#include <sm/gen.h>
SM_RCSID("@(#)$Id: listener.c,v 8.126 2009/12/16 16:40:23 ca Exp $")
#include "libmilter.h"
#include <sm/errstring.h>
#include <sys/types.h>
#include <sys/stat.h>
# if NETINET || NETINET6
# include <arpa/inet.h>
# endif
# if SM_CONF_POLL
# undef SM_FD_OK_SELECT
# define SM_FD_OK_SELECT(fd) true
# endif
static smutex_t L_Mutex;
static int L_family;
static SOCKADDR_LEN_T L_socksize;
static socket_t listenfd = INVALID_SOCKET;
static socket_t mi_milteropen __P((char *, int, bool, char *));
#if !_FFR_WORKERS_POOL
static void *mi_thread_handle_wrapper __P((void *));
#endif
int
mi_opensocket(conn, backlog, dbg, rmsocket, smfi)
char *conn;
int backlog;
int dbg;
bool rmsocket;
smfiDesc_ptr smfi;
{
if (smfi == NULL || conn == NULL)
return MI_FAILURE;
if (ValidSocket(listenfd))
return MI_SUCCESS;
if (dbg > 0)
{
smi_log(SMI_LOG_DEBUG,
"%s: Opening listen socket on conn %s",
smfi->xxfi_name, conn);
}
(void) smutex_init(&L_Mutex);
(void) smutex_lock(&L_Mutex);
listenfd = mi_milteropen(conn, backlog, rmsocket, smfi->xxfi_name);
if (!ValidSocket(listenfd))
{
smi_log(SMI_LOG_FATAL,
"%s: Unable to create listening socket on conn %s",
smfi->xxfi_name, conn);
(void) smutex_unlock(&L_Mutex);
return MI_FAILURE;
}
if (!SM_FD_OK_SELECT(listenfd))
{
smi_log(SMI_LOG_ERR, "%s: fd %d is larger than FD_SETSIZE %d",
smfi->xxfi_name, listenfd, FD_SETSIZE);
(void) smutex_unlock(&L_Mutex);
return MI_FAILURE;
}
(void) smutex_unlock(&L_Mutex);
return MI_SUCCESS;
}
#if NETUNIX
static char *sockpath = NULL;
#endif
static socket_t
mi_milteropen(conn, backlog, rmsocket, name)
char *conn;
int backlog;
bool rmsocket;
char *name;
{
socket_t sock;
int sockopt = 1;
int fdflags;
size_t len = 0;
char *p;
char *colon;
char *at;
SOCKADDR addr;
if (conn == NULL || conn[0] == '\0')
{
smi_log(SMI_LOG_ERR, "%s: empty or missing socket information",
name);
return INVALID_SOCKET;
}
(void) memset(&addr, '\0', sizeof addr);
p = conn;
colon = strchr(p, ':');
if (colon != NULL)
{
*colon = '\0';
if (*p == '\0')
{
#if NETUNIX
addr.sa.sa_family = AF_UNIX;
L_socksize = sizeof (struct sockaddr_un);
#else
# if NETINET
addr.sa.sa_family = AF_INET;
L_socksize = sizeof addr.sin;
# else
# if NETINET6
addr.sa.sa_family = AF_INET6;
L_socksize = sizeof addr.sin6;
# else
smi_log(SMI_LOG_ERR,
"%s: no valid socket protocols available",
name);
return INVALID_SOCKET;
# endif
# endif
#endif
}
#if NETUNIX
else if (strcasecmp(p, "unix") == 0 ||
strcasecmp(p, "local") == 0)
{
addr.sa.sa_family = AF_UNIX;
L_socksize = sizeof (struct sockaddr_un);
}
#endif
#if NETINET
else if (strcasecmp(p, "inet") == 0)
{
addr.sa.sa_family = AF_INET;
L_socksize = sizeof addr.sin;
}
#endif
#if NETINET6
else if (strcasecmp(p, "inet6") == 0)
{
addr.sa.sa_family = AF_INET6;
L_socksize = sizeof addr.sin6;
}
#endif
else
{
smi_log(SMI_LOG_ERR, "%s: unknown socket type %s",
name, p);
return INVALID_SOCKET;
}
*colon++ = ':';
}
else
{
colon = p;
#if NETUNIX
addr.sa.sa_family = AF_UNIX;
L_socksize = sizeof (struct sockaddr_un);
#else
