projects / exim.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Incorrect test for a running SpamAssassin.
[exim.git] / src / src / daemon.c
CommitLineData
1f872c80 1/* $Cambridge: exim/src/src/daemon.c,v 1.16 2006/09/05 14:14:32 ph10 Exp $ */
059ec3d9
PH		 2
3/*************************************************
4* Exim - an Internet mail transport agent *
5*************************************************/
6
d7d7b7b9 7/* Copyright (c) University of Cambridge 1995 - 2006 */
059ec3d9
PH		 8/* See the file NOTICE for conditions of use and distribution. */
9
10/* Functions concerned with running Exim as a daemon */
11
12
13#include "exim.h"
14
15
16/* Structure for holding data for each SMTP connection */
17
18typedef struct smtp_slot {
19 pid_t pid; /* pid of the spawned reception process */
20 uschar *host_address; /* address of the client host */
21} smtp_slot;
22
23/* An empty slot for initializing (Standard C does not allow constructor
24expressions in assigments except as initializers in declarations). */
25
26static smtp_slot empty_smtp_slot = { 0, NULL };
27
28
29
30/*************************************************
31* Local static variables *
32*************************************************/
33
34static volatile BOOL sigchld_seen;
35static volatile BOOL sighup_seen;
36
37static int accept_retry_count = 0;
38static int accept_retry_errno;
39static BOOL accept_retry_select_failed;
40
41static int queue_run_count = 0;
bb6e88ff
PH		 42static pid_t *queue_pid_slots = NULL;
43static smtp_slot *smtp_slots = NULL;
059ec3d9
PH		 44
45static BOOL write_pid = TRUE;
46
47
48
49/*************************************************
50* SIGHUP Handler *
51*************************************************/
52
53/* All this handler does is to set a flag and re-enable the signal.
54
55Argument: the signal number
56Returns: nothing
57*/
58
59static void
60sighup_handler(int sig)
61{
62sig = sig; /* Keep picky compilers happy */
63sighup_seen = TRUE;
64signal(SIGHUP, sighup_handler);
65}
66
67
68
69/*************************************************
70* SIGCHLD handler for main daemon process *
71*************************************************/
72
73/* Don't re-enable the handler here, since we aren't doing the
74waiting here. If the signal is re-enabled, there will just be an
75infinite sequence of calls to this handler. The SIGCHLD signal is
76used just as a means of waking up the daemon so that it notices
77terminated subprocesses as soon as possible.
78
79Argument: the signal number
80Returns: nothing
81*/
82
83static void
84main_sigchld_handler(int sig)
85{
86sig = sig; /* Keep picky compilers happy */
7d468ab8 87os_non_restarting_signal(SIGCHLD, SIG_DFL);
059ec3d9 88sigchld_seen = TRUE;
059ec3d9
PH		 89}
90
91
92
93
94/*************************************************
95* Unexpected errors in SMTP calls *
96*************************************************/
97
98/* This function just saves a bit of repetitious coding.
99
100Arguments:
101 log_msg Text of message to be logged
102 smtp_msg Text of SMTP error message
103 was_errno The failing errno
104
105Returns: nothing
106*/
107
108static void
109never_error(uschar *log_msg, uschar *smtp_msg, int was_errno)
110{
111uschar *emsg = (was_errno <= 0)? US"" :
112 string_sprintf(": %s", strerror(was_errno));
113log_write(0, LOG_MAIN|LOG_PANIC, "%s%s", log_msg, emsg);
114if (smtp_out != NULL) smtp_printf("421 %s\r\n", smtp_msg);
115}
116
117
118
119
120/*************************************************
121* Handle a connected SMTP call *
122*************************************************/
123
124/* This function is called when an SMTP connection has been accepted.
125If there are too many, give an error message and close down. Otherwise
126spin off a sub-process to handle the call. The list of listening sockets
127is required so that they can be closed in the sub-process. Take care not to
128leak store in this process - reset the stacking pool at the end.
129
130Arguments:
131 listen_sockets sockets which are listening for incoming calls
132 listen_socket_count count of listening sockets
133 accept_socket socket of the current accepted call
134 accepted socket information about the current call
135
136Returns: nothing
137*/
138
139static void
140handle_smtp_call(int *listen_sockets, int listen_socket_count,
141 int accept_socket, struct sockaddr *accepted)
142{
143pid_t pid;
144union sockaddr_46 interface_sockaddr;
36a3b041 145EXIM_SOCKLEN_T ifsize = sizeof(interface_sockaddr);
059ec3d9
PH		 146int dup_accept_socket = -1;
147int max_for_this_host = 0;
148int wfsize = 0;
149int wfptr = 0;
150int use_log_write_selector = log_write_selector;
151uschar *whofrom = NULL;
152
153void *reset_point = store_get(0);
154
155/* Make the address available in ASCII representation, and also fish out
156the remote port. */
157
158sender_host_address = host_ntoa(-1, accepted, NULL, &sender_host_port);
159DEBUG(D_any) debug_printf("Connection request from %s port %d\n",
160 sender_host_address, sender_host_port);
161
162/* Set up the output stream, check the socket has duplicated, and set up the
163input stream. These operations fail only the exceptional circumstances. Note
164that never_error() won't use smtp_out if it is NULL. */
165
166smtp_out = fdopen(accept_socket, "wb");
167if (smtp_out == NULL)
168 {
169 never_error(US"daemon: fdopen() for smtp_out failed", US"", errno);
170 goto ERROR_RETURN;
171 }
172
173dup_accept_socket = dup(accept_socket);
174if (dup_accept_socket < 0)
175 {
176 never_error(US"daemon: couldn't dup socket descriptor",
177 US"Connection setup failed", errno);
178 goto ERROR_RETURN;
179 }
180
181smtp_in = fdopen(dup_accept_socket, "rb");
182if (smtp_in == NULL)
183 {
184 never_error(US"daemon: fdopen() for smtp_in failed",
185 US"Connection setup failed", errno);
186 goto ERROR_RETURN;
187 }
188
189/* Get the data for the local interface address. */
190
191if (getsockname(accept_socket, (struct sockaddr *)(&interface_sockaddr),
192 &ifsize) < 0)
193 {
194 log_write(0, LOG_MAIN|LOG_PANIC, "getsockname() failed: %s",
195 strerror(errno));
196 smtp_printf("421 Local problem: getsockname() failed; please try again later\r\n");
197 goto ERROR_RETURN;
198 }
199
200interface_address = host_ntoa(-1, &interface_sockaddr, NULL, &interface_port);
201DEBUG(D_interface) debug_printf("interface address=%s port=%d\n",
202 interface_address, interface_port);
203
204/* Build a string identifying the remote host and, if requested, the port and
205the local interface data. This is for logging; at the end of this function the
206memory is reclaimed. */
207
208whofrom = string_append(whofrom, &wfsize, &wfptr, 3, "[", sender_host_address, "]");
209
210if ((log_extra_selector & LX_incoming_port) != 0)
211 whofrom = string_append(whofrom, &wfsize, &wfptr, 2, ":", string_sprintf("%d",
212 sender_host_port));
213
214if ((log_extra_selector & LX_incoming_interface) != 0)
215 whofrom = string_append(whofrom, &wfsize, &wfptr, 4, " I=[",
216 interface_address, "]:", string_sprintf("%d", interface_port));
217
218whofrom[wfptr] = 0; /* Terminate the newly-built string */
219
220/* Check maximum number of connections. We do not check for reserved
221connections or unacceptable hosts here. That is done in the subprocess because
222it might take some time. */
223
224if (smtp_accept_max > 0 && smtp_accept_count >= smtp_accept_max)
225 {
226 DEBUG(D_any) debug_printf("rejecting SMTP connection: count=%d max=%d\n",
227 smtp_accept_count, smtp_accept_max);
228 smtp_printf("421 Too many concurrent SMTP connections; "
229 "please try again later.\r\n");
230 log_write(L_connection_reject,
231 LOG_MAIN, "Connection from %s refused: too many connections",
232 whofrom);
233 goto ERROR_RETURN;
234 }
235
236/* If a load limit above which only reserved hosts are acceptable is defined,
237get the load average here, and if there are in fact no reserved hosts, do
238the test right away (saves a fork). If there are hosts, do the check in the
239subprocess because it might take time. */
240
241if (smtp_load_reserve >= 0)
242 {
243 load_average = os_getloadavg();
244 if (smtp_reserve_hosts == NULL && load_average > smtp_load_reserve)
245 {
246 DEBUG(D_any) debug_printf("rejecting SMTP connection: load average = %.2f\n",
247 (double)load_average/1000.0);
248 smtp_printf("421 Too much load; please try again later.\r\n");
249 log_write(L_connection_reject,
250 LOG_MAIN, "Connection from %s refused: load average = %.2f",
251 whofrom, (double)load_average/1000.0);
252 goto ERROR_RETURN;
253 }
254 }
255
256/* Check that one specific host (strictly, IP address) is not hogging
257resources. This is done here to prevent a denial of service attack by someone
258forcing you to fork lots of times before denying service. The value of
259smtp_accept_max_per_host is a string which is expanded. This makes it possible
260to provide host-specific limits according to $sender_host address, but because
261this is in the daemon mainline, only fast expansions (such as inline address
262checks) should be used. The documentation is full of warnings. */
263
264if (smtp_accept_max_per_host != NULL)
265 {
266 uschar *expanded = expand_string(smtp_accept_max_per_host);
267 if (expanded == NULL)
268 {
269 if (!expand_string_forcedfail)
270 log_write(0, LOG_MAIN|LOG_PANIC, "expansion of smtp_accept_max_per_host "
271 "failed for %s: %s", whofrom, expand_string_message);
272 }
273 /* For speed, interpret a decimal number inline here */
274 else
275 {
276 uschar *s = expanded;
277 while (isdigit(*s))
