main.c revision f53759c12ba7f3a80c9fe277bea4f781f862a3f1
/* Copyright (C) 2002 Timo Sirainen */
#include "common.h"
#include "ioloop.h"
#include "lib-signals.h"
#include "network.h"
#include "env-util.h"
#include "fd-close-on-exec.h"
#include "write-full.h"
#include "askpass.h"
#include "auth-process.h"
#include "capabilities.h"
#include "dict-process.h"
#include "login-process.h"
#include "mail-process.h"
#include "syslog-util.h"
#include "ssl-init.h"
#include "log.h"
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <syslog.h>
#include <sys/stat.h>
static const char *configfile = SYSCONFDIR "/" PACKAGE ".conf";
struct ioloop *ioloop;
int null_fd = -1, inetd_login_fd;
uid_t master_uid;
char program_path[PATH_MAX];
char ssl_manual_key_password[100];
const char *env_tz;
#ifdef DEBUG
bool gdb;
#endif
static void listen_fds_open(bool retry);
static void listen_fds_close(struct server_settings *server);
static void set_logfile(struct settings *set)
{
int facility;
if (*set->log_path == '\0') {
if (!syslog_facility_find(set->syslog_facility, &facility))
facility = LOG_MAIL;
i_set_failure_syslog("dovecot", LOG_NDELAY, facility);
} else {
/* log to file or stderr */
i_set_failure_file(set->log_path, "dovecot: ");
}
if (*set->info_log_path != '\0')
i_set_info_file(set->info_log_path);
i_set_failure_timestamp_format(set->log_timestamp);
}
static void settings_reload(void)
{
struct server_settings *old_set = settings_root;
i_warning("SIGHUP received - reloading configuration");
/* restart auth and login processes */
login_processes_destroy_all();
auth_processes_destroy_all();
dict_process_kill();
if (!master_settings_read(configfile, FALSE, FALSE))
i_warning("Invalid configuration, keeping old one");
else {
if (!IS_INETD()) {
listen_fds_close(old_set);
listen_fds_open(TRUE);
}
set_logfile(settings_root->defaults);
}
}
static void sig_die(int signo, void *context __attr_unused__)
{
/* warn about being killed because of some signal, except SIGINT (^C)
which is too common at least while testing :) */
if (signo != SIGINT)
i_warning("Killed with signal %d", signo);
io_loop_stop(ioloop);
}
static void sig_reload_settings(int signo __attr_unused__,
void *context __attr_unused__)
{
settings_reload();
}
static void sig_reopen_logs(int signo __attr_unused__,
void *context __attr_unused__)
{
set_logfile(settings_root->defaults);
}
static void resolve_ip(const char *set_name, const char *name,
struct ip_addr *ip, unsigned int *port)
{
struct ip_addr *ip_list;
const char *p;
unsigned int ips_count;
int ret;
if (*name == '\0') {
/* defaults to "*" or "[::]" */
ip->family = 0;
return;
}
if (name[0] == '[') {
/* IPv6 address */
p = strchr(name, ']');
if (p == NULL) {
i_fatal("%s: Missing ']' in address %s",
set_name, name);
}
name = t_strdup_until(name+1, p);
p++;
if (*p == '\0')
p = NULL;
else if (*p != ':') {
i_fatal("%s: Invalid data after ']' in address %s",
set_name, name);
}
} else {
p = strrchr(name, ':');
if (p != NULL)
name = t_strdup_until(name, p);
}
if (p != NULL) {
if (!is_numeric(p+1, '\0')) {
i_fatal("%s: Invalid port in address %s",
set_name, name);
}
*port = atoi(p+1);
}
if (strcmp(name, "*") == 0) {
/* IPv4 any */
net_get_ip_any4(ip);
return;
}
if (strcmp(name, "::") == 0) {