# if NETINET
addr.sa.sa_family = AF_INET;
L_socksize = sizeof addr.sin;
# else
# if NETINET6
addr.sa.sa_family = AF_INET6;
L_socksize = sizeof addr.sin6;
# else
smi_log(SMI_LOG_ERR, "%s: unknown socket type %s",
name, p);
return INVALID_SOCKET;
# endif
# endif
#endif
}
#if NETUNIX
if (addr.sa.sa_family == AF_UNIX)
{
# if 0
long sff = SFF_SAFEDIRPATH|SFF_OPENASROOT|SFF_NOLINK|SFF_CREAT|SFF_MUSTOWN;
# endif
at = colon;
len = strlen(colon) + 1;
if (len >= sizeof addr.sunix.sun_path)
{
errno = EINVAL;
smi_log(SMI_LOG_ERR, "%s: UNIX socket name %s too long",
name, colon);
return INVALID_SOCKET;
}
(void) sm_strlcpy(addr.sunix.sun_path, colon,
sizeof addr.sunix.sun_path);
# if 0
errno = safefile(colon, RunAsUid, RunAsGid, RunAsUserName, sff,
S_IRUSR|S_IWUSR, NULL);
if (errno != 0)
{
smi_log(SMI_LOG_ERR,
"%s: UNIX socket name %s unsafe",
name, colon);
return INVALID_SOCKET;
}
# endif
}
#endif
#if NETINET || NETINET6
if (
# if NETINET
addr.sa.sa_family == AF_INET
# endif
# if NETINET && NETINET6
||
# endif
# if NETINET6
addr.sa.sa_family == AF_INET6
# endif
)
{
unsigned short port;
at = strchr(colon, '@');
if (at == NULL)
{
switch (addr.sa.sa_family)
{
# if NETINET
case AF_INET:
addr.sin.sin_addr.s_addr = INADDR_ANY;
break;
# endif
# if NETINET6
case AF_INET6:
addr.sin6.sin6_addr = in6addr_any;
break;
# endif
}
}
else
*at = '\0';
if (isascii(*colon) && isdigit(*colon))
port = htons((unsigned short) atoi(colon));
else
{
# ifdef NO_GETSERVBYNAME
smi_log(SMI_LOG_ERR, "%s: invalid port number %s",
name, colon);
return INVALID_SOCKET;
# else
register struct servent *sp;
sp = getservbyname(colon, "tcp");
if (sp == NULL)
{
smi_log(SMI_LOG_ERR,
"%s: unknown port name %s",
name, colon);
return INVALID_SOCKET;
}
port = sp->s_port;
# endif
}
if (at != NULL)
{
*at++ = '@';
if (*at == '[')
{
char *end;
end = strchr(at, ']');
if (end != NULL)
{
bool found = false;
# if NETINET
unsigned long hid = INADDR_NONE;
# endif
# if NETINET6
struct sockaddr_in6 hid6;
# endif
*end = '\0';
# if NETINET
if (addr.sa.sa_family == AF_INET &&
(hid = inet_addr(&at[1])) != INADDR_NONE)
{
addr.sin.sin_addr.s_addr = hid;
addr.sin.sin_port = port;
found = true;
}
# endif
# if NETINET6
(void) memset(&hid6, '\0', sizeof hid6);
if (addr.sa.sa_family == AF_INET6 &&
mi_inet_pton(AF_INET6, &at[1],
&hid6.sin6_addr) == 1)
{
addr.sin6.sin6_addr = hid6.sin6_addr;
addr.sin6.sin6_port = port;
found = true;
}
# endif
*end = ']';
if (!found)
{
smi_log(SMI_LOG_ERR,
"%s: Invalid numeric domain spec \"%s\"",
name, at);
return INVALID_SOCKET;
}
}
else
{
smi_log(SMI_LOG_ERR,
"%s: Invalid numeric domain spec \"%s\"",
name, at);
return INVALID_SOCKET;
}
}
else
{
struct hostent *hp = NULL;
hp = mi_gethostbyname(at, addr.sa.sa_family);
if (hp == NULL)
{
smi_log(SMI_LOG_ERR,
"%s: Unknown host name %s",
name, at);
return INVALID_SOCKET;
}
addr.sa.sa_family = hp->h_addrtype;
switch (hp->h_addrtype)
{
# if NETINET
case AF_INET:
(void) memmove(&addr.sin.sin_addr,
hp->h_addr,
INADDRSZ);
addr.sin.sin_port = port;
break;
