_sprintf("%s/exim-daemon.pid", spool_directory); | |
1535 | ||
2632889e | 1536 | f = modefopen(pid_file_path, "wb", 0644); |
059ec3d9 PH |
1537 | if (f != NULL) |
1538 | { | |
ff790e47 | 1539 | (void)fprintf(f, "%d\n", (int)getpid()); |
ff790e47 | 1540 | (void)fclose(f); |
059ec3d9 PH |
1541 | DEBUG(D_any) debug_printf("pid written to %s\n", pid_file_path); |
1542 | } | |
1543 | else | |
1544 | { | |
1545 | DEBUG(D_any) | |
1546 | debug_printf("%s\n", string_open_failed(errno, "pid file %s", | |
1547 | pid_file_path)); | |
1548 | } | |
1549 | } | |
1550 | ||
1551 | /* Set up the handler for SIGHUP, which causes a restart of the daemon. */ | |
1552 | ||
1553 | sighup_seen = FALSE; | |
1554 | signal(SIGHUP, sighup_handler); | |
1555 | ||
1556 | /* Give up root privilege at this point (assuming that exim_uid and exim_gid | |
1557 | are not root). The third argument controls the running of initgroups(). | |
1558 | Normally we do this, in order to set up the groups for the Exim user. However, | |
1559 | if we are not root at this time - some odd installations run that way - we | |
1560 | cannot do this. */ | |
1561 | ||
1562 | exim_setugid(exim_uid, exim_gid, geteuid()==root_uid, US"running as a daemon"); | |
1563 | ||
ebeaf996 PH |
1564 | /* Update the originator_xxx fields so that received messages as listed as |
1565 | coming from Exim, not whoever started the daemon. */ | |
1566 | ||
1567 | originator_uid = exim_uid; | |
1568 | originator_gid = exim_gid; | |
1569 | originator_login = ((pw = getpwuid(exim_uid)) != NULL)? | |
1570 | string_copy_malloc(US pw->pw_name) : US"exim"; | |
1571 | ||
059ec3d9 PH |
1572 | /* Get somewhere to keep the list of queue-runner pids if we are keeping track |
1573 | of them (and also if we are doing queue runs). */ | |
1574 | ||
1575 | if (queue_interval > 0 && queue_run_max > 0) | |
1576 | { | |
1577 | int i; | |
1578 | queue_pid_slots = store_get(queue_run_max * sizeof(pid_t)); | |
1579 | for (i = 0; i < queue_run_max; i++) queue_pid_slots[i] = 0; | |
1580 | } | |
1581 | ||
1582 | /* Set up the handler for termination of child processes. */ | |
1583 | ||
1584 | sigchld_seen = FALSE; | |
7d468ab8 | 1585 | os_non_restarting_signal(SIGCHLD, main_sigchld_handler); |
059ec3d9 PH |
1586 | |
1587 | /* If we are to run the queue periodically, pretend the alarm has just gone | |
1588 | off. This will cause the first queue-runner to get kicked off straight away. */ | |
1589 | ||
1590 | sigalrm_seen = (queue_interval > 0); | |
1591 | ||
1592 | /* Log the start up of a daemon - at least one of listening or queue running | |
1593 | must be set up. */ | |
1594 | ||
9ee44efb PP |
1595 | if (inetd_wait_mode) |
1596 | { | |
1597 | uschar *p = big_buffer; | |
1598 | ||
1599 | if (inetd_wait_timeout >= 0) | |
1600 | sprintf(CS p, "terminating after %d seconds", inetd_wait_timeout); | |
1601 | else | |
1602 | sprintf(CS p, "with no wait timeout"); | |
1603 | ||
1604 | log_write(0, LOG_MAIN, | |
1605 | "exim %s daemon started: pid=%d, launched with listening socket, %s", | |
1606 | version_string, getpid(), big_buffer); | |
2f21487f | 1607 | set_process_info("daemon(%s): pre-listening socket", version_string); |
9ee44efb PP |
1608 | |