/* IPv6 any */
net_get_ip_any6(ip);
return;
}
/* Return the first IP if there happens to be multiple. */
ret = net_gethostbyname(name, &ip_list, &ips_count);
if (ret != 0) {
i_fatal("%s: Can't resolve address %s: %s",
set_name, name, net_gethosterror(ret));
}
if (ips_count < 1)
i_fatal("%s: No IPs for address: %s", set_name, name);
*ip = ip_list[0];
}
static void
check_conflicts_set(const struct settings *set, const struct ip_addr *ip,
unsigned int port, const char *name1, const char *name2)
{
if (set->listen_port == port && net_ip_compare(ip, &set->listen_ip) &&
set->listen_fd > 0) {
i_fatal("Protocols %s and %s are listening in same ip/port",
name1, name2);
}
if (set->ssl_listen_port == port &&
net_ip_compare(ip, &set->ssl_listen_ip) && set->ssl_listen_fd > 0) {
i_fatal("Protocols %ss and %s are listening in same ip/port",
name1, name2);
}
}
static void check_conflicts(const struct ip_addr *ip, unsigned int port,
const char *proto)
{
struct server_settings *server;
for (server = settings_root; server != NULL; server = server->next) {
if (server->imap != NULL) {
check_conflicts_set(server->imap, ip, port,
"imap", proto);
}
if (server->pop3 != NULL) {
check_conflicts_set(server->pop3, ip, port,
"pop3", proto);
}
}
}
static void listen_protocols(struct settings *set, bool retry)
{
struct ip_addr *ip;
const char *const *proto;
unsigned int port;
int *fd, i;
set->listen_port = set->protocol == MAIL_PROTOCOL_IMAP ? 143 : 110;
#ifdef HAVE_SSL
set->ssl_listen_port = set->protocol == MAIL_PROTOCOL_IMAP ? 993 : 995;
#else
set->ssl_listen_port = 0;
#endif
/* resolve */
resolve_ip("listen", set->listen, &set->listen_ip, &set->listen_port);
if (!set->ssl_disable) {
resolve_ip("ssl_listen", set->ssl_listen, &set->ssl_listen_ip,
&set->ssl_listen_port);
}
/* if ssl_listen wasn't explicitly set in the config file,
use the non-ssl IP settings for the ssl listener, too. */
if (set->ssl_listen_ip.family == 0 && *set->ssl_listen == '\0')
set->ssl_listen_ip = set->listen_ip;
/* register wanted protocols */
proto = t_strsplit_spaces(set->protocols, " ");
for (; *proto != NULL; proto++) {
fd = NULL; ip = NULL; port = 0;
if (strcasecmp(*proto, "imap") == 0) {
if (set->protocol == MAIL_PROTOCOL_IMAP) {
fd = &set->listen_fd;
port = set->listen_port;
ip = &set->listen_ip;
}
} else if (strcasecmp(*proto, "imaps") == 0) {
if (set->protocol == MAIL_PROTOCOL_IMAP &&
!set->ssl_disable) {
fd = &set->ssl_listen_fd;
port = set->ssl_listen_port;
ip = &set->ssl_listen_ip;
}
} else if (strcasecmp(*proto, "pop3") == 0) {
if (set->protocol == MAIL_PROTOCOL_POP3) {
fd = &set->listen_fd;
port = set->listen_port;
ip = &set->listen_ip;
}
} else if (strcasecmp(*proto, "pop3s") == 0) {
if (set->protocol == MAIL_PROTOCOL_POP3 &&
!set->ssl_disable) {
fd = &set->ssl_listen_fd;
port = set->ssl_listen_port;
ip = &set->ssl_listen_ip;
}
} else {
i_fatal("Unknown protocol %s", *proto);
}
if (fd == NULL)
continue;
if (*fd != -1)
i_fatal("Protocol %s given more than once", *proto);
if (port == 0)
*fd = null_fd;
else {
for (i = 0; i < 10; i++) {
*fd = net_listen(ip, &port, 8);
if (*fd != -1)
break;
if (errno == EADDRINUSE) {
/* retry */
} else if (errno == EINTR &&
io_loop_is_running(ioloop)) {
/* SIGHUPing sometimes gets us here.