# endif
# if NETINET6
case AF_INET6:
(void) memmove(&addr.sin6.sin6_addr,
hp->h_addr,
IN6ADDRSZ);
addr.sin6.sin6_port = port;
break;
# endif
default:
smi_log(SMI_LOG_ERR,
"%s: Unknown protocol for %s (%d)",
name, at, hp->h_addrtype);
return INVALID_SOCKET;
}
# if NETINET6
freehostent(hp);
# endif
}
}
else
{
switch (addr.sa.sa_family)
{
# if NETINET
case AF_INET:
addr.sin.sin_port = port;
break;
# endif
# if NETINET6
case AF_INET6:
addr.sin6.sin6_port = port;
break;
# endif
}
}
}
#endif
sock = socket(addr.sa.sa_family, SOCK_STREAM, 0);
if (!ValidSocket(sock))
{
smi_log(SMI_LOG_ERR,
"%s: Unable to create new socket: %s",
name, sm_errstring(errno));
return INVALID_SOCKET;
}
if ((fdflags = fcntl(sock, F_GETFD, 0)) == -1 ||
fcntl(sock, F_SETFD, fdflags | FD_CLOEXEC) == -1)
{
smi_log(SMI_LOG_ERR,
"%s: Unable to set close-on-exec: %s", name,
sm_errstring(errno));
(void) closesocket(sock);
return INVALID_SOCKET;
}
if (
#if NETUNIX
addr.sa.sa_family != AF_UNIX &&
#endif
setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *) &sockopt,
sizeof(sockopt)) == -1)
{
smi_log(SMI_LOG_ERR,
"%s: set reuseaddr failed (%s)", name,
sm_errstring(errno));
(void) closesocket(sock);
return INVALID_SOCKET;
}
#if NETUNIX
if (addr.sa.sa_family == AF_UNIX && rmsocket)
{
struct stat s;
if (stat(colon, &s) != 0)
{
if (errno != ENOENT)
{
smi_log(SMI_LOG_ERR,
"%s: Unable to stat() %s: %s",
name, colon, sm_errstring(errno));
(void) closesocket(sock);
return INVALID_SOCKET;
}
}
else if (!S_ISSOCK(s.st_mode))
{
smi_log(SMI_LOG_ERR,
"%s: %s is not a UNIX domain socket",
name, colon);
(void) closesocket(sock);
return INVALID_SOCKET;
}
else if (unlink(colon) != 0)
{
smi_log(SMI_LOG_ERR,
"%s: Unable to remove %s: %s",
name, colon, sm_errstring(errno));
(void) closesocket(sock);
return INVALID_SOCKET;
}
}
#endif
if (bind(sock, &addr.sa, L_socksize) < 0)
{
smi_log(SMI_LOG_ERR,
"%s: Unable to bind to port %s: %s",
name, conn, sm_errstring(errno));
(void) closesocket(sock);
return INVALID_SOCKET;
}
if (listen(sock, backlog) < 0)
{
smi_log(SMI_LOG_ERR,
"%s: listen call failed: %s", name,
sm_errstring(errno));
(void) closesocket(sock);
return INVALID_SOCKET;
}
#if NETUNIX
if (addr.sa.sa_family == AF_UNIX && len > 0)
{
sockpath = (char *) malloc(len);
if (sockpath != NULL)
(void) sm_strlcpy(sockpath, colon, len);
else
{
smi_log(SMI_LOG_ERR,
"%s: can't malloc(%d) for sockpath: %s",
name, (int) len, sm_errstring(errno));
(void) closesocket(sock);
return INVALID_SOCKET;
}
}
#endif
L_family = addr.sa.sa_family;
return sock;
}
#if !_FFR_WORKERS_POOL
static void *
mi_thread_handle_wrapper(arg)
void *arg;
{
return (void *) mi_handle_session(arg);
}
#endif
void
mi_closener()
{
(void) smutex_lock(&L_Mutex);
if (ValidSocket(listenfd))
{
#if NETUNIX
bool removable;
struct stat sockinfo;
struct stat fileinfo;
removable = sockpath != NULL &&
geteuid() != 0 &&
fstat(listenfd, &sockinfo) == 0 &&
(S_ISFIFO(sockinfo.st_mode)
# ifdef S_ISSOCK
|| S_ISSOCK(sockinfo.st_mode)
# endif
);
#endif
(void) closesocket(listenfd);