1609 | /* set up the timeout logic */ | |
1610 | sigalrm_seen = 1; | |
1611 | } | |
1612 | ||
1613 | else if (daemon_listen) | |
059ec3d9 PH |
1614 | { |
1615 | int i, j; | |
1616 | int smtp_ports = 0; | |
1617 | int smtps_ports = 0; | |
1618 | ip_address_item *ipa; | |
1619 | uschar *p = big_buffer; | |
1620 | uschar *qinfo = (queue_interval > 0)? | |
1621 | string_sprintf("-q%s", readconf_printtime(queue_interval)) | |
1622 | : | |
1623 | US"no queue runs"; | |
1624 | ||
1625 | /* Build a list of listening addresses in big_buffer, but limit it to 10 | |
1626 | items. The style is for backwards compatibility. | |
1627 | ||
1628 | It is now possible to have some ports listening for SMTPS (the old, | |
1629 | deprecated protocol that starts TLS without using STARTTLS), and others | |
1630 | listening for standard SMTP. Keep their listings separate. */ | |
1631 | ||
1632 | for (j = 0; j < 2; j++) | |
1633 | { | |
1634 | for (i = 0, ipa = addresses; i < 10 && ipa != NULL; i++, ipa = ipa->next) | |
1635 | { | |
1636 | /* First time round, look for SMTP ports; second time round, look for | |
1637 | SMTPS ports. For the first one of each, insert leading text. */ | |
1638 | ||
1639 | if (host_is_tls_on_connect_port(ipa->port) == (j > 0)) | |
1640 | { | |
1641 | if (j == 0) | |
1642 | { | |
1643 | if (smtp_ports++ == 0) | |
1644 | { | |
1645 | memcpy(p, "SMTP on", 8); | |
1646 | p += 7; | |
1647 | } | |
1648 | } | |
1649 | else | |
1650 | { | |
1651 | if (smtps_ports++ == 0) | |
1652 | { | |
1653 | (void)sprintf(CS p, "%sSMTPS on", | |
1654 | (smtp_ports == 0)? "":" and for "); | |
1655 | while (*p != 0) p++; | |
1656 | } | |
1657 | } | |
1658 | ||
1659 | /* Now the information about the port (and sometimes interface) */ | |
1660 | ||
1661 | if (ipa->address[0] == ':' && ipa->address[1] == 0) | |
1662 | { | |
1663 | if (ipa->next != NULL && ipa->next->address[0] == 0 && | |
1664 | ipa->next->port == ipa->port) | |
1665 | { | |
1666 | (void)sprintf(CS p, " port %d (IPv6 and IPv4)", ipa->port); | |
1667 | ipa = ipa->next; | |
1668 | } | |
1669 | else if (ipa->v6_include_v4) | |
1670 | (void)sprintf(CS p, " port %d (IPv6 with IPv4)", ipa->port); | |
1671 | else | |
1672 | (void)sprintf(CS p, " port %d (IPv6)", ipa->port); | |
1673 | } | |
1674 | else if (ipa->address[0] == 0) | |
1675 | (void)sprintf(CS p, " port %d (IPv4)", ipa->port); | |
1676 | else | |
1677 | (void)sprintf(CS p, " [%s]:%d", ipa->address, ipa->port); | |
1678 | while (*p != 0) p++; | |
1679 | } | |
1680 | } | |
1681 | ||
1682 | if (ipa != NULL) | |
1683 | { | |
1684 | memcpy(p, " ...", 5); | |
1685 | p += 4; | |
1686 | } | |
1687 | } | |
1688 | ||
1689 | log_write(0, LOG_MAIN, | |
1690 | "exim %s daemon started: pid=%d, %s, listening for %s", | |
1691 | version_string, getpid(), qinfo, big_buffer); | |
2f21487f | 1692 | set_process_info("daemon(%s): %s, listening for %s", version_string, qinfo, big_buffer); |
059ec3d9 PH |
1693 | } |
1694 | ||
1695 | else | |
1696 | { | |
1697 | log_write(0, LOG_MAIN, | |
1698 | "exim %s daemon started: pid=%d, -q%s, not listening for SMTP", | |
1699 | version_string, getpid(), readconf_printtime(queue_interval)); | |
2f21487f HSHR |