we don't want to die. */
} else {
/* error */
break;
}
check_conflicts(ip, port, *proto);
if (!retry)
break;
/* wait a while and try again. we're SIGHUPing
so we most likely just closed it ourself.. */
sleep(1);
}
if (*fd == -1)
i_fatal("listen(%d) failed: %m", port);
net_set_nonblock(*fd, TRUE);
fd_close_on_exec(*fd, TRUE);
}
}
if (set->listen_fd == -1)
set->listen_fd = null_fd;
if (set->ssl_listen_fd == -1)
set->ssl_listen_fd = null_fd;
}
static void listen_fds_open(bool retry)
{
struct server_settings *server;
for (server = settings_root; server != NULL; server = server->next) {
if (server->imap != NULL)
listen_protocols(server->imap, retry);
if (server->pop3 != NULL)
listen_protocols(server->pop3, retry);
}
}
static void listen_fds_close(struct server_settings *server)
{
for (; server != NULL; server = server->next) {
if (server->imap != NULL) {
if (server->imap->listen_fd != null_fd &&
close(server->imap->listen_fd) < 0)
i_error("close(imap.listen_fd) failed: %m");
if (server->imap->ssl_listen_fd != null_fd &&
close(server->imap->ssl_listen_fd) < 0)
i_error("close(imap.ssl_listen_fd) failed: %m");
}
if (server->pop3 != NULL) {
if (server->pop3->listen_fd != null_fd &&
close(server->pop3->listen_fd) < 0)
i_error("close(pop3.listen_fd) failed: %m");
if (server->pop3->ssl_listen_fd != null_fd &&
close(server->pop3->ssl_listen_fd) < 0)
i_error("close(pop3.ssl_listen_fd) failed: %m");
}
}
}
static bool have_stderr_set(struct settings *set)
{
if (*set->log_path != '\0' &&
strcmp(set->log_path, "/dev/stderr") == 0)
return TRUE;
if (*set->info_log_path != '\0' &&
strcmp(set->info_log_path, "/dev/stderr") == 0)
return TRUE;
return FALSE;
}
static bool have_stderr(struct server_settings *server)
{
while (server != NULL) {
if (server->imap != NULL && have_stderr_set(server->imap))
return TRUE;
if (server->pop3 != NULL && have_stderr_set(server->pop3))
return TRUE;
server = server->next;
}
return FALSE;
}
static void open_null_fd(void)
{
null_fd = open("/dev/null", O_RDONLY);
if (null_fd == -1)
i_fatal("Can't open /dev/null: %m");
fd_close_on_exec(null_fd, TRUE);
}
static void open_fds(void)
{
/* make sure all fds between 0..3 are used. */
while (null_fd < 4) {
null_fd = dup(null_fd);
if (null_fd == -1)
i_fatal("dup(null_fd) failed: %m");
fd_close_on_exec(null_fd, TRUE);
}
if (!IS_INETD())
listen_fds_open(FALSE);
/* close stdin and stdout. */
if (dup2(null_fd, 0) < 0)
i_fatal("dup2(0) failed: %m");
if (dup2(null_fd, 1) < 0)
i_fatal("dup2(1) failed: %m");
}
static void create_pid_file(const char *path)
{
const char *pid;
int fd;
pid = t_strconcat(dec2str(getpid()), "\n", NULL);
fd = open(path, O_WRONLY|O_CREAT|O_TRUNC, 0644);
if (fd == -1)
i_fatal("open(%s) failed: %m", path);
if (write_full(fd, pid, strlen(pid)) < 0)
i_fatal("write() failed in %s: %m", path);
(void)close(fd);
}
static void main_init(bool log_error)
{
drop_capabilities();
/* deny file access from everyone else except owner */
(void)umask(0077);
set_logfile(settings_root->defaults);
/* close stderr unless we're logging into /dev/stderr. */
if (!have_stderr(settings_root)) {