listenfd = INVALID_SOCKET;
#if NETUNIX
if (sockpath != NULL)
{
if (removable &&
stat(sockpath, &fileinfo) == 0 &&
((fileinfo.st_dev == sockinfo.st_dev &&
fileinfo.st_ino == sockinfo.st_ino)
# ifdef S_ISSOCK
|| S_ISSOCK(fileinfo.st_mode)
# endif
)
&&
(S_ISFIFO(fileinfo.st_mode)
# ifdef S_ISSOCK
|| S_ISSOCK(fileinfo.st_mode)
# endif
))
(void) unlink(sockpath);
free(sockpath);
sockpath = NULL;
}
#endif
}
(void) smutex_unlock(&L_Mutex);
}
#if BROKEN_PTHREAD_SLEEP
# define MI_SLEEP(s) \
{ \
int rs = 0; \
struct timeval st; \
\
st.tv_sec = (s); \
st.tv_usec = 0; \
if (st.tv_sec > 0) \
{ \
for (;;) \
{ \
rs = select(0, NULL, NULL, NULL, &st); \
if (rs < 0 && errno == EINTR) \
continue; \
if (rs != 0) \
{ \
smi_log(SMI_LOG_ERR, \
"MI_SLEEP(): select() returned non-zero result %d, errno = %d", \
rs, errno); \
} \
break; \
} \
} \
}
#else
# define MI_SLEEP(s) sleep((s))
#endif
int
mi_listener(conn, dbg, smfi, timeout, backlog)
char *conn;
int dbg;
smfiDesc_ptr smfi;
time_t timeout;
int backlog;
{
socket_t connfd = INVALID_SOCKET;
#if _FFR_DUP_FD
socket_t dupfd = INVALID_SOCKET;
#endif
int sockopt = 1;
int r, mistop;
int ret = MI_SUCCESS;
int mcnt = 0;
int tcnt = 0;
int acnt = 0;
int scnt = 0;
int save_errno = 0;
#if !_FFR_WORKERS_POOL
sthread_t thread_id;
#endif
_SOCK_ADDR cliaddr;
SOCKADDR_LEN_T clilen;
SMFICTX_PTR ctx;
FD_RD_VAR(rds, excs);
struct timeval chktime;
if (mi_opensocket(conn, backlog, dbg, false, smfi) == MI_FAILURE)
return MI_FAILURE;
#if _FFR_WORKERS_POOL
if (mi_pool_controller_init() == MI_FAILURE)
return MI_FAILURE;
#endif
clilen = L_socksize;
while ((mistop = mi_stop()) == MILTER_CONT)
{
(void) smutex_lock(&L_Mutex);
if (!ValidSocket(listenfd))
{
ret = MI_FAILURE;
smi_log(SMI_LOG_ERR,
"%s: listenfd=%d corrupted, terminating, errno=%d",
smfi->xxfi_name, listenfd, errno);
(void) smutex_unlock(&L_Mutex);
break;
}
FD_RD_INIT(listenfd, rds, excs);
chktime.tv_sec = MI_CHK_TIME;
chktime.tv_usec = 0;
r = FD_RD_READY(listenfd, rds, excs, &chktime);
if (r == 0)
{
(void) smutex_unlock(&L_Mutex);
continue;
}
if (r < 0)
{
save_errno = errno;
(void) smutex_unlock(&L_Mutex);
if (save_errno == EINTR)
continue;
scnt++;
smi_log(SMI_LOG_ERR,
"%s: %s() failed (%s), %s",
smfi->xxfi_name, MI_POLLSELECT,
sm_errstring(save_errno),
scnt >= MAX_FAILS_S ? "abort" : "try again");
MI_SLEEP(scnt);
if (scnt >= MAX_FAILS_S)
{
ret = MI_FAILURE;
break;
}
continue;
}
if (!FD_IS_RD_RDY(listenfd, rds, excs))
{
ret = MI_FAILURE;
(void) smutex_unlock(&L_Mutex);
smi_log(SMI_LOG_ERR,
"%s: %s() returned exception for socket, abort",
smfi->xxfi_name, MI_POLLSELECT);
break;
}
scnt = 0;
(void) memset(&cliaddr, '\0', sizeof cliaddr);
connfd = accept(listenfd, (struct sockaddr *) &cliaddr,
&clilen);
save_errno = errno;
(void) smutex_unlock(&L_Mutex);
if (ValidSocket(connfd) &&
(clilen == 0 ||
# ifdef BSD4_4_SOCKADDR
cliaddr.sa.sa_len == 0 ||
# endif
cliaddr.sa.sa_family != L_family))
{
(void) closesocket(connfd);
connfd = INVALID_SOCKET;
save_errno = EINVAL;
}