1700 | set_process_info("daemon(%s): -q%s, not listening", |
1701 | version_string, | |
059ec3d9 PH |
1702 | readconf_printtime(queue_interval)); |
1703 | } | |
1704 | ||
476be7e2 JH |
1705 | /* Do any work it might be useful to amortize over our children |
1706 | (eg: compile regex) */ | |
1707 | ||
476be7e2 JH |
1708 | dns_pattern_init(); |
1709 | ||
1710 | #ifdef WITH_CONTENT_SCAN | |
1711 | malware_init(); | |
1712 | #endif | |
059ec3d9 PH |
1713 | |
1714 | /* Close the log so it can be renamed and moved. In the few cases below where | |
1715 | this long-running process writes to the log (always exceptional conditions), it | |
1716 | closes the log afterwards, for the same reason. */ | |
1717 | ||
1718 | log_close_all(); | |
1719 | ||
1720 | DEBUG(D_any) debug_print_ids(US"daemon running with"); | |
1721 | ||
1722 | /* Any messages accepted via this route are going to be SMTP. */ | |
1723 | ||
1724 | smtp_input = TRUE; | |
1725 | ||
1726 | /* Enter the never-ending loop... */ | |
1727 | ||
1728 | for (;;) | |
1729 | { | |
1730 | #if HAVE_IPV6 | |
1731 | struct sockaddr_in6 accepted; | |
1732 | #else | |
1733 | struct sockaddr_in accepted; | |
1734 | #endif | |
1735 | ||
cf73943b | 1736 | EXIM_SOCKLEN_T len; |
059ec3d9 PH |
1737 | pid_t pid; |
1738 | ||
1739 | /* This code is placed first in the loop, so that it gets obeyed at the | |
9ee44efb PP |
1740 | start, before the first wait, for the queue-runner case, so that the first |
1741 | one can be started immediately. | |
1742 | ||
1743 | The other option is that we have an inetd wait timeout specified to -bw. */ | |
059ec3d9 PH |
1744 | |
1745 | if (sigalrm_seen) | |
1746 | { | |
9ee44efb PP |
1747 | if (inetd_wait_timeout > 0) |
1748 | { | |
1749 | time_t resignal_interval = inetd_wait_timeout; | |
1750 | ||
1751 | if (last_connection_time == (time_t)0) | |
1752 | { | |
1753 | DEBUG(D_any) | |
1754 | debug_printf("inetd wait timeout expired, but still not seen first message, ignoring\n"); | |
1755 | } | |
1756 | else | |
1757 | { | |
1758 | time_t now = time(NULL); | |
1759 | if (now == (time_t)-1) | |
1760 | { | |
1761 | DEBUG(D_any) debug_printf("failed to get time: %s\n", strerror(errno)); | |
1762 | } | |
1763 | else | |
1764 | { | |
1765 | if ((now - last_connection_time) >= inetd_wait_timeout) | |
1766 | { | |
1767 | DEBUG(D_any) | |
1768 | debug_printf("inetd wait timeout %d expired, ending daemon\n", | |
1769 | inetd_wait_timeout); | |
1770 | log_write(0, LOG_MAIN, "exim %s daemon terminating, inetd wait timeout reached.\n", | |
1771 | version_string); | |
1772 | exit(EXIT_SUCCESS); | |
1773 | } | |
1774 | else | |
1775 | { | |
1776 | resignal_interval -= (now - last_connection_time); | |
1777 | } | |
1778 | } | |
1779 | } | |
059ec3d9 | 1780 | |
9ee44efb PP |
1781 | sigalrm_seen = FALSE; |
1782 | alarm(resignal_interval); | |
1783 | } | |
059ec3d9 | 1784 | |
9ee44efb | 1785 | else |
059ec3d9 | 1786 | { |
9ee44efb | 1787 | DEBUG(D_any) debug_printf("SIGALRM received\n"); |
8e669ac1 | 1788 | |
9ee44efb PP |
1789 | /* Do a full queue run in a child process, if required, unless we already |
1790 | have enough queue runners on the go. If we are not running as root, a | |
1791 | re-exec is required. */ | |