if (dup2(null_fd, 2) < 0)
i_fatal("dup2(2) failed: %m");
}
i_info("Dovecot v"VERSION" starting up");
if (log_error) {
i_warning("This is Dovecot's warning log");
i_error("This is Dovecot's error log");
i_fatal("This is Dovecot's fatal log");
}
lib_signals_init();
lib_signals_set_handler(SIGINT, TRUE, sig_die, NULL);
lib_signals_set_handler(SIGTERM, TRUE, sig_die, NULL);
lib_signals_ignore(SIGPIPE, TRUE);
lib_signals_ignore(SIGALRM, FALSE);
lib_signals_set_handler(SIGHUP, TRUE, sig_reload_settings, NULL);
lib_signals_set_handler(SIGUSR1, TRUE, sig_reopen_logs, NULL);
child_processes_init();
log_init();
ssl_init();
dict_process_init();
auth_processes_init();
login_processes_init();
mail_processes_init();
create_pid_file(t_strconcat(settings_root->defaults->base_dir,
"/master.pid", NULL));
}
static void main_deinit(void)
{
(void)unlink(t_strconcat(settings_root->defaults->base_dir,
"/master.pid", NULL));
login_processes_destroy_all();
/* call process destroy handlers first */
child_processes_deinit();
mail_processes_deinit();
login_processes_deinit();
auth_processes_deinit();
dict_process_deinit();
ssl_deinit();
if (close(null_fd) < 0)
i_error("close(null_fd) failed: %m");
lib_signals_deinit();
log_deinit();
closelog();
}
static void daemonize(struct settings *set)
{
pid_t pid;
pid = fork();
if (pid < 0)
i_fatal("fork() failed: %m");
if (pid != 0)
_exit(0);
if (setsid() < 0)
i_fatal("setsid() failed: %m");
if (chdir(set->base_dir) < 0)
i_fatal("chdir(%s) failed: %m", set->base_dir);
}
static void print_help(void)
{
printf(
"Usage: dovecot [-F] [-c <config file>] [-p] [-n] [-a]\n"
" [--exec-mail <protocol>] [--version] [--build-options]\n");
}
static void print_build_options(void)
{
printf("Build options:"
#ifdef IOLOOP_EPOLL
" ioloop=epoll"
#endif
#ifdef IOLOOP_KQUEUE
" ioloop=kqueue"
#endif
#ifdef IOLOOP_POLL
" ioloop=poll"
#endif
#ifdef IOLOOP_SELECT
" ioloop=select"
#endif
#ifdef IOLOOP_NOTIFY_DNOTIFY
" notify=dnotify"
#endif
#ifdef IOLOOP_NOTIFY_INOTIFY
" notify=inotify"
#endif
#ifdef IOLOOP_NOTIFY_KQUEUE
" notify=kqueue"
#endif
#ifdef HAVE_IPV6
" ipv6"
#endif
#ifdef HAVE_GNUTLS
" gnutls"
#endif
#ifdef HAVE_OPENSSL
" openssl"
#endif
"\nSQL drivers:"
#ifdef BUILD_MYSQL
" mysql"
#endif
#ifdef BUILD_PGSQL
" postgresql"
#endif
#ifdef BUILD_SQLITE
" sqlite"
#endif
"\nPassdb:"
#ifdef PASSDB_BSDAUTH
" bsdauth"
#endif
#ifdef PASSDB_CHECKPASSWORD
" checkpassword"
#endif
#ifdef PASSDB_LDAP
" ldap"
#endif
#ifdef PASSDB_PAM
" pam"
#endif
#ifdef PASSDB_PASSWD
" passwd"
#endif
#ifdef PASSDB_PASSWD_FILE
" passwd-file"
#endif
#ifdef PASSDB_SHADOW
" shadow"
#endif
#ifdef PASSDB_SQL
" sql"
#endif
#ifdef PASSDB_VPOPMAIL
" vpopmail"
#endif
"\nUserdb:"
#ifdef USERDB_CHECKPASSWORD
" checkpassword"
#endif
#ifdef USERDB_LDAP
" ldap"
#endif
#ifdef USERDB_PASSWD
" passwd"
#endif
#ifdef USERDB_PREFETCH
" prefetch"
#endif
#ifdef USERDB_PASSWD_FILE
" passwd-file"
#endif
#ifdef USERDB_SQL
" sql"
#endif
#ifdef USERDB_STATIC
" static"
#endif
#ifdef USERDB_VPOPMAIL
" vpopmail"
#endif
"\n");
}
int main(int argc, char *argv[])
{
/* parse arguments */