if (ValidSocket(connfd) && !SM_FD_OK_SELECT(connfd))
{
(void) closesocket(connfd);
connfd = INVALID_SOCKET;
save_errno = ERANGE;
}
if (!ValidSocket(connfd))
{
if (save_errno == EINTR
#ifdef EAGAIN
|| save_errno == EAGAIN
#endif
#ifdef ECONNABORTED
|| save_errno == ECONNABORTED
#endif
#ifdef EMFILE
|| save_errno == EMFILE
#endif
#ifdef ENFILE
|| save_errno == ENFILE
#endif
#ifdef ENOBUFS
|| save_errno == ENOBUFS
#endif
#ifdef ENOMEM
|| save_errno == ENOMEM
#endif
#ifdef ENOSR
|| save_errno == ENOSR
#endif
#ifdef EWOULDBLOCK
|| save_errno == EWOULDBLOCK
#endif
)
continue;
acnt++;
smi_log(SMI_LOG_ERR,
"%s: accept() returned invalid socket (%s), %s",
smfi->xxfi_name, sm_errstring(save_errno),
acnt >= MAX_FAILS_A ? "abort" : "try again");
MI_SLEEP(acnt);
if (acnt >= MAX_FAILS_A)
{
ret = MI_FAILURE;
break;
}
continue;
}
acnt = 0;
#if _FFR_DUP_FD
dupfd = fcntl(connfd, F_DUPFD, 256);
if (ValidSocket(dupfd) && SM_FD_OK_SELECT(dupfd))
{
close(connfd);
connfd = dupfd;
dupfd = INVALID_SOCKET;
}
#endif
if (setsockopt(connfd, SOL_SOCKET, SO_KEEPALIVE,
(void *) &sockopt, sizeof sockopt) < 0)
{
smi_log(SMI_LOG_WARN,
"%s: set keepalive failed (%s)",
smfi->xxfi_name, sm_errstring(errno));
}
if ((ctx = (SMFICTX_PTR) malloc(sizeof *ctx)) == NULL)
{
(void) closesocket(connfd);
mcnt++;
smi_log(SMI_LOG_ERR, "%s: malloc(ctx) failed (%s), %s",
smfi->xxfi_name, sm_errstring(save_errno),
mcnt >= MAX_FAILS_M ? "abort" : "try again");
MI_SLEEP(mcnt);
if (mcnt >= MAX_FAILS_M)
{
ret = MI_FAILURE;
break;
}
continue;
}
mcnt = 0;
(void) memset(ctx, '\0', sizeof *ctx);
ctx->ctx_sd = connfd;
ctx->ctx_dbg = dbg;
ctx->ctx_timeout = timeout;
ctx->ctx_smfi = smfi;
if (smfi->xxfi_connect == NULL)
ctx->ctx_pflags |= SMFIP_NOCONNECT;
if (smfi->xxfi_helo == NULL)
ctx->ctx_pflags |= SMFIP_NOHELO;
if (smfi->xxfi_envfrom == NULL)
ctx->ctx_pflags |= SMFIP_NOMAIL;
if (smfi->xxfi_envrcpt == NULL)
ctx->ctx_pflags |= SMFIP_NORCPT;
if (smfi->xxfi_header == NULL)
ctx->ctx_pflags |= SMFIP_NOHDRS;
if (smfi->xxfi_eoh == NULL)
ctx->ctx_pflags |= SMFIP_NOEOH;
if (smfi->xxfi_body == NULL)
ctx->ctx_pflags |= SMFIP_NOBODY;
if (smfi->xxfi_version <= 3 || smfi->xxfi_data == NULL)
ctx->ctx_pflags |= SMFIP_NODATA;
if (smfi->xxfi_version <= 2 || smfi->xxfi_unknown == NULL)
ctx->ctx_pflags |= SMFIP_NOUNKNOWN;
#if _FFR_WORKERS_POOL
# define LOG_CRT_FAIL "%s: mi_start_session() failed: %d, %s"
if ((r = mi_start_session(ctx)) != MI_SUCCESS)
#else
# define LOG_CRT_FAIL "%s: thread_create() failed: %d, %s"
if ((r = thread_create(&thread_id,
mi_thread_handle_wrapper,
(void *) ctx)) != 0)
#endif
{
tcnt++;
smi_log(SMI_LOG_ERR,
LOG_CRT_FAIL,
smfi->xxfi_name, r,
tcnt >= MAX_FAILS_T ? "abort" : "try again");
MI_SLEEP(tcnt);
(void) closesocket(connfd);
free(ctx);
if (tcnt >= MAX_FAILS_T)
{
ret = MI_FAILURE;
break;
}
continue;
}
tcnt = 0;
}
if (ret != MI_SUCCESS)
mi_stop_milters(MILTER_ABRT);
else
{
if (mistop != MILTER_CONT)
smi_log(SMI_LOG_INFO, "%s: mi_stop=%d",
smfi->xxfi_name, mistop);
mi_closener();
}
(void) smutex_destroy(&L_Mutex);
return ret;
}