059ec3d9 | 1792 | |
9ee44efb PP |
1793 | if (queue_interval > 0 && |
1794 | (queue_run_max <= 0 || queue_run_count < queue_run_max)) | |
1795 | { | |
1796 | if ((pid = fork()) == 0) | |
1797 | { | |
1798 | int sk; | |
3d235903 | 1799 | |
9ee44efb PP |
1800 | DEBUG(D_any) debug_printf("Starting queue-runner: pid %d\n", |
1801 | (int)getpid()); | |
8e669ac1 | 1802 | |
9ee44efb PP |
1803 | /* Disable debugging if it's required only for the daemon process. We |
1804 | leave the above message, because it ties up with the "child ended" | |
1805 | debugging messages. */ | |
059ec3d9 | 1806 | |
9ee44efb | 1807 | if (debug_daemon) debug_selector = 0; |
059ec3d9 | 1808 | |
9ee44efb | 1809 | /* Close any open listening sockets in the child */ |
059ec3d9 | 1810 | |
9ee44efb PP |
1811 | for (sk = 0; sk < listen_socket_count; sk++) |
1812 | (void)close(listen_sockets[sk]); | |
059ec3d9 | 1813 | |
9ee44efb | 1814 | /* Reset SIGHUP and SIGCHLD in the child in both cases. */ |
059ec3d9 | 1815 | |
9ee44efb PP |
1816 | signal(SIGHUP, SIG_DFL); |
1817 | signal(SIGCHLD, SIG_DFL); | |
059ec3d9 | 1818 | |
9ee44efb PP |
1819 | /* Re-exec if privilege has been given up, unless deliver_drop_ |
1820 | privilege is set. Reset SIGALRM before exec(). */ | |
4fbcfc2e | 1821 | |
9ee44efb | 1822 | if (geteuid() != root_uid && !deliver_drop_privilege) |
4fbcfc2e | 1823 | { |
9ee44efb PP |
1824 | uschar opt[8]; |
1825 | uschar *p = opt; | |
1826 | uschar *extra[5]; | |
1827 | int extracount = 1; | |
1828 | ||
1829 | signal(SIGALRM, SIG_DFL); | |
1830 | *p++ = '-'; | |
1831 | *p++ = 'q'; | |
1832 | if (queue_2stage) *p++ = 'q'; | |
1833 | if (queue_run_first_delivery) *p++ = 'i'; | |
1834 | if (queue_run_force) *p++ = 'f'; | |
1835 | if (deliver_force_thaw) *p++ = 'f'; | |
1836 | if (queue_run_local) *p++ = 'l'; | |
1837 | *p = 0; | |
1838 | extra[0] = opt; | |
1839 | ||
1840 | /* If -R or -S were on the original command line, ensure they get | |
1841 | passed on. */ | |
1842 | ||
1843 | if (deliver_selectstring != NULL) | |
1844 | { | |
1845 | extra[extracount++] = deliver_selectstring_regex? US"-Rr" : US"-R"; | |
1846 | extra[extracount++] = deliver_selectstring; | |
1847 | } | |
1848 | ||
1849 | if (deliver_selectstring_sender != NULL) | |
1850 | { | |
1851 | extra[extracount++] = deliver_selectstring_sender_regex? | |
1852 | US"-Sr" : US"-S"; | |
1853 | extra[extracount++] = deliver_selectstring_sender; | |
1854 | } | |
1855 | ||
1856 | /* Overlay this process with a new execution. */ | |
1857 | ||
1858 | (void)child_exec_exim(CEE_EXEC_PANIC, FALSE, NULL, TRUE, extracount, | |
1859 | extra[0], extra[1], extra[2], extra[3], extra[4]); | |
1860 | ||
1861 | /* Control never returns here. */ | |
4fbcfc2e PH |
1862 | } |
1863 | ||
9ee44efb | 1864 | /* No need to re-exec; SIGALRM remains set to the default handler */ |
059ec3d9 | 1865 | |
9ee44efb PP |
1866 | queue_run(NULL, NULL, FALSE); |
1867 | _exit(EXIT_SUCCESS); | |
059ec3d9 PH |
1868 | } |
1869 | ||
9ee44efb | 1870 | if (pid < 0) |
059ec3d9 | 1871 | { |
9ee44efb PP |
1872 | log_write(0, LOG_MAIN|LOG_PANIC, "daemon: fork of queue-runner " |
1873 | "process failed: %s", strerror(errno)); | |
1874 | log_close_all(); | |