278 max_for_this_host = max_for_this_host * 10 + *s++ - '0';
279 if (*s != 0)
280 log_write(0, LOG_MAIN|LOG_PANIC, "expansion of smtp_accept_max_per_host "
281 "for %s contains non-digit: %s", whofrom, expanded);
282 }
283 }
284
285/* If we have fewer connections than max_for_this_host, we can skip the tedious
286per host_address checks. Note that at this stage smtp_accept_count contains the
287count of *other* connections, not including this one. */
288
289if ((max_for_this_host > 0) &&
290 (smtp_accept_count >= max_for_this_host))
291 {
292 int i;
293 int host_accept_count = 0;
294 int other_host_count = 0; /* keep a count of non matches to optimise */
295
296 for (i = 0; i < smtp_accept_max; ++i)
297 {
298 if (smtp_slots[i].host_address != NULL)
299 {
300 if (Ustrcmp(sender_host_address, smtp_slots[i].host_address) == 0)
301 host_accept_count++;
302 else
303 other_host_count++;
304
305 /* Testing all these strings is expensive - see if we can drop out
306 early, either by hitting the target, or finding there are not enough
307 connections left to make the target. */
308
309 if ((host_accept_count >= max_for_this_host) ||
310 ((smtp_accept_count - other_host_count) < max_for_this_host))
311 break;
312 }
313 }
314
315 if (host_accept_count >= max_for_this_host)
316 {
317 DEBUG(D_any) debug_printf("rejecting SMTP connection: too many from this "
318 "IP address: count=%d max=%d\n",
319 host_accept_count, max_for_this_host);
320 smtp_printf("421 Too many concurrent SMTP connections "
321 "from this IP address; please try again later.\r\n");
322 log_write(L_connection_reject,
323 LOG_MAIN, "Connection from %s refused: too many connections "
324 "from that IP address", whofrom);
325 goto ERROR_RETURN;
326 }
327 }
328
329/* OK, the connection count checks have been passed. Before we can fork the
330accepting process, we must first log the connection if requested. This logging
331used to happen in the subprocess, but doing that means that the value of
332smtp_accept_count can be out of step by the time it is logged. So we have to do
333the logging here and accept the performance cost. Note that smtp_accept_count
334hasn't yet been incremented to take account of this connection.
335
336In order to minimize the cost (because this is going to happen for every
337connection), do a preliminary selector test here. This saves ploughing through
338the generalized logging code each time when the selector is false. If the
339selector is set, check whether the host is on the list for logging. If not,
340arrange to unset the selector in the subprocess. */
341
342if ((log_write_selector & L_smtp_connection) != 0)
343 {
344 uschar *list = hosts_connection_nolog;
345 if (list != NULL && verify_check_host(&list) == OK)
346 use_log_write_selector &= ~L_smtp_connection;
347 else
348 log_write(L_smtp_connection, LOG_MAIN, "SMTP connection from %s "
349 "(TCP/IP connection count = %d)", whofrom, smtp_accept_count + 1);
350 }
351
352/* Now we can fork the accepting process; do a lookup tidy, just in case any
353expansion above did a lookup. */
354
355search_tidyup();
356pid = fork();
357
358/* Handle the child process */
359
360if (pid == 0)
361 {
362 int i;
363 int queue_only_reason = 0;
364 int old_pool = store_pool;
8e669ac1 365 int save_debug_selector = debug_selector;
059ec3d9
PH		 366 BOOL local_queue_only;
367 #ifdef SA_NOCLDWAIT
368 struct sigaction act;
369 #endif
370
371 /* May have been modified for the subprocess */
372
373 log_write_selector = use_log_write_selector;
374
375 /* Get the local interface address into permanent store */
376
377 store_pool = POOL_PERM;
378 interface_address = string_copy(interface_address);
379 store_pool = old_pool;
380
381 /* Check for a tls-on-connect port */
382
383 if (host_is_tls_on_connect_port(interface_port)) tls_on_connect = TRUE;
384
385 /* Expand smtp_active_hostname if required. We do not do this any earlier,
386 because it may depend on the local interface address (indeed, that is most
387 likely what it depends on.) */
388
389 smtp_active_hostname = primary_hostname;
390 if (raw_active_hostname != NULL)
391 {
392 uschar *nah = expand_string(raw_active_hostname);
393 if (nah == NULL)
394 {
395 if (!expand_string_forcedfail)
396 {
397 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand \"%s\" "
398 "(smtp_active_hostname): %s", raw_active_hostname,
399 expand_string_message);
400 smtp_printf("421 Local configuration error; "
401 "please try again later.\r\n");
402 mac_smtp_fflush();
403 search_tidyup();
404 _exit(EXIT_FAILURE);
405 }
406 }
407 else if (nah[0] != 0) smtp_active_hostname = nah;
408 }
409
410 /* Initialize the queueing flags */
411
412 queue_check_only();
413 local_queue_only = queue_only;
414
415 /* Close the listening sockets, and set the SIGCHLD handler to SIG_IGN.
416 We also attempt to set things up so that children are automatically reaped,
417 but just in case this isn't available, there's a paranoid waitpid() in the
418 loop too (except for systems where we are sure it isn't needed). See the more
419 extensive comment before the reception loop in exim.c for a fuller
420 explanation of this logic. */
421
f1e894f3 422 for (i = 0; i < listen_socket_count; i++) (void)close(listen_sockets[i]);
059ec3d9
PH		 423
424 #ifdef SA_NOCLDWAIT
425 act.sa_handler = SIG_IGN;
426 sigemptyset(&(act.sa_mask));
427 act.sa_flags = SA_NOCLDWAIT;
428 sigaction(SIGCHLD, &act, NULL);
429 #else
430 signal(SIGCHLD, SIG_IGN);
431 #endif
432
433 /* Attempt to get an id from the sending machine via the RFC 1413
434 protocol. We do this in the sub-process in order not to hold up the
435 main process if there is any delay. Then set up the fullhost information
8e669ac1
PH		 436 in case there is no HELO/EHLO.
437
438 If debugging is enabled only for the daemon, we must turn if off while
439 finding the id, but turn it on again afterwards so that information about the
3d235903 440 incoming connection is output. */
8e669ac1 441
3d235903 442 if (debug_daemon) debug_selector = 0;
059ec3d9
PH		 443 verify_get_ident(IDENT_PORT);
444 host_build_sender_fullhost();
8e669ac1 445 debug_selector = save_debug_selector;
059ec3d9
PH		 446
447 DEBUG(D_any)
448 debug_printf("Process %d is handling incoming connection from %s\n",
449 (int)getpid(), sender_fullhost);
450
3d235903
PH		 451 /* Now disable debugging permanently if it's required only for the daemon
452 process. */
453
454 if (debug_daemon) debug_selector = 0;
455
059ec3d9
PH		 456 /* If there are too many child processes for immediate delivery,
457 set the local_queue_only flag, which is initialized from the
458 configured value and may therefore already be TRUE. Leave logging
459 till later so it will have a message id attached. */
460
461 if (smtp_accept_queue > 0 && smtp_accept_count >= smtp_accept_queue)
462 {
463 local_queue_only = TRUE;
464 queue_only_reason = 1;
465 }
466
467 /* Handle the start of the SMTP session, then loop, accepting incoming
468 messages from the SMTP connection. The end will come at the QUIT command,
469 when smtp_setup_msg() returns 0. A break in the connection causes the
470 process to die (see accept.c). */
471
472 if (!smtp_start_session())
473 {
474 mac_smtp_fflush();
475 search_tidyup();
476 _exit(EXIT_SUCCESS);
477 }
478
479 for (;;)
480 {
481 int rc;
482 message_id[0] = 0; /* Clear out any previous message_id */
483 reset_point = store_get(0); /* Save current store high water point */
484
485 DEBUG(D_any)
486 debug_printf("Process %d is ready for new message\n", (int)getpid());
487
488 /* Smtp_setup_msg() returns 0 on QUIT or if the call is from an
489 unacceptable host or if an ACL "drop" command was triggered, -1 on
490 connection lost, and +1 on validly reaching DATA. Receive_msg() almost
491 always returns TRUE when smtp_input is true; just retry if no message was
492 accepted (can happen for invalid message parameters). However, it can yield
493 FALSE if the connection was forcibly dropped by the DATA ACL. */
494
495 if ((rc = smtp_setup_msg()) > 0)
496 {
497 BOOL ok = receive_msg(FALSE);
498 search_tidyup(); /* Close cached databases */
499 if (!ok) /* Connection was dropped */
500 {
501 mac_smtp_fflush();
502 _exit(EXIT_SUCCESS);
503 }
504 if (message_id[0] == 0) continue; /* No message was accepted */
505 }
506 else
507 {
508 mac_smtp_fflush();
509 search_tidyup();
510 _exit((rc == 0)? EXIT_SUCCESS : EXIT_FAILURE);
511 }
512
513 /* Show the recipients when debugging */
514
515 DEBUG(D_receive)
516 {
517 int i;
518 if (sender_address != NULL)
519 debug_printf("Sender: %s\n", sender_address);
520 if (recipients_list != NULL)
521 {
522 debug_printf("Recipients:\n");
523 for (i = 0; i < recipients_count; i++)
524 debug_printf(" %s\n", recipients_list[i].address);
525 }
526 }
527
528 /* A message has been accepted. Clean up any previous delivery processes
529 that have completed and are defunct, on systems where they don't go away
530 by themselves (see comments when setting SIG_IGN above). On such systems
531 (if any) these delivery processes hang around after termination until
532 the next message is received. */
533
534 #ifndef SIG_IGN_WORKS
535 while (waitpid(-1, NULL, WNOHANG) > 0);
536 #endif
537
538 /* Reclaim up the store used in accepting this message */
539
540 store_reset(reset_point);
541
542 /* If queue_only is set or if there are too many incoming connections in
543 existence, local_queue_only will be TRUE. If it is not, check whether we
544 have received too many messages in this session for immediate delivery. If
545 not, and queue_only_load is set, check that the load average is below it.