const char *exec_protocol = NULL, *exec_section = NULL, *user, *home;
bool foreground = FALSE, ask_key_pass = FALSE, log_error = FALSE;
bool dump_config = FALSE, dump_config_nondefaults = FALSE;
int i;
#ifdef DEBUG
gdb = getenv("GDB") != NULL;
#endif
lib_init();
master_uid = geteuid();
inetd_login_fd = -1;
for (i = 1; i < argc; i++) {
if (strcmp(argv[i], "-F") == 0) {
/* foreground */
foreground = TRUE;
} else if (strcmp(argv[i], "-a") == 0) {
dump_config = TRUE;
} else if (strcmp(argv[i], "-c") == 0) {
/* config file */
i++;
if (i == argc) i_fatal("Missing config file argument");
configfile = argv[i];
} else if (strcmp(argv[i], "-n") == 0) {
dump_config_nondefaults = dump_config = TRUE;
} else if (strcmp(argv[i], "-p") == 0) {
/* Ask SSL private key password */
ask_key_pass = TRUE;
} else if (strcmp(argv[i], "--exec-mail") == 0) {
/* <protocol> [<server section>]
read configuration and execute mail process */
i++;
if (i == argc) i_fatal("Missing protocol argument");
exec_protocol = argv[i];
if (i+1 != argc)
exec_section = argv[++i];
} else if (strcmp(argv[i], "--version") == 0) {
printf("%s\n", VERSION);
return 0;
} else if (strcmp(argv[i], "--build-options") == 0) {
print_build_options();
return 0;
} else if (strcmp(argv[i], "--log-error") == 0) {
log_error = TRUE;
foreground = TRUE;
} else {
print_help();
i_fatal("Unknown argument: %s", argv[1]);
}
}
/* need to have this open before reading settings */
open_null_fd();
if (getenv("DOVECOT_INETD") != NULL) {
/* starting through inetd. */
inetd_login_fd = dup(0);
if (inetd_login_fd == -1)
i_fatal("dup(0) failed: %m");
fd_close_on_exec(inetd_login_fd, TRUE);
foreground = TRUE;
}
if (dump_config) {
/* print the config file path before parsing it, so in case
of errors it's still shown */
printf("# "VERSION": %s\n", configfile);
}
/* read and verify settings before forking */
t_push();
master_settings_init();
if (!master_settings_read(configfile, exec_protocol != NULL,
dump_config))
i_fatal("Invalid configuration in %s", configfile);
t_pop();
if (dump_config) {
master_settings_dump(settings_root, dump_config_nondefaults);
return 0;
}
if (ask_key_pass) {
const char *prompt;
t_push();
prompt = t_strdup_printf("Give the password for SSL key file "
"%s: ",
settings_root->defaults->ssl_key_file);
askpass(prompt, ssl_manual_key_password,
sizeof(ssl_manual_key_password));
t_pop();
}
/* save TZ environment. AIX depends on it to get the timezone
correctly. */
env_tz = getenv("TZ");
user = getenv("USER");
home = getenv("HOME");
/* clean up the environment of everything */
env_clean();
/* put back the TZ */
if (env_tz != NULL)
env_put(t_strconcat("TZ=", env_tz, NULL));
if (exec_protocol != NULL) {
/* Put back user and home */
env_put(t_strconcat("USER=", user, NULL));
env_put(t_strconcat("HOME=", home, NULL));
mail_process_exec(exec_protocol, exec_section);
}
open_fds();
if (!foreground)
daemonize(settings_root->defaults);
ioloop = io_loop_create();
main_init(log_error);
io_loop_run(ioloop);
main_deinit();
master_settings_deinit();
io_loop_destroy(&ioloop);
lib_deinit();
return 0;
}