1875 | } | |
1876 | else | |
1877 | { | |
1878 | int i; | |
1879 | for (i = 0; i < queue_run_max; ++i) | |
059ec3d9 | 1880 | { |
9ee44efb PP |
1881 | if (queue_pid_slots[i] <= 0) |
1882 | { | |
1883 | queue_pid_slots[i] = pid; | |
1884 | queue_run_count++; | |
1885 | break; | |
1886 | } | |
059ec3d9 | 1887 | } |
9ee44efb PP |
1888 | DEBUG(D_any) debug_printf("%d queue-runner process%s running\n", |
1889 | queue_run_count, (queue_run_count == 1)? "" : "es"); | |
059ec3d9 | 1890 | } |
059ec3d9 | 1891 | } |
059ec3d9 | 1892 | |
9ee44efb | 1893 | /* Reset the alarm clock */ |
059ec3d9 | 1894 | |
9ee44efb PP |
1895 | sigalrm_seen = FALSE; |
1896 | alarm(queue_interval); | |
1897 | } | |
1898 | ||
1899 | } /* sigalrm_seen */ | |
059ec3d9 PH |
1900 | |
1901 | ||
1902 | /* Sleep till a connection happens if listening, and handle the connection if | |
1903 | that is why we woke up. The FreeBSD operating system requires the use of | |
1904 | select() before accept() because the latter function is not interrupted by | |
1905 | a signal, and we want to wake up for SIGCHLD and SIGALRM signals. Some other | |
1906 | OS do notice signals in accept() but it does no harm to have the select() | |
1907 | in for all of them - and it won't then be a lurking problem for ports to | |
1908 | new OS. In fact, the later addition of listening on specific interfaces only | |
1909 | requires this way of working anyway. */ | |
1910 | ||
1911 | if (daemon_listen) | |
1912 | { | |
bb6e88ff | 1913 | int sk, lcount, select_errno; |
059ec3d9 PH |
1914 | int max_socket = 0; |
1915 | BOOL select_failed = FALSE; | |
1916 | fd_set select_listen; | |
1917 | ||
1918 | FD_ZERO(&select_listen); | |
1919 | for (sk = 0; sk < listen_socket_count; sk++) | |
1920 | { | |
1921 | FD_SET(listen_sockets[sk], &select_listen); | |
1922 | if (listen_sockets[sk] > max_socket) max_socket = listen_sockets[sk]; | |
1923 | } | |
1924 | ||
1925 | DEBUG(D_any) debug_printf("Listening...\n"); | |
8e669ac1 PH |
1926 | |
1927 | /* In rare cases we may have had a SIGCHLD signal in the time between | |
1928 | setting the handler (below) and getting back here. If so, pretend that the | |
7d468ab8 | 1929 | select() was interrupted so that we reap the child. This might still leave |
8e669ac1 | 1930 | a small window when a SIGCHLD could get lost. However, since we use SIGCHLD |
7d468ab8 PH |
1931 | only to do the reaping more quickly, it shouldn't result in anything other |
1932 | than a delay until something else causes a wake-up. */ | |
1933 | ||
1934 | if (sigchld_seen) | |
1935 | { | |
1936 | lcount = -1; | |
8e669ac1 | 1937 | errno = EINTR; |
7d468ab8 PH |
1938 | } |
1939 | else | |
8e669ac1 | 1940 | { |
7d468ab8 PH |
1941 | lcount = select(max_socket + 1, (SELECT_ARG2_TYPE *)&select_listen, |
1942 | NULL, NULL, NULL); | |
8e669ac1 | 1943 | } |
059ec3d9 | 1944 | |
7d468ab8 | 1945 | if (lcount < 0) |
059ec3d9 PH |
1946 | { |
1947 | select_failed = TRUE; | |
1948 | lcount = 1; | |
1949 | } | |
8e669ac1 PH |
1950 | |
1951 | /* Clean up any subprocesses that may have terminated. We need to do this | |
1952 | here so that smtp_accept_max_per_host works when a connection to that host | |