546 Note that, once set, local_queue_only remains set for any subsequent
547 messages on the same SMTP connection. This is a deliberate choice; even
548 though the load average may fall, it doesn't seem right to deliver later
549 messages on the same call when not delivering earlier ones. */
550
551 if (!local_queue_only)
552 {
553 if (smtp_accept_queue_per_connection > 0 &&
554 receive_messagecount > smtp_accept_queue_per_connection)
555 {
556 local_queue_only = TRUE;
557 queue_only_reason = 2;
558 }
559 else if (queue_only_load >= 0)
560 {
561 local_queue_only = (load_average = os_getloadavg()) > queue_only_load;
562 if (local_queue_only) queue_only_reason = 3;
563 }
564 }
565
566 /* Log the queueing here, when it will get a message id attached, but
567 not if queue_only is set (case 0). */
568
569 if (local_queue_only) switch(queue_only_reason)
570 {
571 case 1:
572 log_write(L_delay_delivery,
573 LOG_MAIN, "no immediate delivery: too many connections "
574 "(%d, max %d)", smtp_accept_count, smtp_accept_queue);
575 break;
576
577 case 2:
578 log_write(L_delay_delivery,
579 LOG_MAIN, "no immediate delivery: more than %d messages "
580 "received in one connection", smtp_accept_queue_per_connection);
581 break;
582
583 case 3:
584 log_write(L_delay_delivery,
585 LOG_MAIN, "no immediate delivery: load average %.2f",
586 (double)load_average/1000.0);
587 break;
588 }
589
590 /* If a delivery attempt is required, spin off a new process to handle it.
591 If we are not root, we have to re-exec exim unless deliveries are being
592 done unprivileged. */
593
594 else if (!queue_only_policy && !deliver_freeze)
595 {
596 pid_t dpid;
597
598 /* Before forking, ensure that the C output buffer is flushed. Otherwise
599 anything that it in it will get duplicated, leading to duplicate copies
600 of the pending output. */
601
602 mac_smtp_fflush();
603
604 if ((dpid = fork()) == 0)
605 {
f1e894f3
PH		 606 (void)fclose(smtp_in);
607 (void)fclose(smtp_out);
059ec3d9
PH		 608
609 /* Don't ever molest the parent's SSL connection, but do clean up
610 the data structures if necessary. */
611
612 #ifdef SUPPORT_TLS
613 tls_close(FALSE);
614 #endif
615
616 /* Reset SIGHUP and SIGCHLD in the child in both cases. */
617
618 signal(SIGHUP, SIG_DFL);
619 signal(SIGCHLD, SIG_DFL);
620
621 if (geteuid() != root_uid && !deliver_drop_privilege)
622 {
623 signal(SIGALRM, SIG_DFL);
624 (void)child_exec_exim(CEE_EXEC_PANIC, FALSE, NULL, FALSE, 2, US"-Mc",
625 message_id);
626 /* Control does not return here. */
627 }
628
629 /* No need to re-exec; SIGALRM remains set to the default handler */
630
631 (void)deliver_message(message_id, FALSE, FALSE);
632 search_tidyup();
633 _exit(EXIT_SUCCESS);
634 }
635
636 if (dpid > 0)
637 {
638 DEBUG(D_any) debug_printf("forked delivery process %d\n", (int)dpid);
639 }
640 else
641 {
642 log_write(0, LOG_MAIN|LOG_PANIC, "daemon: delivery process fork "
643 "failed: %s", strerror(errno));
644 }
645 }
646 }
647 }
648
649
650/* Carrying on in the parent daemon process... Can't do much if the fork
651failed. Otherwise, keep count of the number of accepting processes and
652remember the pid for ticking off when the child completes. */
653
654if (pid < 0)
655 {
656 never_error(US"daemon: accept process fork failed", US"Fork failed", errno);
657 }
658else
659 {
660 int i;
661 for (i = 0; i < smtp_accept_max; ++i)
662 {
663 if (smtp_slots[i].pid <= 0)
664 {
665 smtp_slots[i].pid = pid;
666 if (smtp_accept_max_per_host != NULL)
667 smtp_slots[i].host_address = string_copy_malloc(sender_host_address);
668 smtp_accept_count++;
669 break;
670 }
671 }
672 DEBUG(D_any) debug_printf("%d SMTP accept process%s running\n",
673 smtp_accept_count, (smtp_accept_count == 1)? "" : "es");
674 }
675
676/* Get here via goto in error cases */
677
678ERROR_RETURN:
679
680/* Close the streams associated with the socket which will also close the
681socket fds in this process. We can't do anything if fclose() fails, but
682logging brings it to someone's attention. However, "connection reset by peer"
1f872c80
PH		 683isn't really a problem, so skip that one. On Solaris, a dropped connection can
684manifest itself as a broken pipe, so drop that one too. If the streams don't
685exist, something went wrong while setting things up. Make sure the socket
686descriptors are closed, in order to drop the connection. */
059ec3d9
PH		 687
688if (smtp_out != NULL)
689 {
1f872c80 690 if (fclose(smtp_out) != 0 && errno != ECONNRESET && errno != EPIPE)
059ec3d9
PH		 691 log_write(0, LOG_MAIN|LOG_PANIC, "daemon: fclose(smtp_out) failed: %s",
692 strerror(errno));
693 smtp_out = NULL;
694 }
f1e894f3 695else (void)close(accept_socket);
059ec3d9
PH		 696
697if (smtp_in != NULL)
698 {
1f872c80 699 if (fclose(smtp_in) != 0 && errno != ECONNRESET && errno != EPIPE)
059ec3d9
PH		 700 log_write(0, LOG_MAIN|LOG_PANIC, "daemon: fclose(smtp_in) failed: %s",
701 strerror(errno));
702 smtp_in = NULL;
703 }
f1e894f3 704else (void)close(dup_accept_socket);
059ec3d9
PH		 705
706/* Release any store used in this process, including the store used for holding
707the incoming host address and an expanded active_hostname. */
708
709store_reset(reset_point);
710sender_host_address = NULL;
711}
712
713
714
715
716/*************************************************
717* Check wildcard listen special cases *
718*************************************************/
719
720/* This function is used when binding and listening on lists of addresses and
721ports. It tests for special cases of wildcard listening, when IPv4 and IPv6
722sockets may interact in different ways in different operating systems. It is
723passed an error number, the list of listening addresses, and the current
724address. Two checks are available: for a previous wildcard IPv6 address, or for
725a following wildcard IPv4 address, in both cases on the same port.
726
727In practice, pairs of wildcard addresses should be adjacent in the address list
728because they are sorted that way below.
729
730Arguments:
731 eno the error number
732 addresses the list of addresses
733 ipa the current IP address
734 back if TRUE, check for previous wildcard IPv6 address
735 if FALSE, check for a following wildcard IPv4 address
736
737Returns: TRUE or FALSE
738*/
739
740static BOOL
741check_special_case(int eno, ip_address_item *addresses, ip_address_item *ipa,
742 BOOL back)
743{
744ip_address_item *ipa2;
745
746/* For the "back" case, if the failure was "address in use" for a wildcard IPv4
747address, seek a previous IPv6 wildcard address on the same port. As it is
748previous, it must have been successfully bound and be listening. Flag it as a
749"6 including 4" listener. */
750
751if (back)
752 {
753 if (eno != EADDRINUSE || ipa->address[0] != 0) return FALSE;
754 for (ipa2 = addresses; ipa2 != ipa; ipa2 = ipa2->next)
755 {
756 if (ipa2->address[1] == 0 && ipa2->port == ipa->port)
757 {
758 ipa2->v6_include_v4 = TRUE;
759 return TRUE;
760 }
761 }
762 }
763
764/* For the "forward" case, if the current address is a wildcard IPv6 address,
765we seek a following wildcard IPv4 address on the same port. */
766
767else
768 {
769 if (ipa->address[0] != ':' || ipa->address[1] != 0) return FALSE;
770 for (ipa2 = ipa->next; ipa2 != NULL; ipa2 = ipa2->next)
771 if (ipa2->address[0] == 0 && ipa->port == ipa2->port) return TRUE;
772 }
773
774return FALSE;
775}
776
777
778
779
bb6e88ff
PH		 780/*************************************************
781* Handle terminating subprocesses *
782*************************************************/
783
784/* Handle the termination of child processes. Theoretically, this need be done
785only when sigchld_seen is TRUE, but rumour has it that some systems lose
786SIGCHLD signals at busy times, so to be on the safe side, this function is
787called each time round. It shouldn't be too expensive.
788
789Arguments: none
790Returns: nothing
791*/
792
793static void
794handle_ending_processes(void)
795{
796int status;
797pid_t pid;
798
799while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
800 {
801 int i;
802 DEBUG(D_any) debug_printf("child %d ended: status=0x%x\n", (int)pid,
803 status);
804
8e669ac1 805 /* If it's a listening daemon for which we are keeping track of individual
bb6e88ff
PH		 806 subprocesses, deal with an accepting process that has terminated. */
807
808 if (smtp_slots != NULL)
809 {
810 for (i = 0; i < smtp_accept_max; i++)
811 {
812 if (smtp_slots[i].pid == pid)
813 {
814 if (smtp_slots[i].host_address != NULL)
815 store_free(smtp_slots[i].host_address);
816 smtp_slots[i] = empty_smtp_slot;
817 if (--smtp_accept_count < 0) smtp_accept_count = 0;
818 DEBUG(D_any) debug_printf("%d SMTP accept process%s now running\n",
819 smtp_accept_count, (smtp_accept_count == 1)? "" : "es");
820 break;
821 }
822 }
823 if (i < smtp_accept_max) continue; /* Found an accepting process */
824 }
825
826 /* If it wasn't an accepting process, see if it was a queue-runner
827 process that we are tracking. */
828
829 if (queue_pid_slots != NULL)
830 {
831 for (i = 0; i < queue_run_max; i++)
832 {
833 if (queue_pid_slots[i] == pid)
834 {
835 queue_pid_slots[i] = 0;
836 if (--queue_run_count < 0) queue_run_count = 0;
837 DEBUG(D_any) debug_printf("%d queue-runner process%s now running\n",
838 queue_run_count, (queue_run_count == 1)? "" : "es");
839 break;
840 }
841 }
842 }
843 }
844}
845
059ec3d9
PH		 846
847
848/*************************************************
849* Exim Daemon Mainline *
850*************************************************/
851
852/* The daemon can do two jobs, either of which is optional:
853
854(1) Listens for incoming SMTP calls and spawns off a sub-process to handle
855each one. This is requested by the -bd option, with -oX specifying the SMTP
856port on which to listen (for testing).
857
858(2) Spawns a queue-running process every so often. This is controlled by the
859-q option with a an interval time. (If no time is given, a single queue run
860is done from the main function, and control doesn't get here.)
861
862Root privilege is required in order to attach to port 25. Some systems require
863it when calling socket() rather than bind(). To cope with all cases, we run as
864root for both socket() and bind(). Some systems also require root in order to
865write to the pid file directory. This function must therefore be called as root
866if it is to work properly in all circumstances. Once the socket is bound and
867the pid file written, root privilege is given up if there is an exim uid.
868
869There are no arguments to this function, and it never returns. */
870
871void
872daemon_go(void)
873{
874int *listen_sockets = NULL;
875int listen_socket_count = 0;
876ip_address_item *addresses = NULL;
877
878/* If any debugging options are set, turn on the D_pid bit so that all
879debugging lines get the pid added. */
880
881DEBUG(D_any|D_v) debug_selector |= D_pid;
882
883
884/* Do the preparation for setting up a listener on one or more interfaces, and
885possible on various ports. This is controlled by the combination of
886local_interfaces (which can set IP addresses and ports) and daemon_smtp_port
887(which is a list of default ports to use for those items in local_interfaces
888that do not specify a port). The -oX command line option can be used to
889override one or both of these options.
890
891If local_interfaces is not set, the default is to listen on all interfaces.
892When it is set, it can include "all IPvx interfaces" as an item. This is useful
893when different ports are in use.
894
895It turns out that listening on all interfaces is messy in an IPv6 world,
896because several different implementation approaches have been taken. This code
897is now supposed to work with all of them. The point of difference is whether an
898IPv6 socket that is listening on all interfaces will receive incoming IPv4
899calls or not. We also have to cope with the case when IPv6 libraries exist, but
900there is no IPv6 support in the kernel.
901
902. On Solaris, an IPv6 socket will accept IPv4 calls, and give them as mapped
903 addresses. However, if an IPv4 socket is also listening on all interfaces,
904 calls are directed to the appropriate socket.
905
906. On (some versions of) Linux, an IPv6 socket will accept IPv4 calls, and
907 give them as mapped addresses, but an attempt also to listen on an IPv4
908 socket on all interfaces causes an error.
909
910. On OpenBSD, an IPv6 socket will not accept IPv4 calls. You have to set up
911 two sockets if you want to accept both kinds of call.
912
913. FreeBSD is like OpenBSD, but it has the IPV6_V6ONLY socket option, which
914 can be turned off, to make it behave like the versions of Linux described
915 above.
916
917. I heard a report that the USAGI IPv6 stack for Linux has implemented
918 IPV6_V6ONLY.
919
920So, what we do when IPv6 is supported is as follows:
921
922 (1) After it is set up, the list of interfaces is scanned for wildcard
923 addresses. If an IPv6 and an IPv4 wildcard are both found for the same
924 port, the list is re-arranged so that they are together, with the IPv6
925 wildcard first.
926
927 (2) If the creation of a wildcard IPv6 socket fails, we just log the error and
928 carry on if an IPv4 wildcard socket for the same port follows later in the
929 list. This allows Exim to carry on in the case when the kernel has no IPv6
930 support.
931
932 (3) Having created an IPv6 wildcard socket, we try to set IPV6_V6ONLY if that
933 option is defined. However, if setting fails, carry on regardless (but log
934 the incident).
935
936 (4) If binding or listening on an IPv6 wildcard socket fails, it is a serious
937 error.
938
939 (5) If binding or listening on an IPv4 wildcard socket fails with the error
940 EADDRINUSE, and a previous interface was an IPv6 wildcard for the same
941 port (which must have succeeded or we wouldn't have got this far), we
942 assume we are in the situation where just a single socket is permitted,
943 and ignore the error.
944
945Phew!
946
947The preparation code decodes options and sets up the relevant data. We do this
948first, so that we can return non-zero if there are any syntax errors, and also
949write to stderr. */
950
951if (daemon_listen)
952 {
953 int *default_smtp_port;
954 int sep;
955 int pct = 0;
956 uschar *s;
957 uschar *list;
958 uschar *local_iface_source = US"local_interfaces";
959 ip_address_item *ipa;
960 ip_address_item **pipa;
961
962 /* If any option requiring a load average to be available during the
963 reception of a message is set, call os_getloadavg() while we are root
964 for those OS for which this is necessary the first time it is called (in
965 order to perform an "open" on the kernel memory file). */
966
967 #ifdef LOAD_AVG_NEEDS_ROOT
d95f9fdb 968 if (queue_only_load >= 0 || smtp_load_reserve >= 0 ||
8e669ac1 969 (deliver_queue_load_max >= 0 && deliver_drop_privilege))
d95f9fdb 970 (void)os_getloadavg();
059ec3d9
PH		 971 #endif
972
973 /* If -oX was used, disable the writing of a pid file unless -oP was
974 explicitly used to force it. Then scan the string given to -oX. Any items
975 that contain neither a dot nor a colon are used to override daemon_smtp_port.