1953 | has completed, and we are about to accept a new one. When this code was | |
1954 | later in the sequence, a new connection could be rejected, even though an | |
1955 | old one had just finished. Preserve the errno from any select() failure for | |
bb6e88ff | 1956 | the use of the common select/accept error processing below. */ |
8e669ac1 | 1957 | |
bb6e88ff PH |
1958 | select_errno = errno; |
1959 | handle_ending_processes(); | |
8e669ac1 PH |
1960 | errno = select_errno; |
1961 | ||
059ec3d9 | 1962 | /* Loop for all the sockets that are currently ready to go. If select |
7d468ab8 PH |
1963 | actually failed, we have set the count to 1 and select_failed=TRUE, so as |
1964 | to use the common error code for select/accept below. */ | |
059ec3d9 PH |
1965 | |
1966 | while (lcount-- > 0) | |
1967 | { | |
1968 | int accept_socket = -1; | |
1969 | if (!select_failed) | |
1970 | { | |
1971 | for (sk = 0; sk < listen_socket_count; sk++) | |
1972 | { | |
1973 | if (FD_ISSET(listen_sockets[sk], &select_listen)) | |
1974 | { | |
cf73943b | 1975 | len = sizeof(accepted); |
059ec3d9 PH |
1976 | accept_socket = accept(listen_sockets[sk], |
1977 | (struct sockaddr *)&accepted, &len); | |
1978 | FD_CLR(listen_sockets[sk], &select_listen); | |
1979 | break; | |
1980 | } | |
1981 | } | |
1982 | } | |
1983 | ||
1984 | /* If select or accept has failed and this was not caused by an | |
1985 | interruption, log the incident and try again. With asymmetric TCP/IP | |
1986 | routing errors such as "No route to network" have been seen here. Also | |
1987 | "connection reset by peer" has been seen. These cannot be classed as | |
1988 | disastrous errors, but they could fill up a lot of log. The code in smail | |
1989 | crashes the daemon after 10 successive failures of accept, on the grounds | |
1990 | that some OS fail continuously. Exim originally followed suit, but this | |
1991 | appears to have caused problems. Now it just keeps going, but instead of | |
1992 | logging each error, it batches them up when they are continuous. */ | |
1993 | ||
1994 | if (accept_socket < 0 && errno != EINTR) | |
1995 | { | |
1996 | if (accept_retry_count == 0) | |
1997 | { | |
1998 | accept_retry_errno = errno; | |
1999 | accept_retry_select_failed = select_failed; | |
2000 | } | |
2001 | else | |
2002 | { | |
2003 | if (errno != accept_retry_errno || | |
2004 | select_failed != accept_retry_select_failed || | |
2005 | accept_retry_count >= 50) | |
2006 | { | |
2007 | log_write(0, LOG_MAIN | ((accept_retry_count >= 50)? LOG_PANIC : 0), | |
2008 | "%d %s() failure%s: %s", | |
2009 | accept_retry_count, | |
2010 | accept_retry_select_failed? "select" : "accept", | |
2011 | (accept_retry_count == 1)? "" : "s", | |
2012 | strerror(accept_retry_errno)); | |
2013 | log_close_all(); | |
2014 | accept_retry_count = 0; | |
2015 | accept_retry_errno = errno; | |
2016 | accept_retry_select_failed = select_failed; | |
2017 | } | |
2018 | } | |
2019 | accept_retry_count++; | |
2020 | } | |
2021 | ||
2022 | else | |
2023 | { | |
2024 | if (accept_retry_count > 0) | |
2025 | { | |
2026 | log_write(0, LOG_MAIN, "%d %s() failure%s: %s", | |
2027 | accept_retry_count, | |
2028 | accept_retry_select_failed? "select" : "accept", | |