976 Any other items are used to override local_interfaces. */
977
978 if (override_local_interfaces != NULL)
979 {
980 uschar *new_smtp_port = NULL;
981 uschar *new_local_interfaces = NULL;
982 int portsize = 0;
983 int portptr = 0;
984 int ifacesize = 0;
985 int ifaceptr = 0;
986
987 if (override_pid_file_path == NULL) write_pid = FALSE;
988
989 list = override_local_interfaces;
990 sep = 0;
991 while ((s = string_nextinlist(&list,&sep,big_buffer,big_buffer_size))
992 != NULL)
993 {
994 uschar joinstr[4];
995 uschar **ptr;
996 int *sizeptr;
997 int *ptrptr;
998
999 if (Ustrpbrk(s, ".:") == NULL)
1000 {
1001 ptr = &new_smtp_port;
1002 sizeptr = &portsize;
1003 ptrptr = &portptr;
1004 }
1005 else
1006 {
1007 ptr = &new_local_interfaces;
1008 sizeptr = &ifacesize;
1009 ptrptr = &ifaceptr;
1010 }
1011
1012 if (*ptr == NULL)
1013 {
1014 joinstr[0] = sep;
1015 joinstr[1] = ' ';
1016 *ptr = string_cat(*ptr, sizeptr, ptrptr, US"<", 1);
1017 }
1018
1019 *ptr = string_cat(*ptr, sizeptr, ptrptr, joinstr, 2);
1020 *ptr = string_cat(*ptr, sizeptr, ptrptr, s, Ustrlen(s));
1021 }
1022
1023 if (new_smtp_port != NULL)
1024 {
1025 new_smtp_port[portptr] = 0;
1026 daemon_smtp_port = new_smtp_port;
1027 DEBUG(D_any) debug_printf("daemon_smtp_port overridden by -oX:\n %s\n",
1028 daemon_smtp_port);
1029 }
1030
1031 if (new_local_interfaces != NULL)
1032 {
1033 new_local_interfaces[ifaceptr] = 0;
1034 local_interfaces = new_local_interfaces;
1035 local_iface_source = US"-oX data";
1036 DEBUG(D_any) debug_printf("local_interfaces overridden by -oX:\n %s\n",
1037 local_interfaces);
1038 }
1039 }
1040
1041 /* Create a list of default SMTP ports, to be used if local_interfaces
1042 contains entries without explict ports. First count the number of ports, then
1043 build a translated list in a vector. */
1044
1045 list = daemon_smtp_port;
1046 sep = 0;
1047 while ((s = string_nextinlist(&list,&sep,big_buffer,big_buffer_size)) != NULL)
1048 pct++;
1049 default_smtp_port = store_get((pct+1) * sizeof(int));
1050 list = daemon_smtp_port;
1051 sep = 0;
1052 for (pct = 0;
1053 (s = string_nextinlist(&list,&sep,big_buffer,big_buffer_size)) != NULL;
1054 pct++)
1055 {
1056 if (isdigit(*s))
1057 {
1058 uschar *end;
1059 default_smtp_port[pct] = Ustrtol(s, &end, 0);
1060 if (end != s + Ustrlen(s))
1061 log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "invalid SMTP port: %s", s);
1062 }
1063 else
1064 {
1065 struct servent *smtp_service = getservbyname(CS s, "tcp");
1066 if (smtp_service == NULL)
1067 log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "TCP port \"%s\" not found", s);
1068 default_smtp_port[pct] = ntohs(smtp_service->s_port);
1069 }
1070 }
1071 default_smtp_port[pct] = 0;
1072
1073 /* Create the list of local interfaces, possibly with ports included. This
1074 list may contain references to 0.0.0.0 and ::0 as wildcards. These special
1075 values are converted below. */
1076
1077 addresses = host_build_ifacelist(local_interfaces, local_iface_source);
1078
1079 /* In the list of IP addresses, convert 0.0.0.0 into an empty string, and ::0
1080 into the string ":". We use these to recognize wildcards in IPv4 and IPv6. In
1081 fact, many IP stacks recognize 0.0.0.0 and ::0 and handle them as wildcards
1082 anyway, but we need to know which are the wildcard addresses, and the shorter
1083 strings are neater.
1084
1085 In the same scan, fill in missing port numbers from the default list. When
1086 there is more than one item in the list, extra items are created. */
1087
1088 for (ipa = addresses; ipa != NULL; ipa = ipa->next)
1089 {
1090 int i;
1091
1092 if (Ustrcmp(ipa->address, "0.0.0.0") == 0) ipa->address[0] = 0;
1093 else if (Ustrcmp(ipa->address, "::0") == 0)
1094 {
1095 ipa->address[0] = ':';
1096 ipa->address[1] = 0;
1097 }
1098
1099 if (ipa->port > 0) continue;
1100
1101 if (daemon_smtp_port[0] <= 0)
1102 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "no port specified for interface "
1103 "%s and daemon_smtp_port is unset; cannot start daemon",
1104 (ipa->address[0] == 0)? US"\"all IPv4\"" :
1105 (ipa->address[1] == 0)? US"\"all IPv6\"" : ipa->address);
1106 ipa->port = default_smtp_port[0];
1107 for (i = 1; default_smtp_port[i] > 0; i++)
1108 {
1109 ip_address_item *new = store_get(sizeof(ip_address_item));
1110 memcpy(new->address, ipa->address, Ustrlen(ipa->address) + 1);
1111 new->port = default_smtp_port[i];
1112 new->next = ipa->next;
1113 ipa->next = new;
1114 ipa = new;
1115 }
1116 }
1117
1118 /* Scan the list of addresses for wildcards. If we find an IPv4 and an IPv6
1119 wildcard for the same port, ensure that (a) they are together and (b) the
1120 IPv6 address comes first. This makes handling the messy features easier, and
1121 also simplifies the construction of the "daemon started" log line. */
1122
1123 pipa = &addresses;
1124 for (ipa = addresses; ipa != NULL; pipa = &(ipa->next), ipa = ipa->next)
1125 {
1126 ip_address_item *ipa2;
1127
1128 /* Handle an IPv4 wildcard */
1129
1130 if (ipa->address[0] == 0)
1131 {
1132 for (ipa2 = ipa; ipa2->next != NULL; ipa2 = ipa2->next)
1133 {
1134 ip_address_item *ipa3 = ipa2->next;
1135 if (ipa3->address[0] == ':' &&
1136 ipa3->address[1] == 0 &&
1137 ipa3->port == ipa->port)
1138 {
1139 ipa2->next = ipa3->next;
1140 ipa3->next = ipa;
1141 *pipa = ipa3;
1142 break;
1143 }
1144 }
1145 }
1146
1147 /* Handle an IPv6 wildcard. */
1148
1149 else if (ipa->address[0] == ':' && ipa->address[1] == 0)
1150 {
1151 for (ipa2 = ipa; ipa2->next != NULL; ipa2 = ipa2->next)
1152 {
1153 ip_address_item *ipa3 = ipa2->next;
1154 if (ipa3->address[0] == 0 && ipa3->port == ipa->port)
1155 {
1156 ipa2->next = ipa3->next;
1157 ipa3->next = ipa->next;
1158 ipa->next = ipa3;
1159 ipa = ipa3;
1160 break;
1161 }
1162 }
1163 }
1164 }
1165
1166 /* Get a vector to remember all the sockets in */
1167
1168 for (ipa = addresses; ipa != NULL; ipa = ipa->next)
1169 listen_socket_count++;
1170 listen_sockets = store_get(sizeof(int *) * listen_socket_count);
1171
1172 /* Do a sanity check on the max connects value just to save us from getting
1173 a huge amount of store. */
1174
1175 if (smtp_accept_max > 4095) smtp_accept_max = 4096;
1176
1177 /* There's no point setting smtp_accept_queue unless it is less than the max
1178 connects limit. The configuration reader ensures that the max is set if the
1179 queue-only option is set. */
1180
1181 if (smtp_accept_queue > smtp_accept_max) smtp_accept_queue = 0;
1182
1183 /* Get somewhere to keep the list of SMTP accepting pids if we are keeping
1184 track of them for total number and queue/host limits. */
1185
1186 if (smtp_accept_max > 0)
1187 {
1188 int i;
1189 smtp_slots = store_get(smtp_accept_max * sizeof(smtp_slot));
1190 for (i = 0; i < smtp_accept_max; i++) smtp_slots[i] = empty_smtp_slot;
1191 }
1192 }
1193
76a2d7ba
PH		 1194/* The variable background_daemon is always false when debugging, but
1195can also be forced false in order to keep a non-debugging daemon in the
1196foreground. If background_daemon is true, close all open file descriptors that
1197we know about, but then re-open stdin, stdout, and stderr to /dev/null.
1198
1199This is protection against any called functions (in libraries, or in
1200Perl, or whatever) that think they can write to stderr (or stdout). Before this
1201was added, it was quite likely that an SMTP connection would use one of these
1202file descriptors, in which case writing random stuff to it caused chaos.
1203
1204Then disconnect from the controlling terminal, Most modern Unixes seem to have
1205setsid() for getting rid of the controlling terminal. For any OS that doesn't,
1206setsid() can be #defined as a no-op, or as something else. */
059ec3d9
PH		 1207
1208if (background_daemon)
1209 {
76a2d7ba
PH		 1210 log_close_all(); /* Just in case anything was logged earlier */
1211 search_tidyup(); /* Just in case any were used in reading the config. */
f1e894f3
PH		 1212 (void)close(0); /* Get rid of stdin/stdout/stderr */
1213 (void)close(1);
1214 (void)close(2);
8e669ac1 1215 exim_nullstd(); /* Connect stdin/stdout/stderr to /dev/null */
059ec3d9
PH		 1216 log_stderr = NULL; /* So no attempt to copy paniclog output */
1217
1218 /* If the parent process of this one has pid == 1, we are re-initializing the
8e669ac1 1219 daemon as the result of a SIGHUP. In this case, there is no need to do
76a2d7ba
PH		 1220 anything, because the controlling terminal has long gone. Otherwise, fork, in
1221 case current process is a process group leader (see 'man setsid' for an
1222 explanation) before calling setsid(). */
059ec3d9
PH		 1223
1224 if (getppid() != 1)
1225 {
1226 pid_t pid = fork();
1227 if (pid < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE,
1228 "fork() failed when starting daemon: %s", strerror(errno));
1229 if (pid > 0) exit(EXIT_SUCCESS); /* in parent process, just exit */
1230 (void)setsid(); /* release controlling terminal */
1231 }
1232 }
1233
1234/* We are now in the disconnected, daemon process (unless debugging). Set up
1235the listening sockets if required. */
1236
1237if (daemon_listen)
1238 {
1239 int sk;
1240 int on = 1;
1241 ip_address_item *ipa;
1242
1243 /* For each IP address, create a socket, bind it to the appropriate port, and
1244 start listening. See comments above about IPv6 sockets that may or may not
1245 accept IPv4 calls when listening on all interfaces. We also have to cope with
1246 the case of a system with IPv6 libraries, but no IPv6 support in the kernel.