2029 | (accept_retry_count == 1)? "" : "s", | |
2030 | strerror(accept_retry_errno)); | |
2031 | log_close_all(); | |
2032 | accept_retry_count = 0; | |
2033 | } | |
2034 | } | |
2035 | ||
2036 | /* If select/accept succeeded, deal with the connection. */ | |
2037 | ||
2038 | if (accept_socket >= 0) | |
9ee44efb PP |
2039 | { |
2040 | if (inetd_wait_timeout) | |
2041 | last_connection_time = time(NULL); | |
059ec3d9 PH |
2042 | handle_smtp_call(listen_sockets, listen_socket_count, accept_socket, |
2043 | (struct sockaddr *)&accepted); | |
9ee44efb | 2044 | } |
059ec3d9 PH |
2045 | } |
2046 | } | |
2047 | ||
2048 | /* If not listening, then just sleep for the queue interval. If we woke | |
2049 | up early the last time for some other signal, it won't matter because | |
2050 | the alarm signal will wake at the right time. This code originally used | |
2051 | sleep() but it turns out that on the FreeBSD system, sleep() is not inter- | |
2052 | rupted by signals, so it wasn't waking up for SIGALRM or SIGCHLD. Luckily | |
2053 | select() can be used as an interruptible sleep() on all versions of Unix. */ | |
2054 | ||
2055 | else | |
2056 | { | |
2057 | struct timeval tv; | |
2058 | tv.tv_sec = queue_interval; | |
2059 | tv.tv_usec = 0; | |
2060 | select(0, NULL, NULL, NULL, &tv); | |
8e669ac1 | 2061 | handle_ending_processes(); |
059ec3d9 PH |
2062 | } |
2063 | ||
2064 | /* Re-enable the SIGCHLD handler if it has been run. It can't do it | |
2065 | for itself, because it isn't doing the waiting itself. */ | |
2066 | ||
2067 | if (sigchld_seen) | |
2068 | { | |
2069 | sigchld_seen = FALSE; | |
7d468ab8 | 2070 | os_non_restarting_signal(SIGCHLD, main_sigchld_handler); |
059ec3d9 PH |
2071 | } |
2072 | ||
2073 | /* Handle being woken by SIGHUP. We know at this point that the result | |
2074 | of accept() has been dealt with, so we can re-exec exim safely, first | |
2075 | closing the listening sockets so that they can be reused. Cancel any pending | |
2076 | alarm in case it is just about to go off, and set SIGHUP to be ignored so | |
2077 | that another HUP in quick succession doesn't clobber the new daemon before it | |
2078 | gets going. All log files get closed by the close-on-exec flag; however, if | |
2079 | the exec fails, we need to close the logs. */ | |
2080 | ||
2081 | if (sighup_seen) | |
2082 | { | |
2083 | int sk; | |
2084 | log_write(0, LOG_MAIN, "pid %d: SIGHUP received: re-exec daemon", | |
2085 | getpid()); | |
f1e894f3 PH |
2086 | for (sk = 0; sk < listen_socket_count; sk++) |
2087 | (void)close(listen_sockets[sk]); | |
059ec3d9 PH |
2088 | alarm(0); |
2089 | signal(SIGHUP, SIG_IGN); | |
2090 | sighup_argv[0] = exim_path; | |
2091 | exim_nullstd(); | |
2092 | execv(CS exim_path, (char *const *)sighup_argv); | |
2093 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "pid %d: exec of %s failed: %s", | |
2094 | getpid(), exim_path, strerror(errno)); | |
2095 | log_close_all(); | |
2096 | } | |
2097 | ||
2098 | } /* End of main loop */ | |
2099 | ||
2100 | /* Control never reaches here */ | |
2101 | } | |
2102 | ||
071c51f7 JH |
2103 | /* vi: aw ai sw=2 |
2104 | */ | |
059ec3d9 | 2105 | /* End of exim_daemon.c */ |