1247 listening, provided a wildcard IPv4 socket for the same port follows. */
1248
1249 for (ipa = addresses, sk = 0; sk < listen_socket_count; ipa = ipa->next, sk++)
1250 {
1251 BOOL wildcard;
1252 ip_address_item *ipa2;
059ec3d9
PH		 1253 int af;
1254
1255 if (Ustrchr(ipa->address, ':') != NULL)
1256 {
1257 af = AF_INET6;
1258 wildcard = ipa->address[1] == 0;
1259 }
1260 else
1261 {
1262 af = AF_INET;
1263 wildcard = ipa->address[0] == 0;
1264 }
1265
1266 listen_sockets[sk] = ip_socket(SOCK_STREAM, af);
1267 if (listen_sockets[sk] < 0)
1268 {
1269 if (check_special_case(0, addresses, ipa, FALSE))
1270 {
1271 log_write(0, LOG_MAIN, "Failed to create IPv6 socket for wildcard "
1272 "listening (%s): will use IPv4", strerror(errno));
1273 goto SKIP_SOCKET;
1274 }
1275 log_write(0, LOG_PANIC_DIE, "IPv%c socket creation failed: %s",
1276 (af == AF_INET6)? '6' : '4', strerror(errno));
1277 }
1278
1279 /* If this is an IPv6 wildcard socket, set IPV6_V6ONLY if that option is
1280 available. Just log failure (can get protocol not available, just like
1281 socket creation can). */
1282
1283 #ifdef IPV6_V6ONLY
1284 if (af == AF_INET6 && wildcard &&
1285 setsockopt(listen_sockets[sk], IPPROTO_IPV6, IPV6_V6ONLY, (char *)(&on),
1286 sizeof(on)) < 0)
1287 log_write(0, LOG_MAIN, "Setting IPV6_V6ONLY on daemon's IPv6 wildcard "
1288 "socket failed (%s): carrying on without it", strerror(errno));
1289 #endif /* IPV6_V6ONLY */
1290
1291 /* Set SO_REUSEADDR so that the daemon can be restarted while a connection
1292 is being handled. Without this, a connection will prevent reuse of the
1293 smtp port for listening. */
1294
1295 if (setsockopt(listen_sockets[sk], SOL_SOCKET, SO_REUSEADDR,
1296 (uschar *)(&on), sizeof(on)) < 0)
1297 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "setting SO_REUSEADDR on socket "
1298 "failed when starting daemon: %s", strerror(errno));
1299
1300 /* Set TCP_NODELAY; Exim does its own buffering. There is a switch to
1301 disable this because it breaks some broken clients. */
1302
1303 if (tcp_nodelay) setsockopt(listen_sockets[sk], IPPROTO_TCP, TCP_NODELAY,
1304 (uschar *)(&on), sizeof(on));
1305
1306 /* Now bind the socket to the required port; if Exim is being restarted
1307 it may not always be possible to bind immediately, even with SO_REUSEADDR
1308 set, so try 10 times, waiting between each try. After 10 failures, we give
1309 up. In an IPv6 environment, if bind () fails with the error EADDRINUSE and
1310 we are doing wildcard IPv4 listening and there was a previous IPv6 wildcard
1311 address for the same port, ignore the error on the grounds that we must be
1312 in a system where the IPv6 socket accepts both kinds of call. This is
1313 necessary for (some release of) USAGI Linux; other IP stacks fail at the
1314 listen() stage instead. */
1315
1316 for(;;)
1317 {
1318 uschar *msg, *addr;
1319 if (ip_bind(listen_sockets[sk], af, ipa->address, ipa->port) >= 0) break;
1320 if (check_special_case(errno, addresses, ipa, TRUE))
1321 {
1322 DEBUG(D_any) debug_printf("wildcard IPv4 bind() failed after IPv6 "
1323 "listen() success; EADDRINUSE ignored\n");
f1e894f3 1324 (void)close(listen_sockets[sk]);
059ec3d9
PH		 1325 goto SKIP_SOCKET;
1326 }
1327 msg = US strerror(errno);
1328 addr = wildcard? ((af == AF_INET6)? US"(any IPv6)" : US"(any IPv4)") :
1329 ipa->address;
4aee0225 1330 if (daemon_startup_retries <= 0)
059ec3d9
PH		 1331 log_write(0, LOG_MAIN|LOG_PANIC_DIE,
1332 "socket bind() to port %d for address %s failed: %s: "
1333 "daemon abandoned", ipa->port, addr, msg);
1334 log_write(0, LOG_MAIN, "socket bind() to port %d for address %s "
4aee0225
PH		 1335 "failed: %s: waiting %s before trying again (%d more %s)",
1336 ipa->port, addr, msg, readconf_printtime(daemon_startup_sleep),
1337 daemon_startup_retries, (daemon_startup_retries > 1)? "tries" : "try");
1338 daemon_startup_retries--;
1339 sleep(daemon_startup_sleep);
059ec3d9
PH		 1340 }
1341
1342 DEBUG(D_any)
1343 {
1344 if (wildcard)
1345 debug_printf("listening on all interfaces (IPv%c) port %d\n",
1346 (af == AF_INET6)? '6' : '4', ipa->port);
1347 else
1348 debug_printf("listening on %s port %d\n", ipa->address, ipa->port);
1349 }
1350
1351 /* Start listening on the bound socket, establishing the maximum backlog of
1352 connections that is allowed. On success, continue to the next address. */
1353
1354 if (listen(listen_sockets[sk], smtp_connect_backlog) >= 0) continue;
1355
1356 /* Listening has failed. In an IPv6 environment, as for bind(), if listen()
1357 fails with the error EADDRINUSE and we are doing IPv4 wildcard listening
1358 and there was a previous successful IPv6 wildcard listen on the same port,
1359 we want to ignore the error on the grounds that we must be in a system
1360 where the IPv6 socket accepts both kinds of call. */
1361
1362 if (!check_special_case(errno, addresses, ipa, TRUE))
1363 log_write(0, LOG_PANIC_DIE, "listen() failed on interface %s: %s",
1364 wildcard? ((af == AF_INET6)? US"(any IPv6)" : US"(any IPv4)") :
1365 ipa->address,
1366 strerror(errno));
1367
1368 DEBUG(D_any) debug_printf("wildcard IPv4 listen() failed after IPv6 "
1369 "listen() success; EADDRINUSE ignored\n");
f1e894f3 1370 (void)close(listen_sockets[sk]);
059ec3d9
PH		 1371
1372 /* Come here if there has been a problem with the socket which we
1373 are going to ignore. We remove the address from the chain, and back up the
1374 counts. */
1375
1376 SKIP_SOCKET:
1377 sk--; /* Back up the count */
1378 listen_socket_count--; /* Reduce the total */
1379 if (ipa == addresses) addresses = ipa->next; else
1380 {
1381 for (ipa2 = addresses; ipa2->next != ipa; ipa2 = ipa2->next);
1382 ipa2->next = ipa->next;
1383 ipa = ipa2;
1384 }
1385 } /* End of bind/listen loop for each address */
1386 } /* End of setup for listening */
1387
1388
1389/* If we are not listening, we want to write a pid file only if -oP was
1390explicitly given. */
1391
1392else if (override_pid_file_path == NULL) write_pid = FALSE;
1393
1394/* Write the pid to a known file for assistance in identification, if required.
1395We do this before giving up root privilege, because on some systems it is
1396necessary to be root in order to write into the pid file directory. There's
1397nothing to stop multiple daemons running, as long as no more than one listens
1398on a given TCP/IP port on the same interface(s). However, in these
1399circumstances it gets far too complicated to mess with pid file names
1400automatically. Consequently, Exim 4 writes a pid file only
1401
1402 (a) When running in the test harness, or
1403 (b) When -bd is used and -oX is not used, or
1404 (c) When -oP is used to supply a path.
1405
1406The variable daemon_write_pid is used to control this. */
1407
1408if (running_in_test_harness || write_pid)
1409 {
1410 FILE *f;
1411
1412 if (override_pid_file_path != NULL)
1413 pid_file_path = override_pid_file_path;
1414
1415 if (pid_file_path[0] == 0)
1416 pid_file_path = string_sprintf("%s/exim-daemon.pid", spool_directory);
1417
2632889e 1418 f = modefopen(pid_file_path, "wb", 0644);
059ec3d9
PH		 1419 if (f != NULL)
1420 {
ff790e47 1421 (void)fprintf(f, "%d\n", (int)getpid());
ff790e47 1422 (void)fclose(f);
059ec3d9
PH		 1423 DEBUG(D_any) debug_printf("pid written to %s\n", pid_file_path);
1424 }
1425 else
1426 {
1427 DEBUG(D_any)
1428 debug_printf("%s\n", string_open_failed(errno, "pid file %s",
1429 pid_file_path));
1430 }
1431 }
1432
1433/* Set up the handler for SIGHUP, which causes a restart of the daemon. */
1434
1435sighup_seen = FALSE;
1436signal(SIGHUP, sighup_handler);
1437
1438/* Give up root privilege at this point (assuming that exim_uid and exim_gid
1439are not root). The third argument controls the running of initgroups().
1440Normally we do this, in order to set up the groups for the Exim user. However,
1441if we are not root at this time - some odd installations run that way - we
1442cannot do this. */
1443
1444exim_setugid(exim_uid, exim_gid, geteuid()==root_uid, US"running as a daemon");
1445
1446/* Get somewhere to keep the list of queue-runner pids if we are keeping track
1447of them (and also if we are doing queue runs). */
1448
1449if (queue_interval > 0 && queue_run_max > 0)
1450 {
1451 int i;
1452 queue_pid_slots = store_get(queue_run_max * sizeof(pid_t));
1453 for (i = 0; i < queue_run_max; i++) queue_pid_slots[i] = 0;
1454 }
1455
1456/* Set up the handler for termination of child processes. */
1457
1458sigchld_seen = FALSE;
7d468ab8 1459os_non_restarting_signal(SIGCHLD, main_sigchld_handler);
059ec3d9
PH		 1460
1461/* If we are to run the queue periodically, pretend the alarm has just gone
1462off. This will cause the first queue-runner to get kicked off straight away. */
1463
1464sigalrm_seen = (queue_interval > 0);
1465
1466/* Log the start up of a daemon - at least one of listening or queue running
1467must be set up. */
1468
1469if (daemon_listen)
1470 {
1471 int i, j;
1472 int smtp_ports = 0;
1473 int smtps_ports = 0;
1474 ip_address_item *ipa;
1475 uschar *p = big_buffer;
1476 uschar *qinfo = (queue_interval > 0)?
1477 string_sprintf("-q%s", readconf_printtime(queue_interval))
1478 :
1479 US"no queue runs";
1480
1481 /* Build a list of listening addresses in big_buffer, but limit it to 10
1482 items. The style is for backwards compatibility.
1483
1484 It is now possible to have some ports listening for SMTPS (the old,
1485 deprecated protocol that starts TLS without using STARTTLS), and others
1486 listening for standard SMTP. Keep their listings separate. */
1487
1488 for (j = 0; j < 2; j++)
1489 {
1490 for (i = 0, ipa = addresses; i < 10 && ipa != NULL; i++, ipa = ipa->next)
1491 {
1492 /* First time round, look for SMTP ports; second time round, look for
1493 SMTPS ports. For the first one of each, insert leading text. */
1494
1495 if (host_is_tls_on_connect_port(ipa->port) == (j > 0))
1496 {
1497 if (j == 0)
1498 {
1499 if (smtp_ports++ == 0)
1500 {
1501 memcpy(p, "SMTP on", 8);
1502 p += 7;
1503 }
1504 }
1505 else
1506 {
1507 if (smtps_ports++ == 0)
1508 {
1509 (void)sprintf(CS p, "%sSMTPS on",
1510 (smtp_ports == 0)? "":" and for ");
1511 while (*p != 0) p++;
1512 }
1513 }
1514
1515 /* Now the information about the port (and sometimes interface) */
1516
1517 if (ipa->address[0] == ':' && ipa->address[1] == 0)
1518 {
1519 if (ipa->next != NULL && ipa->next->address[0] == 0 &&
1520 ipa->next->port == ipa->port)
1521 {
1522 (void)sprintf(CS p, " port %d (IPv6 and IPv4)", ipa->port);
1523 ipa = ipa->next;
1524 }
1525 else if (ipa->v6_include_v4)
1526 (void)sprintf(CS p, " port %d (IPv6 with IPv4)", ipa->port);
1527 else
1528 (void)sprintf(CS p, " port %d (IPv6)", ipa->port);
1529 }
1530 else if (ipa->address[0] == 0)
1531 (void)sprintf(CS p, " port %d (IPv4)", ipa->port);
1532 else
1533 (void)sprintf(CS p, " [%s]:%d", ipa->address, ipa->port);
1534 while (*p != 0) p++;
1535 }
1536 }
1537
1538 if (ipa != NULL)
1539 {
1540 memcpy(p, " ...", 5);
1541 p += 4;
1542 }
1543 }
1544
1545 log_write(0, LOG_MAIN,
1546 "exim %s daemon started: pid=%d, %s, listening for %s",
1547 version_string, getpid(), qinfo, big_buffer);
1548 set_process_info("daemon: %s, listening for %s", qinfo, big_buffer);
1549 }
1550
1551else
1552 {
1553 log_write(0, LOG_MAIN,
1554 "exim %s daemon started: pid=%d, -q%s, not listening for SMTP",
1555 version_string, getpid(), readconf_printtime(queue_interval));
1556 set_process_info("daemon: -q%s, not listening",
1557 readconf_printtime(queue_interval));
1558 }
1559
1560
1561/* Close the log so it can be renamed and moved. In the few cases below where
1562this long-running process writes to the log (always exceptional conditions), it
1563closes the log afterwards, for the same reason. */
1564
1565log_close_all();
1566
1567DEBUG(D_any) debug_print_ids(US"daemon running with");
1568
1569/* Any messages accepted via this route are going to be SMTP. */
1570
1571smtp_input = TRUE;
1572
1573/* Enter the never-ending loop... */
1574
1575for (;;)
1576 {
1577 #if HAVE_IPV6
1578 struct sockaddr_in6 accepted;
1579 #else
1580 struct sockaddr_in accepted;
1581 #endif
1582
36a3b041 1583 EXIM_SOCKLEN_T len = sizeof(accepted);
059ec3d9
PH		 1584 pid_t pid;
1585
1586 /* This code is placed first in the loop, so that it gets obeyed at the
1587 start, before the first wait. This causes the first queue-runner to be
1588 started immediately. */
1589
1590 if (sigalrm_seen)
1591 {
1592 DEBUG(D_any) debug_printf("SIGALRM received\n");
1593
1594 /* Do a full queue run in a child process, if required, unless we already
1595 have enough queue runners on the go. If we are not running as root, a
1596 re-exec is required. */
1597
1598 if (queue_interval > 0 &&
1599 (queue_run_max <= 0 || queue_run_count < queue_run_max))
1600 {
1601 if ((pid = fork()) == 0)
1602 {
1603 int sk;
8e669ac1 1604
059ec3d9
PH		 1605 DEBUG(D_any) debug_printf("Starting queue-runner: pid %d\n",
1606 (int)getpid());
1607
3d235903 1608 /* Disable debugging if it's required only for the daemon process. We
8e669ac1 1609 leave the above message, because it ties up with the "child ended"
3d235903
PH		 1610 debugging messages. */
1611
1612 if (debug_daemon) debug_selector = 0;
8e669ac1 1613
059ec3d9
PH		 1614 /* Close any open listening sockets in the child */
1615
f1e894f3
PH		 1616 for (sk = 0; sk < listen_socket_count; sk++)
1617 (void)close(listen_sockets[sk]);
059ec3d9
PH		 1618
1619 /* Reset SIGHUP and SIGCHLD in the child in both cases. */
1620
1621 signal(SIGHUP, SIG_DFL);
1622 signal(SIGCHLD, SIG_DFL);
1623
1624 /* Re-exec if privilege has been given up, unless deliver_drop_
1625 privilege is set. Reset SIGALRM before exec(). */
1626
1627 if (geteuid() != root_uid && !deliver_drop_privilege)
1628 {
1629 uschar opt[8];
1630 uschar *p = opt;
1631
1632 signal(SIGALRM, SIG_DFL);
1633 *p++ = '-';
1634 *p++ = 'q';
1635 if (queue_2stage) *p++ = 'q';
1636 if (queue_run_first_delivery) *p++ = 'i';
1637 if (queue_run_force) *p++ = 'f';
1638 if (deliver_force_thaw) *p++ = 'f';
1639 if (queue_run_local) *p++ = 'l';
1640 *p = 0;
1641
1642 (void)child_exec_exim(CEE_EXEC_PANIC, FALSE, NULL, TRUE, 1, opt);
1643 /* Control never returns here. */
1644 }
1645
1646 /* No need to re-exec; SIGALRM remains set to the default handler */
1647
1648 queue_run(NULL, NULL, FALSE);
1649 _exit(EXIT_SUCCESS);
1650 }
1651
1652 if (pid < 0)
1653 {
1654 log_write(0, LOG_MAIN|LOG_PANIC, "daemon: fork of queue-runner "
1655 "process failed: %s", strerror(errno));
1656 log_close_all();
1657 }
1658 else
1659 {
1660 int i;
1661 for (i = 0; i < queue_run_max; ++i)
1662 {
1663 if (queue_pid_slots[i] <= 0)
1664 {
1665 queue_pid_slots[i] = pid;
1666 queue_run_count++;
1667 break;
1668 }
1669 }
1670 DEBUG(D_any) debug_printf("%d queue-runner process%s running\n",
1671 queue_run_count, (queue_run_count == 1)? "" : "es");
1672 }
1673 }
1674
1675 /* Reset the alarm clock */
1676
1677 sigalrm_seen = FALSE;
1678 alarm(queue_interval);
1679 }
1680
1681
1682 /* Sleep till a connection happens if listening, and handle the connection if
1683 that is why we woke up. The FreeBSD operating system requires the use of
1684 select() before accept() because the latter function is not interrupted by
1685 a signal, and we want to wake up for SIGCHLD and SIGALRM signals. Some other
1686 OS do notice signals in accept() but it does no harm to have the select()
1687 in for all of them - and it won't then be a lurking problem for ports to
1688 new OS. In fact, the later addition of listening on specific interfaces only
1689 requires this way of working anyway. */
1690
1691 if (daemon_listen)
1692 {
bb6e88ff 1693 int sk, lcount, select_errno;
059ec3d9
PH		 1694 int max_socket = 0;
1695 BOOL select_failed = FALSE;
1696 fd_set select_listen;
1697
1698 FD_ZERO(&select_listen);
1699 for (sk = 0; sk < listen_socket_count; sk++)
1700 {
1701 FD_SET(listen_sockets[sk], &select_listen);
1702 if (listen_sockets[sk] > max_socket) max_socket = listen_sockets[sk];
1703 }
1704
1705 DEBUG(D_any) debug_printf("Listening...\n");
8e669ac1
PH		 1706
1707 /* In rare cases we may have had a SIGCHLD signal in the time between
1708 setting the handler (below) and getting back here. If so, pretend that the
7d468ab8 1709 select() was interrupted so that we reap the child. This might still leave
8e669ac1 1710 a small window when a SIGCHLD could get lost. However, since we use SIGCHLD
7d468ab8
PH		 1711 only to do the reaping more quickly, it shouldn't result in anything other
1712 than a delay until something else causes a wake-up. */
1713
1714 if (sigchld_seen)
1715 {
1716 lcount = -1;
8e669ac1 1717 errno = EINTR;
7d468ab8
PH		 1718 }
1719 else
8e669ac1 1720 {
7d468ab8
PH		 1721 lcount = select(max_socket + 1, (SELECT_ARG2_TYPE *)&select_listen,
1722 NULL, NULL, NULL);
8e669ac1 1723 }
059ec3d9 1724
7d468ab8 1725 if (lcount < 0)
059ec3d9
PH		 1726 {
1727 select_failed = TRUE;
1728 lcount = 1;
1729 }
8e669ac1
PH		 1730
1731 /* Clean up any subprocesses that may have terminated. We need to do this
1732 here so that smtp_accept_max_per_host works when a connection to that host
1733 has completed, and we are about to accept a new one. When this code was
1734 later in the sequence, a new connection could be rejected, even though an
1735 old one had just finished. Preserve the errno from any select() failure for
bb6e88ff 1736 the use of the common select/accept error processing below. */
8e669ac1 1737
bb6e88ff
PH		 1738 select_errno = errno;
1739 handle_ending_processes();
8e669ac1
PH		 1740 errno = select_errno;
1741
059ec3d9 1742 /* Loop for all the sockets that are currently ready to go. If select
7d468ab8
PH		 1743 actually failed, we have set the count to 1 and select_failed=TRUE, so as
1744 to use the common error code for select/accept below. */
059ec3d9
PH		 1745
1746 while (lcount-- > 0)
1747 {
1748 int accept_socket = -1;
1749 if (!select_failed)
1750 {
1751 for (sk = 0; sk < listen_socket_count; sk++)
1752 {
1753 if (FD_ISSET(listen_sockets[sk], &select_listen))
1754 {
1755 accept_socket = accept(listen_sockets[sk],
1756 (struct sockaddr *)&accepted, &len);
1757 FD_CLR(listen_sockets[sk], &select_listen);
1758 break;
1759 }
1760 }
1761 }
1762
1763 /* If select or accept has failed and this was not caused by an
1764 interruption, log the incident and try again. With asymmetric TCP/IP
1765 routing errors such as "No route to network" have been seen here. Also
1766 "connection reset by peer" has been seen. These cannot be classed as
1767 disastrous errors, but they could fill up a lot of log. The code in smail
1768 crashes the daemon after 10 successive failures of accept, on the grounds
1769 that some OS fail continuously. Exim originally followed suit, but this
1770 appears to have caused problems. Now it just keeps going, but instead of
1771 logging each error, it batches them up when they are continuous. */
1772
1773 if (accept_socket < 0 && errno != EINTR)
1774 {
1775 if (accept_retry_count == 0)
1776 {
1777 accept_retry_errno = errno;
1778 accept_retry_select_failed = select_failed;
1779 }
1780 else
1781 {
1782 if (errno != accept_retry_errno ||
1783 select_failed != accept_retry_select_failed ||
1784 accept_retry_count >= 50)
1785 {
1786 log_write(0, LOG_MAIN | ((accept_retry_count >= 50)? LOG_PANIC : 0),
1787 "%d %s() failure%s: %s",
1788 accept_retry_count,
1789 accept_retry_select_failed? "select" : "accept",
1790 (accept_retry_count == 1)? "" : "s",
1791 strerror(accept_retry_errno));
1792 log_close_all();
1793 accept_retry_count = 0;
1794 accept_retry_errno = errno;
1795 accept_retry_select_failed = select_failed;
1796 }
1797 }
1798 accept_retry_count++;
1799 }
1800
1801 else
1802 {
1803 if (accept_retry_count > 0)
1804 {
1805 log_write(0, LOG_MAIN, "%d %s() failure%s: %s",
1806 accept_retry_count,
1807 accept_retry_select_failed? "select" : "accept",
1808 (accept_retry_count == 1)? "" : "s",
1809 strerror(accept_retry_errno));
1810 log_close_all();
1811 accept_retry_count = 0;
1812 }
1813 }
1814
1815 /* If select/accept succeeded, deal with the connection. */
1816
1817 if (accept_socket >= 0)
1818 handle_smtp_call(listen_sockets, listen_socket_count, accept_socket,
1819 (struct sockaddr *)&accepted);
1820 }
1821 }
1822
1823 /* If not listening, then just sleep for the queue interval. If we woke
1824 up early the last time for some other signal, it won't matter because
1825 the alarm signal will wake at the right time. This code originally used
1826 sleep() but it turns out that on the FreeBSD system, sleep() is not inter-
1827 rupted by signals, so it wasn't waking up for SIGALRM or SIGCHLD. Luckily
1828 select() can be used as an interruptible sleep() on all versions of Unix. */
1829
1830 else
1831 {
1832 struct timeval tv;
1833 tv.tv_sec = queue_interval;
1834 tv.tv_usec = 0;
1835 select(0, NULL, NULL, NULL, &tv);
8e669ac1 1836 handle_ending_processes();
059ec3d9
PH		 1837 }
1838
1839 /* Re-enable the SIGCHLD handler if it has been run. It can't do it
1840 for itself, because it isn't doing the waiting itself. */
1841
1842 if (sigchld_seen)
1843 {
1844 sigchld_seen = FALSE;
7d468ab8 1845 os_non_restarting_signal(SIGCHLD, main_sigchld_handler);
059ec3d9
PH		 1846 }
1847
1848 /* Handle being woken by SIGHUP. We know at this point that the result
1849 of accept() has been dealt with, so we can re-exec exim safely, first
1850 closing the listening sockets so that they can be reused. Cancel any pending
1851 alarm in case it is just about to go off, and set SIGHUP to be ignored so
1852 that another HUP in quick succession doesn't clobber the new daemon before it
1853 gets going. All log files get closed by the close-on-exec flag; however, if
1854 the exec fails, we need to close the logs. */
1855
1856 if (sighup_seen)
1857 {
1858 int sk;
1859 log_write(0, LOG_MAIN, "pid %d: SIGHUP received: re-exec daemon",
1860 getpid());
f1e894f3
PH		 1861 for (sk = 0; sk < listen_socket_count; sk++)
1862 (void)close(listen_sockets[sk]);
059ec3d9
PH		 1863 alarm(0);
1864 signal(SIGHUP, SIG_IGN);
1865 sighup_argv[0] = exim_path;
1866 exim_nullstd();
1867 execv(CS exim_path, (char *const *)sighup_argv);
1868 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "pid %d: exec of %s failed: %s",
1869 getpid(), exim_path, strerror(errno));
1870 log_close_all();
1871 }
1872
1873 } /* End of main loop */
1874
1875/* Control never reaches here */
1876}
1877
1878/* End of exim_daemon.c */
1879
Unnamed repository; edit this file 'description' to name the repository.